Administrator cant logon to his domain workstation as administrator

[James W. Long]

Dear all:

HELP!

My workstation fell out of the domain and I cant get it back in!
I dont have a clue how it happened. I was trying to get to it
from another client and could not see its files anymore.
Then, I noticed my DC could not see it either.
Then I noticed it would not logon when rebooted.

I can logon to the DC fine,
I can logon to hal9000 in the hal9000 (local) domain fine,
and I can logon to to hal9000.jewelconsulting only IF
IF I turn off the DC or disconnect the cable.

My set up:

1 win2k adv server DC. jewelntserver.jewelconsulting.org (jewelntserver)
10.0.0.50

2 win2k pro client hal9000.jewelconsulting.org (hal9000) 10.0.0.10

3 win2k pro client c18909-f.jewelconsulting.org (c18909-f) 10.0.0.20


The administrator cant login to his own account
(which he has everything on)
on the hal9000 machine as administrator.
hal9000 no longer shows up in AD computers
on the DC.

However....

Turning off the DC or disconnecting the cable from hal9000 allows me
to logon to hal9000 as administrator of jewelconsulting,
but the domain doesnt see me, even if brought up afterwards.
I think hal9000 is operating on a a cached copy in this case.

No domain computers can get to me, the messages are
"no logon server available", when UNC access is tried from them,
and " Hal9000 is not accessable, network path noth found "
when clicked in "my network places" from other computers.

but, I can see other computers from Hal9000 via a UNC reference.
(AHA it works one direction... so the domain DOES know about me).

(also, in hal9000 I can get user profile info on the profiles on it,
and THERE, it lists Jewelconsulting\administrator. so It knows that much,
and the type of that account is "local")

I cant get any account info from the dc while on hal9000 other than that.
no listings of any types of accounts from the dc at all in the
jewelconsulting domain.

when I try to log on to hal9000 with the dc on and all connected up
normally, the
message is: the machine account does not exist on the dc or the password is
incorrect.

I tried adding a new machine in AD , but AD says I cant because a
pre-windows2000
machine is already in use. - (odd, it was native from the get go).
probably a good thing
this did not succede.

I would REALLY like hal9000 to get back into my domain, how do I do it?
can I save my account on hal9000? can I rescue the machine account on the
DC?

This machine has all my stuff.

Thank you in advance to all you bright souls!

James W Long.

 

[Matjaz Ladava [MVP]]

Hi James,

Bebore we start to troubleshoot your problem, it would be goot to check that
your AD is functioning properly. Install support tools from windows server
CD and run dcdiag and netdiag. Also make sure, that all your clients and
servers are pointing to your internal DNS server.
Then try to disjoin your computer from domain and join it again..

--
Regards

Matjaz Ladava
MVP Windows Server - Directory Services
(e-mail address removed), (e-mail address removed)

 

[James W. Long]

Dear Matjaz:
Thanks for comming back to me.

How do these look?



C:\winnt:dcdiag

DC Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial non skippeable tests

Testing server: Default-First-Site-Name\JEWELNTSERVER
Starting test: Connectivity
......................... JEWELNTSERVER passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\JEWELNTSERVER
Starting test: Replications
......................... JEWELNTSERVER passed test Replications
Starting test: NCSecDesc
......................... JEWELNTSERVER passed test NCSecDesc
Starting test: NetLogons
......................... JEWELNTSERVER passed test NetLogons
Starting test: Advertising
Warning: JEWELNTSERVER is not advertising as a time server.
......................... JEWELNTSERVER failed test Advertising
Starting test: KnowsOfRoleHolders
......................... JEWELNTSERVER passed test
KnowsOfRoleHolders
Starting test: RidManager
......................... JEWELNTSERVER passed test RidManager
Starting test: MachineAccount
......................... JEWELNTSERVER passed test MachineAccount
Starting test: Services
NtFrs Service is stopped on [JEWELNTSERVER]
IsmServ Service is stopped on [JEWELNTSERVER]
w32time Service is stopped on [JEWELNTSERVER]
TrkWks Service is stopped on [JEWELNTSERVER]
TrkSvr Service is stopped on [JEWELNTSERVER]
Could not open IISADMIN Service on [JEWELNTSERVER]:failed with
1060:
The specified service does not exist as an installed service.
Could not open SMTPSVC Service on [JEWELNTSERVER]:failed with
1060:
The specified service does not exist as an installed service.
......................... JEWELNTSERVER failed test Services
Starting test: ObjectsReplicated
......................... JEWELNTSERVER passed test
ObjectsReplicated
Starting test: frssysvol
......................... JEWELNTSERVER passed test frssysvol
Starting test: kccevent
......................... JEWELNTSERVER passed test kccevent
Starting test: systemlog
......................... JEWELNTSERVER passed test systemlog

Running enterprise tests on : jewelconsulting.org
Starting test: Intersite
......................... jewelconsulting.org passed test Intersite
Starting test: FsmoCheck
Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error
135
5
A Good Time Server could not be located.
......................... jewelconsulting.org failed test FsmoCheck

C:\winnt:


C:\winnt:netdiag

......................................

Computer Name: JEWELNTSERVER
DNS Host Name: jewelntserver.jewelconsulting.org
System info : Windows 2000 Server (Build 2195)
Processor : x86 Family 6 Model 7 Stepping 2, GenuineIntel
List of installed hotfixes :
KB329115
KB823182
KB823559
KB824105
KB825119
KB826232
KB828035
KB828741
KB828749
KB835732
KB837001
KB839643
KB839643-DirectX9
Q147222
Q828026


Netcard queries test . . . . . . . : Passed



Per interface results:

Adapter : Inside

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : jewelntserver
IP Address . . . . . . . . : 10.0.0.50
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 10.0.0.1
Dns Servers. . . . . . . . : 10.0.0.50


AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Passed

NetBT name test. . . . . . : Passed
[WARNING] At least one of the <00> 'WorkStation Service', <03>
'Messenge
r Service', <20> 'WINS' names is missing.
No remote names have been found.

WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{4FF3543F-F115-4AFC-A4F6-FA94AD7F4675}
1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed
[WARNING] You don't have a single interface with the <00> 'WorkStation
Servi
ce', <03> 'Messenger Service', <20> 'WINS' names defined.


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server
'10.0.0.50'.


Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{4FF3543F-F115-4AFC-A4F6-FA94AD7F4675}
The redir is bound to 1 NetBt transport.

List of NetBt transports currently bound to the browser
NetBT_Tcpip_{4FF3543F-F115-4AFC-A4F6-FA94AD7F4675}
The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Passed
IPSec policy service is active, but no policy is assigned.


The command completed successfully

C:\winnt:



all my clients pint to my internal DNS.
I'm going to try a disjoin and join.
Thanks for the advice.
I'll let you know how it went.

James W. Long

 

[James W. Long]

Dear Matjaz:

Things have gone bad over here.

Dns is running on the DC, as the pings show below.

I started some services to help hal9000 get in but it didnt help.

Hal9000 showed up in "computers" as disabled when I disjoined and
attempted to rejoin, and I then enabled it, on th DC.

but then hal9000 could still not join because it says It cant locate
jewelconsulting.org.

pings of the domain work perfect from hal9000.
pings of the domain work perfect from jewelntserver.

when I try to join hal9000 it gets stuck.

and NOW,,,, now my DC (jewelntserver) is stuck too.

my DC (jewelntserver) cant locate itself to run any of the AD administrative
tools.

This is really bad. I'm not going to touch it until you let me know what I
should do.

Thanks,
James Long

(done on jewelntserver, the DC)
C:\winnting jewelntserver

Pinging jewelntserver.jewelconsulting.org [10.0.0.50] with 32 bytes of data:

Reply from 10.0.0.50: bytes=32 time<10ms TTL=128
Reply from 10.0.0.50: bytes=32 time<10ms TTL=128
Reply from 10.0.0.50: bytes=32 time<10ms TTL=128
Reply from 10.0.0.50: bytes=32 time<10ms TTL=128

Ping statistics for 10.0.0.50:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\winnting jewelconsulting.org

Pinging jewelconsulting.org [10.0.0.50] with 32 bytes of data:

Reply from 10.0.0.50: bytes=32 time<10ms TTL=128
Reply from 10.0.0.50: bytes=32 time<10ms TTL=128
Reply from 10.0.0.50: bytes=32 time<10ms TTL=128
Reply from 10.0.0.50: bytes=32 time<10ms TTL=128

Ping statistics for 10.0.0.50:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\winnting jewelconsulting

Pinging jewelntserver.jewelconsulting.org [10.0.0.50] with 32 bytes of data:

Reply from 10.0.0.50: bytes=32 time<10ms TTL=128
Reply from 10.0.0.50: bytes=32 time<10ms TTL=128
Reply from 10.0.0.50: bytes=32 time<10ms TTL=128
Reply from 10.0.0.50: bytes=32 time<10ms TTL=128

Ping statistics for 10.0.0.50:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\winnt:dcdiag

DC Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial non skippeable tests

Testing server: Default-First-Site-Name\JEWELNTSERVER
Starting test: Connectivity
......................... JEWELNTSERVER passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\JEWELNTSERVER
Starting test: Replications
......................... JEWELNTSERVER passed test Replications
Starting test: NCSecDesc
......................... JEWELNTSERVER passed test NCSecDesc
Starting test: NetLogons
......................... JEWELNTSERVER passed test NetLogons
Starting test: Advertising
Fatal ErrorsGetDcName (JEWELNTSERVER) call failed, error 1355
The Locator could not find the server.
......................... JEWELNTSERVER failed test Advertising
Starting test: KnowsOfRoleHolders
......................... JEWELNTSERVER passed test
KnowsOfRoleHolders
Starting test: RidManager
......................... JEWELNTSERVER passed test RidManager
Starting test: MachineAccount
......................... JEWELNTSERVER passed test MachineAccount
Starting test: Services
NtFrs Service is stopped on [JEWELNTSERVER]
IsmServ Service is stopped on [JEWELNTSERVER]
w32time Service is stopped on [JEWELNTSERVER]
TrkWks Service is stopped on [JEWELNTSERVER]
TrkSvr Service is stopped on [JEWELNTSERVER]
NETLOGON Service is stopped on [JEWELNTSERVER]
Could not open IISADMIN Service on [JEWELNTSERVER]:failed with
1060:
The specified service does not exist as an installed service.
Could not open SMTPSVC Service on [JEWELNTSERVER]:failed with
1060:
The specified service does not exist as an installed service.
......................... JEWELNTSERVER failed test Services
Starting test: ObjectsReplicated
......................... JEWELNTSERVER passed test
ObjectsReplicated
Starting test: frssysvol
......................... JEWELNTSERVER passed test frssysvol
Starting test: kccevent
An Error Event occured. EventID: 0xC0000466
Time Generated: 08/31/2004 22:18:24
(Event String could not be retrieved)
......................... JEWELNTSERVER failed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0xC0001B5B
Time Generated: 08/31/2004 22:03:19
Event String: The Network DDE service depends on the following
An Error Event occured. EventID: 0xC0000021
Time Generated: 08/31/2004 22:04:33
(Event String could not be retrieved)
......................... JEWELNTSERVER failed test systemlog

Running enterprise tests on : jewelconsulting.org
Starting test: Intersite
......................... jewelconsulting.org passed test Intersite
Starting test: FsmoCheck
Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
A Global Catalog Server could not be located - All GC's are down.
Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355
A Primary Domain Controller could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error
135
5
A Good Time Server could not be located.
Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355
A KDC could not be located - All the KDCs are down.
......................... jewelconsulting.org failed test FsmoCheck

C:\winnt: