Re: Windows XP machine unable to log onto a Windows 2003 domain; used to have no problem

From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 10/20/03

Next message: Roger Abell: "Re: Windows XP machine unable to log onto a Windows 2003 domain; used to have no problem"
Previous message: Roger Abell: "Re: i receive archives"
In reply to: George Foster: "Re: Windows XP machine unable to log onto a Windows 2003 domain; used to have no problem"
Next in thread: Roger Abell: "Re: Windows XP machine unable to log onto a Windows 2003 domain; used to have no problem"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sun, 19 Oct 2003 18:47:22 -0700

And you are configured to use only the DNS servers that
support the Active Directory, right ? (Guess so or you
would have mentioned the DNS errors in netdiag output).

If when logged in as a local admin you run netdiag and get
those results, it seems to me to be saying that the machine is
not completely joined (if DNS is correct) or has become out
of sync.

In this case, as a local admin you can disjoin from the domain,
that as a domain admin within the domain elsewhere clean up
by deleting the computer object.

-- 
Roger Abell
Microsoft MVP (Windows Server System: Security)
MCSE (W2k3,W2k,Nt4)  MCDBA
"George Foster" <nobody@dufus.net> wrote in message
news:exJa3MmlDHA.3316@tk2msftngp13.phx.gbl...
> netdiag shows Kerberos and trust failures.  I had to logon using the
> computer name instead of the domain.  No user, including admins, can logon
> to this machine into the domain.
>
> Unfortunately, since no user are being recognized, I am unable to remove
it
> from the domain.
>
> Event Log shows Netlogon error ID 3210 and LsaSrv Warning ID 40961,
> signifying that the XP Pro machine is unable to authenticate to either of
my
> Windows 2003 DCs.
>
> I though about removing it from the OU, but it would probably not be a
good
> idea to remove the machine account from the
> OU while the machine still thinks it is a member.
>
> "Roger Abell" <mvpNOSpam@asu.edu> wrote in message
> news:ON4b7allDHA.2140@TK2MSFTNGP09.phx.gbl...
> > Check that the client machine is using _only_ the correct DNS
> > services for the AD infrastructure.
> > On the client, run netdiag from the support\tools optional install
> > and see what errors it shows.
> >
> > -- 
> > Roger Abell
> > Microsoft MVP (Windows Server System: Security)
> > MCSE (W2k3,W2k,Nt4)  MCDBA
> > "Edward W. Ray" <ewray_home@mmicman.com> wrote in message
> > news:OSfSZKalDHA.2272@tk2msftngp13.phx.gbl...
> > > I have a machine which will not log into my Windows 2003 domain.  No
> user
> > > works, including domain admins and enterprise admins.  This has not
been
> a
> > > problem before.  The machine is a member or a Windows 2003 domain, and
> > part
> > > of an organizational unit with other machines which are able to login
to
> > the
> > > domain.
> > >
> > > The security logs on the DCs and the machine in question show no
errors.
> > > The machine itself is authenticated into the domain.  The immediate
> error
> > > which occurs after typing the user name and password is
> > >
> > >                 "Logon error:  The system could not log you on.  Make
> sure
> > > your user name and domain are correct, then type your password again.
> > > Letters in                             password must be typed using
the
> > > correct case."
> > >
> > >
> > > By the speed at which this logon window appears, the fact that other
> > > machines in the same OU have no issues, and the lack of errors in the
> > > security event log on the DCs leads me to believe that this is an
issue
> > with
> > > this machine only.
> > >
> > > If anyone knows how to resolve this issue or knows of a KB article
that
> > > might help, please let me know.
> > >
> > > Regards,
> > >
> > > Edward W. Ray
> > >
> > >
> >
> >
>
>

Next message: Roger Abell: "Re: Windows XP machine unable to log onto a Windows 2003 domain; used to have no problem"
Previous message: Roger Abell: "Re: i receive archives"
In reply to: George Foster: "Re: Windows XP machine unable to log onto a Windows 2003 domain; used to have no problem"
Next in thread: Roger Abell: "Re: Windows XP machine unable to log onto a Windows 2003 domain; used to have no problem"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Deploy Design Question
... "Roger Abell" wrote in message ... > and wrote the first "Windows 2000 DNS" book back ... > Microsoft MVP (Windows Server System: Security) ...
(microsoft.public.windows.server.dns)
Re: ADAM to ADAM Sync setup
... requires full DNS name, ... SDE, DS Admin eXperience ... > joining a configuration set with the poster's configuration he is failing ... >>> of the source server as opposed to say, ...
(microsoft.public.windows.server.active_directory)
Re: Cannot access admin share
... most likely an AUTHENTICATION problem. ... First goal is to prove authentication, and along with it correct DNS ... What happens if you map the drive explicitly with an Admin ... Ensure that every computer uses STRICTLY the internal DNS server ...
(microsoft.public.windows.server.general)
Re: SMS Clients - Workgroup - Not getting policy
... What settings do I need to input into DNS and how do I need to configure them? ... functioning correctly and I'm only having problems with some machines that are in workgroups; and having the same problem with different workgroup machines trying to connect to different SMS primary servers. ... These machines have 0 items in run advertised programs and do not have the sms client configured. ... Windows Server System MVP - SMS ...
(microsoft.public.sms.admin)
=?Utf-8?Q?Re:_Vermutlich_zusammenh=C3=A4ngende_?= =?Utf-8?Q?Probleme_mit_Outlook_2003=2C_IE8
... schon schrieb, bin ich hier kein Admin, so dass ich nicht in alles Einblick ... Unser Admin hat im Moment keine Zeit, ... (Ich frage mich wie die PCs in die Domain kamen ohne DNS.) ... manchen Applicationen ein Featureverlust bis hin zu Performance Problemen. ...
(microsoft.public.de.exchange)