Re: WIN 2000 LOGIN

From: Steven L Umbach (n9rou_at_comcast.net)
Date: 08/30/03 

Date: Sat, 30 Aug 2003 16:35:04 GMT

 NT4 domain members need to find the W2K dc with the pdc fsmo role. The roles should
have transferd during dcpromo, but you should check using dcdiag on one of the domain
controllers looking for any errors. Dcdiag /test:fsmotest /v would give more
detailed info. It would be a good idea to first run netdiag and then dcdiag on both
domain controllers.

Assuming that the pdc fsmo checks out, you need to make sure the NT4 clients can find
the pdc via wins and that network connectivity exists. Check that the pdc is also a
wins client and that it's records are recorded in the wins database as domain
controller and master browser. You can use nbtstat -RR to refresh it's wins records.
Try to ping pdc first by ipaddress and then by netbios name from a NT4 workstation.

If all that checks out, then the pdc fsmo may have security settings in Local
Security policy that are incompaitble with NT4. See link about resetting security
settings to default. You may want to start out by appending /areas security policy
user_rights. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;EN-US;313222

"JUSTIN" <just.in@indiatimes.com> wrote in message
news:02b101c36efc$5533d4e0$a001280a@phx.gbl...
> WE MOVED THE ROLES FROM THE MAIN CONTROLLER COMP1 TO
> OTHER DOMAIN CONTROLLERS COMP2 AND COMP3.AFTER THAT
> EVERYONE CAN WORK FINE.BUT WHEN WE DEMOTED THE COMP1 TO
> MEMBER SERVER ALL WINDOWS NT 4 WORKSTATION PCS CAN'T LOGIN
> TO THE DOMAIN GIVING EVENT ID 3210.
> CAN U HELP ME OUT.