Cannot login to DC

[Guest]

I have a DC that I cannot access. I am not sure what exactly happened, but I
now get a message at login that indicates that interactive logins are not
allowed. The server is running fine, so I am relunctant to anything rash
right now. I can login in safe mode using the directory rebuild for DCs.

I am curious if I can:
reinstall AD and, subsequently, set this server backup as a DC.
uninstall and add the server to another domain (with an NT DC?).
simply add the server to the other domain.

Thanks!

 

[Herb Martin]

I have a DC that I cannot access. I am not sure what exactly happened, but
I
now get a message at login that indicates that interactive logins are not
allowed. The server is running fine, so I am relunctant to anything rash
right now. I can login in safe mode using the directory rebuild for DCs.

Notice that this is NOT really the same as safe mode:
Directory Service Restore mode uses a "local" admin
account that is NOT in AD, but equivalent to a server
specific user like on a non-DC.

Are you using THE Administrator account for the domain
on the normal login (it shouldn't really be better than any
other admin account but do take that variable out of the
equation.)

Can you logon in any other (true) Safe mode, especially
Safe Mode with Networking?

I am curious if I can:
reinstall AD and, subsequently, set this server backup as a DC.

Well, sure, but that loses the DC/server; this is always possible
but usually not desirable.

uninstall and add the server to another domain (with an NT DC?).
simply add the server to the other domain.

As long as it is not a DC you can certainly do this.

 

[Guest]

Notice that this is NOT really the same as safe mode:
Directory Service Restore mode uses a "local" admin
account that is NOT in AD, but equivalent to a server
specific user like on a non-DC.

Are you using THE Administrator account for the domain
on the normal login (it shouldn't really be better than any
other admin account but do take that variable out of the
equation.)

Yes, I am logging in as administrator.

Can you logon in any other (true) Safe mode, especially
Safe Mode with Networking?

I tried straight Safe Mode and could not login.

Well, sure, but that loses the DC/server; this is always possible
but usually not desirable.

All I want to do is to be able to login to the server and not the domain.
This server has SQL and some Dbs on it. It really did not need to be a DC.

As long as it is not a DC you can certainly do this.

Can I do this to get a login, even with the DC loaded?

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

 

[Herb Martin]

Yes, I am logging in as administrator.

It would be clearer if you would say THE Administrator (with or
without the capitalization.) Or more specifically failing to logon
as the adminster of the domain, but succeeding with the DS restore
(local) administrator account.

I tried straight Safe Mode and could not login.

I took this to mean re-install the DC since you cannot logon
to the DC, you cannot MERELY DCPromo to non-DC.

All I want to do is to be able to login to the server and not the domain.
This server has SQL and some Dbs on it. It really did not need to be a
DC.

The problem is getting you a place to do the DCPromo.

I think I might try a REPAIR INSTALL.

Can you access this machine with any REMOTE tools?

e.g., AD Users and Computers with THIS server specified?
Or any other remote MMC connection to it?

Can I do this to get a login, even with the DC loaded?

That's the issue. You first need to logon to it.

What had you done to it, or Group Policy etc., prior to this
problem?

 

[Guest]

I don't know how the server got to this state (nor does anyone at this
sight). I have been asked if I can fix it. I had hoped that I could simply
uninstall the AD and then reinstall. It has been being able to login that
keeps tripping me up. The amount of down time necessary to reinstall is
available, but would be tight. So ... I am trying to see if there are other
options first.

Yes, I am logging in as administrator.

It would be clearer if you would say THE Administrator (with or
without the capitalization.) Or more specifically failing to logon
as the adminster of the domain, but succeeding with the DS restore
(local) administrator account.

I tried straight Safe Mode and could not login.

I took this to mean re-install the DC since you cannot logon
to the DC, you cannot MERELY DCPromo to non-DC.

All I want to do is to be able to login to the server and not the domain.
This server has SQL and some Dbs on it. It really did not need to be a
DC.

The problem is getting you a place to do the DCPromo.

I think I might try a REPAIR INSTALL.

Can you access this machine with any REMOTE tools?

e.g., AD Users and Computers with THIS server specified?
Or any other remote MMC connection to it?

Can I do this to get a login, even with the DC loaded?

That's the issue. You first need to logon to it.

What had you done to it, or Group Policy etc., prior to this
problem?


--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

 

[Herb Martin]

I don't know how the server got to this state (nor does anyone at this
sight). I have been asked if I can fix it. I had hoped that I could
simply
uninstall the AD and then reinstall. It has been being able to login that
keeps tripping me up. The amount of down time necessary to reinstall is
available, but would be tight. So ... I am trying to see if there are
other
options first.

I always try a REPAIR install before an (unnecessary)
re-install.

Original CDROM--> Install --> choose same directory, AND

Make sure you are OFFERED and SELECT the option to
REPAIR rather than do a "new install."

Since you don't know "how it happened" you must include
virus, trojan, sabatage, damege disk drives, bad upgrades,
or other trashing of the DC, in your thinking about what to
do and how to fix it.

Viruses are actually much rarer than most people think IF
you take good care of your machines but when the machine
has a dubious history all bets are off.

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

:

in
message I have a DC that I cannot access. I am not sure what exactly
happened,
but
I
now get a message at login that indicates that interactive logins
are
not
allowed. The server is running fine, so I am relunctant to anything
rash
right now. I can login in safe mode using the directory rebuild for
DCs.

Notice that this is NOT really the same as safe mode:
Directory Service Restore mode uses a "local" admin
account that is NOT in AD, but equivalent to a server
specific user like on a non-DC.

Are you using THE Administrator account for the domain
on the normal login (it shouldn't really be better than any
other admin account but do take that variable out of the
equation.)

Yes, I am logging in as administrator.

It would be clearer if you would say THE Administrator (with or
without the capitalization.) Or more specifically failing to logon
as the adminster of the domain, but succeeding with the DS restore
(local) administrator account.

Can you logon in any other (true) Safe mode, especially
Safe Mode with Networking?

I tried straight Safe Mode and could not login.
I am curious if I can:
reinstall AD and, subsequently, set this server backup as a DC.

I took this to mean re-install the DC since you cannot logon
to the DC, you cannot MERELY DCPromo to non-DC.

Well, sure, but that loses the DC/server; this is always possible
but usually not desirable.
All I want to do is to be able to login to the server and not the
domain.
This server has SQL and some Dbs on it. It really did not need to be a
DC.

The problem is getting you a place to do the DCPromo.

I think I might try a REPAIR INSTALL.

Can you access this machine with any REMOTE tools?

e.g., AD Users and Computers with THIS server specified?
Or any other remote MMC connection to it?

uninstall and add the server to another domain (with an NT ?).
simply add the server to the other domain.

As long as it is not a DC you can certainly do this.
Can I do this to get a login, even with the DC loaded?

That's the issue. You first need to logon to it.

What had you done to it, or Group Policy etc., prior to this
problem?


--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

 

[Paul Bergson]

You might try doing an rdp to it as the admin. This may work it would be a
different set of permissions (Network as opposed to interactive) to try and
gain access too.

From another machine type mstsc at a command prompt (XP has this available
in the install, others you may have to download the TS client). Once it has
popped up enter the netbios name and attempt to logon.


--

Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA

This posting is provided "AS IS" with no warranties, and confers no rights.

I don't know how the server got to this state (nor does anyone at this
sight). I have been asked if I can fix it. I had hoped that I could
simply
uninstall the AD and then reinstall. It has been being able to login
that
keeps tripping me up. The amount of down time necessary to reinstall is
available, but would be tight. So ... I am trying to see if there are
other
options first.

I always try a REPAIR install before an (unnecessary)
re-install.

Original CDROM--> Install --> choose same directory, AND

Make sure you are OFFERED and SELECT the option to
REPAIR rather than do a "new install."

Since you don't know "how it happened" you must include
virus, trojan, sabatage, damege disk drives, bad upgrades,
or other trashing of the DC, in your thinking about what to
do and how to fix it.

Viruses are actually much rarer than most people think IF
you take good care of your machines but when the machine
has a dubious history all bets are off.

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

message "Herb Martin" wrote:

in
message I have a DC that I cannot access. I am not sure what exactly
happened,
but
I
now get a message at login that indicates that interactive logins
are
not
allowed. The server is running fine, so I am relunctant to
anything
rash
right now. I can login in safe mode using the directory rebuild
for
DCs.

Notice that this is NOT really the same as safe mode:
Directory Service Restore mode uses a "local" admin
account that is NOT in AD, but equivalent to a server
specific user like on a non-DC.

Are you using THE Administrator account for the domain
on the normal login (it shouldn't really be better than any
other admin account but do take that variable out of the
equation.)

Yes, I am logging in as administrator.

It would be clearer if you would say THE Administrator (with or
without the capitalization.) Or more specifically failing to logon
as the adminster of the domain, but succeeding with the DS restore
(local) administrator account.

Can you logon in any other (true) Safe mode, especially
Safe Mode with Networking?

I tried straight Safe Mode and could not login.
I am curious if I can:
reinstall AD and, subsequently, set this server backup as a DC.

I took this to mean re-install the DC since you cannot logon
to the DC, you cannot MERELY DCPromo to non-DC.

Well, sure, but that loses the DC/server; this is always possible
but usually not desirable.
All I want to do is to be able to login to the server and not the
domain.
This server has SQL and some Dbs on it. It really did not need to be
a
DC.

The problem is getting you a place to do the DCPromo.

I think I might try a REPAIR INSTALL.

Can you access this machine with any REMOTE tools?

e.g., AD Users and Computers with THIS server specified?
Or any other remote MMC connection to it?

uninstall and add the server to another domain (with an NT ?).
simply add the server to the other domain.

As long as it is not a DC you can certainly do this.
Can I do this to get a login, even with the DC loaded?

That's the issue. You first need to logon to it.

What had you done to it, or Group Policy etc., prior to this
problem?


--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]