Re: Domain unavailable for some logons

From: Steven L Umbach (n9rou_at_n0-spam-for-me-comcast.net)
Date: 10/28/05 

Date: Thu, 27 Oct 2005 18:09:32 -0500

Hmm. Logon to that computer with a domain account that you can and run the
support tool netdiag on it to see if any problems are found with dns, dc
discovery, domain membership, or trust/secure channel and post the results
in a reply here. Also run netdiag on the domain controller. The error
message usually means there is a problem finding or contacting the domain
controller. --- Steve

"zuke" <lgilmore@NO_SPAMrainbowgrocery.net> wrote in message
news:OkNR6%23y2FHA.472@TK2MSFTNGP15.phx.gbl...
>I can ping the DC's FQDN from the laptop over the air.
>
> RE: logging on with cached credentials, I was guessing that too, but it is
> strange that one of the user logons that returns the "..domain
> unavailable" complaint has logged on to this machine many times over the
> wire and so also should have cached credentials.
>
> I have no DHCP servers and yes, the routers' DHCP has been disabled..
>
> My client hosts' preferred DNS server settings already point to my two DNS
> servers(one primary, the other a backup), and NOT to the ISP.
>
> Regards,
> Zuke
>
> "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
> news:%23zj4zon2FHA.1396@TK2MSFTNGP15.phx.gbl...
>> You probably have a dns problem and the computer that you can not logon
>> to with the domain account can not find the domain controller. My guess
>> is that the reason you can logon with some accounts is because you are
>> logging on with "cached" domain credentials which is enabled by default.
>> Try pinging the domain controller by it's fully qualified domain name to
>> see what happens, run the support tool netdiag on that domain computer
>> and the domain controller, and use Event Viewer to check the logs on the
>> domain computer and domain controller. The link below shows how dns MUST
>> be configured for an AD domain to work correctly and NEVER configure any
>> domain computer to use the IP address of an ISP dns server as a preferred
>> dns server anywhere in the list. You can however configure your domain
>> controller/dns server to forward to your ISP dns server so that all
>> domain computers can resolved internet names as explained in the KB dns
>> article. Make sure that DHCP is disabled on your router device so that
>> only your domain controller is used for DHCP. You can use the command
>> ipconfig /all on any computer to see the current IP configuration and
>> what computer/device is acting as the DHCP server. You only need to
>> configure your DHCP scope or manually configure computers with static IP
>> addresses like your domain controller to use the IP of your router as the
>> default gateway. --- Steve
>>
>> http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B291382 ---
>> AD dns FAQ.
>> http://support.microsoft.com/default.aspx?scid=kb;en-us;321708 ---
>> Netdiag
>> http://support.microsoft.com/kb/301423/ --- how to install support tools
>>
>> "zuke" <lgilmore@NO_SPAMrainbowgrocery.net> wrote in message
>> news:uT%23lJKn2FHA.3744@TK2MSFTNGP10.phx.gbl...
>>> Hello,
>>>
>>> I've got a W2K AD network with static IP addresses all round. I use just
>>> a couple logon accounts for most of the 25 PC's. I have a couple logons
>>> for individuals.
>>>
>>> I just set up a Linksys WRT54G wireless router/access point behid my
>>> firewall. I set it up using WPA/AES, the network is bridged, not routed
>>> (as in a gateway). I have, at the moment, just one laptop with wireless
>>> enabled, with an Atheros WiFi chip and using the Atheros driver. I have
>>> physical connectivity. I can log onto the domain with my
>>> Enterprise/Domain Admin account. I can log on with just one of my
>>> Domain/User accounts.
>>>
>>> Other Domain/User accounts return the following message at the logon
>>> prompt:
>>> "This system cannot log you on now because the Domain "X" is not
>>> available"
>>>
>>> But I can just enter my Domain/Admin logon account or the one
>>> Domain/User account and it logs on, no error. If I use the incorrect
>>> password I get the usual suggestion to "check my user name and
>>> password".
>>>
>>> Any suggestions?
>>>
>>> Zuke
>>>
>>
>>
>
>

Relevant Pages

  • Re: Domain unavailable for some logons
    ... You probably have a dns problem and the computer that you can not logon to ... with the domain account can not find the domain controller. ... > couple logon accounts for most of the 25 PC's. ...
    (microsoft.public.win2000.security)
  • Re: Utility to identify DCs
    ... Logon problems are usually BAD DNS configuration, ... Make sure that every domain controller has its DNS properties under NIC ...
    (microsoft.public.win2000.active_directory)
  • Re: Account lockouts help
    ... If that is the case I really doubt you have an issue with dns, replication, ... >> computer and a Windows 2003 domain controller in a normal configuration ... >> having problems I would suggest that you run the support tool netdiag on ... >> and run the support tools netdiag, dcdiag, and gpotool on your domain ...
    (microsoft.public.security)
  • Re: excessive logon time
    ... If you do ipconfig /all on the client where does the DNS IP point at? ... How about DNS on the domain controller? ... When I then logoff and logon to the same PC as user 2, ...
    (microsoft.public.windows.server.general)
  • Re: Group Policy issue and Solution?
    ... pointing to itself if AD had replicated properly and it's own dns zone ... For each additional domain controller that is running DNS, ... able to logon with GP not applying, I do not know of a way to do such. ... >> and then itself in it's list of preferred dns servers. ...
    (microsoft.public.windows.group_policy)