Re: Windows XP machine unable to log onto a Windows 2003 domain; used to have no problem

From: George Foster (nobody_at_dufus.net)
Date: 10/19/03 

Date: Sun, 19 Oct 2003 10:05:23 -0700

netdiag shows Kerberos and trust failures. I had to logon using the
computer name instead of the domain. No user, including admins, can logon
to this machine into the domain.

Unfortunately, since no user are being recognized, I am unable to remove it
from the domain.

Event Log shows Netlogon error ID 3210 and LsaSrv Warning ID 40961,
signifying that the XP Pro machine is unable to authenticate to either of my
Windows 2003 DCs.

I though about removing it from the OU, but it would probably not be a good
idea to remove the machine account from the
OU while the machine still thinks it is a member.

"Roger Abell" <mvpNOSpam@asu.edu> wrote in message
news:ON4b7allDHA.2140@TK2MSFTNGP09.phx.gbl...
> Check that the client machine is using _only_ the correct DNS
> services for the AD infrastructure.
> On the client, run netdiag from the support\tools optional install
> and see what errors it shows.
>
> --
> Roger Abell
> Microsoft MVP (Windows Server System: Security)
> MCSE (W2k3,W2k,Nt4) MCDBA
> "Edward W. Ray" <ewray_home@mmicman.com> wrote in message
> news:OSfSZKalDHA.2272@tk2msftngp13.phx.gbl...
> > I have a machine which will not log into my Windows 2003 domain. No
user
> > works, including domain admins and enterprise admins. This has not been
a
> > problem before. The machine is a member or a Windows 2003 domain, and
> part
> > of an organizational unit with other machines which are able to login to
> the
> > domain.
> >
> > The security logs on the DCs and the machine in question show no errors.
> > The machine itself is authenticated into the domain. The immediate
error
> > which occurs after typing the user name and password is
> >
> > "Logon error: The system could not log you on. Make
sure
> > your user name and domain are correct, then type your password again.
> > Letters in password must be typed using the
> > correct case."
> >
> >
> > By the speed at which this logon window appears, the fact that other
> > machines in the same OU have no issues, and the lack of errors in the
> > security event log on the DCs leads me to believe that this is an issue
> with
> > this machine only.
> >
> > If anyone knows how to resolve this issue or knows of a KB article that
> > might help, please let me know.
> >
> > Regards,
> >
> > Edward W. Ray
> >
> >
>
>

Relevant Pages

  • Re: intermittent problems with software install via GPO
    ... netdiag on one of the problem machines. ... > No Domain Controller is available for domain LONGWOOD due to the ... > There are currently no logon servers available to service the logon ...
    (microsoft.public.win2000.security)
  • Re: LDAP query failing
    ... for logon is and then modify your search to look for that if it ... > Any suggestions for options other than sAMAccountName to allow users to ... >> you need to speak to your AD admins and find a good search base ... >> to be using in your LDAP URL; you need to find where the user accounts ...
    (microsoft.public.windows.server.active_directory)
  • Re: "Wait for network" policy ignored by XP client
    ... If there are no apparent failures in the NETDIAG report we can look at the ... USERENV.LOG taken as you logon and reproduce the problem. ... >> an affected client and search for 'fail'. ...
    (microsoft.public.win2000.group_policy)
  • Re: RDP/TS GPO Settings - Users unable to logon
    ... Most likely the helpdesk guys are logging on to a domain controller. ... Logging in to a domain controller is restricted to Admins and Backup ... Others will be denied because they are not allowed to logon locally ...
    (microsoft.public.windows.server.active_directory)
  • Re: Local Logon To Domain Controller
    ... That dose this administrators out to PCs have to do? ... PC Admins or what ever you want. ... >>> Server machine itself. ... >>logon locally on DCs. ...
    (microsoft.public.win2000.active_directory)