Can't log in after joining Domain

[Guest]

I had to reload a windows 2000 server. The system was
having problems so I backed up the necessary info and
ran a new install. Everything is working fine from the
server end, but my clients that were part of the domain
before will not login. I assume it's because the domain name is the same as
before so I joined them to a workgroup and then back to the domain. They
join fine, but when I restart and try to login a message pops up that it
can't load
the user's profile and is logging in with a default profile.
I have access to all network shares. What am I missing?
Thanks for your help in advance. Tom

 

[Steven L Umbach]

If the server was a domain controller, the only domain controller, and you
did not restore Active Directory from a System State backup then you will
have to start all over. My guess is that the original profiles for domain
users no longer work because they do not have permissions to the profiles
since the user name may be the same for the domain but as far as the
operating system is concerned they are different because the operating
system keeps track of users by their "sid" which changed with the new domain
install. You could verify that by taking ownership of a users profile as
local administrator and looking at the permissions to a users profile
folder. If you see a long number instead of name then that is the problem.
You can try to delete the profile [along with their my documents folder and
emails however which you really may NOT want to do] and then they will get a
new base profile when they logon to the computer based on the default
profile or you can give them permissions to the original profile with a
command line tool like fileacl which can still allow them to remain owner or
give them new user names and copy the original profile over to their new
profile by logging on as a local administrator to do such using System
Properties/profiles. --- Steve

 

[Guest]

Thanks for the info. The DC is the only one and I have started all over with
AD. I have only created a few new users to try functionality and the login
names are different than before. The secondary server which is also windows
2000 joined and logs in fine using any of the users that I have created, but
the Windows XP clients won't login. I did delete the copy of the local
profiles on the client machines because I thought there might be a conflict.
In AD I don't have anything specified for the profile location although I
will be setting up a mandatory profile for the students once I get the staff
working. Thanks, Tom

If the server was a domain controller, the only domain controller, and you
did not restore Active Directory from a System State backup then you will
have to start all over. My guess is that the original profiles for domain
users no longer work because they do not have permissions to the profiles
since the user name may be the same for the domain but as far as the
operating system is concerned they are different because the operating
system keeps track of users by their "sid" which changed with the new domain
install. You could verify that by taking ownership of a users profile as
local administrator and looking at the permissions to a users profile
folder. If you see a long number instead of name then that is the problem.
You can try to delete the profile [along with their my documents folder and
emails however which you really may NOT want to do] and then they will get a
new base profile when they logon to the computer based on the default
profile or you can give them permissions to the original profile with a
command line tool like fileacl which can still allow them to remain owner or
give them new user names and copy the original profile over to their new
profile by logging on as a local administrator to do such using System
Properties/profiles. --- Steve

I had to reload a windows 2000 server. The system was
having problems so I backed up the necessary info and
ran a new install. Everything is working fine from the
server end, but my clients that were part of the domain
before will not login. I assume it's because the domain name is the same
as
before so I joined them to a workgroup and then back to the domain. They
join fine, but when I restart and try to login a message pops up that it
can't load
the user's profile and is logging in with a default profile.
I have access to all network shares. What am I missing?
Thanks for your help in advance. Tom

 

[Lanwench [MVP - Exchange]]

Thanks for the info. The DC is the only one and I have started all
over with AD. I have only created a few new users to try
functionality and the login names are different than before. The
secondary server which is also windows 2000 joined and logs in fine
using any of the users that I have created, but the Windows XP
clients won't login. I did delete the copy of the local profiles on
the client machines because I thought there might be a conflict. In
AD I don't have anything specified for the profile location although
I will be setting up a mandatory profile for the students once I get
the staff working. Thanks, Tom

If you create a brand new user to test with, and have added a computer to
the new domain and aren't getting any errors when you log in locally or as
domain admin, try logging in as the user and see what happens.

In the future, if you need to do something like this again, you should
install another DC first and transfer the FSMO roles to it before
touching/reinstalling the older server. Since you have another W2k server
already, you could have run dcpromo on it & transferred the roles to it,
unless you didn't want it to be a DC for some reason.

If the server was a domain controller, the only domain controller,
and you did not restore Active Directory from a System State backup
then you will have to start all over. My guess is that the original
profiles for domain users no longer work because they do not have
permissions to the profiles since the user name may be the same for
the domain but as far as the operating system is concerned they are
different because the operating system keeps track of users by their
"sid" which changed with the new domain install. You could verify
that by taking ownership of a users profile as local administrator
and looking at the permissions to a users profile folder. If you see
a long number instead of name then that is the problem. You can try
to delete the profile [along with their my documents folder and
emails however which you really may NOT want to do] and then they
will get a new base profile when they logon to the computer based on
the default profile or you can give them permissions to the original
profile with a command line tool like fileacl which can still allow
them to remain owner or give them new user names and copy the
original profile over to their new profile by logging on as a local
administrator to do such using System Properties/profiles. ---
Steve

I had to reload a windows 2000 server. The system was
having problems so I backed up the necessary info and
ran a new install. Everything is working fine from the
server end, but my clients that were part of the domain
before will not login. I assume it's because the domain name is
the same as
before so I joined them to a workgroup and then back to the domain.
They join fine, but when I restart and try to login a message pops
up that it can't load
the user's profile and is logging in with a default profile.
I have access to all network shares. What am I missing?
Thanks for your help in advance. Tom

 

[Steven L Umbach]

Thanks for the info. The DC is the only one and I have started all over
with
AD. I have only created a few new users to try functionality and the
login
names are different than before. The secondary server which is also
windows
2000 joined and logs in fine using any of the users that I have created,
but
the Windows XP clients won't login. I did delete the copy of the local
profiles on the client machines because I thought there might be a
conflict.
In AD I don't have anything specified for the profile location although I
will be setting up a mandatory profile for the students once I get the
staff
working. Thanks, Tom

If the server was a domain controller, the only domain controller, and
you
did not restore Active Directory from a System State backup then you will
have to start all over. My guess is that the original profiles for domain
users no longer work because they do not have permissions to the profiles
since the user name may be the same for the domain but as far as the
operating system is concerned they are different because the operating
system keeps track of users by their "sid" which changed with the new
domain
install. You could verify that by taking ownership of a users profile as
local administrator and looking at the permissions to a users profile
folder. If you see a long number instead of name then that is the
problem.
You can try to delete the profile [along with their my documents folder
and
emails however which you really may NOT want to do] and then they will
get a
new base profile when they logon to the computer based on the default
profile or you can give them permissions to the original profile with a
command line tool like fileacl which can still allow them to remain owner
or
give them new user names and copy the original profile over to their new
profile by logging on as a local administrator to do such using System
Properties/profiles. --- Steve

I had to reload a windows 2000 server. The system was
having problems so I backed up the necessary info and
ran a new install. Everything is working fine from the
server end, but my clients that were part of the domain
before will not login. I assume it's because the domain name is the
same
as
before so I joined them to a workgroup and then back to the domain.
They
join fine, but when I restart and try to login a message pops up that
it
can't load
the user's profile and is logging in with a default profile.
I have access to all network shares. What am I missing?
Thanks for your help in advance. Tom

 

[Steven L Umbach]

What do you mean by Windows XP clients won't login?? Exactly what happens
and what error messages to you get? It might be a problem with the XP
Clients not being joined to the domain or network connectivity. A common
problem is dns misconfiguration. Make sure your domain controller is
pointing to itself and the domain computers are pointing to the domain
controller as their preferred dns server and as shown via Ipconfig /all.
With the XP clients make sure you disable the built in ICF firewall at least
until things work correctly. Also you should be using XP with Service Pack 2
by now unless you have a real compelling reason not to. It has fixed a lot
of problems/bugs that existed in XP including problems with SMB signing. See
the link below to make sure your dns is up to snuff and keep in mind that
the support tools netdiag and dcdiag [for domain controllers] can be of
great help in tracking down networking and domain configuration
roblems. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;291382

Thanks for the info. The DC is the only one and I have started all over
with
AD. I have only created a few new users to try functionality and the
login
names are different than before. The secondary server which is also
windows
2000 joined and logs in fine using any of the users that I have created,
but
the Windows XP clients won't login. I did delete the copy of the local
profiles on the client machines because I thought there might be a
conflict.
In AD I don't have anything specified for the profile location although I
will be setting up a mandatory profile for the students once I get the
staff
working. Thanks, Tom

If the server was a domain controller, the only domain controller, and
you
did not restore Active Directory from a System State backup then you will
have to start all over. My guess is that the original profiles for domain
users no longer work because they do not have permissions to the profiles
since the user name may be the same for the domain but as far as the
operating system is concerned they are different because the operating
system keeps track of users by their "sid" which changed with the new
domain
install. You could verify that by taking ownership of a users profile as
local administrator and looking at the permissions to a users profile
folder. If you see a long number instead of name then that is the
problem.
You can try to delete the profile [along with their my documents folder
and
emails however which you really may NOT want to do] and then they will
get a
new base profile when they logon to the computer based on the default
profile or you can give them permissions to the original profile with a
command line tool like fileacl which can still allow them to remain owner
or
give them new user names and copy the original profile over to their new
profile by logging on as a local administrator to do such using System
Properties/profiles. --- Steve

I had to reload a windows 2000 server. The system was
having problems so I backed up the necessary info and
ran a new install. Everything is working fine from the
server end, but my clients that were part of the domain
before will not login. I assume it's because the domain name is the
same
as
before so I joined them to a workgroup and then back to the domain.
They
join fine, but when I restart and try to login a message pops up that
it
can't load
the user's profile and is logging in with a default profile.
I have access to all network shares. What am I missing?
Thanks for your help in advance. Tom

 

[Guest]

Well..I get a message that "Windows cannot load the user's profile but has
logged you on with the default profile for the system. DETAIL-The system
cannot find the files specified." I have the server pointing to itself for
dns and all of the clients are pointing to the server for dns.
I have XP SP2 running on the clients as well. When I initially joined the
secondary server to the domain I hadn't setup an administrator password yet.
I don't know why that would make a difference, but now that I think about it
it's the only thing that I have changed since. Thanks for your time.

What do you mean by Windows XP clients won't login?? Exactly what happens
and what error messages to you get? It might be a problem with the XP
Clients not being joined to the domain or network connectivity. A common
problem is dns misconfiguration. Make sure your domain controller is
pointing to itself and the domain computers are pointing to the domain
controller as their preferred dns server and as shown via Ipconfig /all.
With the XP clients make sure you disable the built in ICF firewall at least
until things work correctly. Also you should be using XP with Service Pack 2
by now unless you have a real compelling reason not to. It has fixed a lot
of problems/bugs that existed in XP including problems with SMB signing. See
the link below to make sure your dns is up to snuff and keep in mind that
the support tools netdiag and dcdiag [for domain controllers] can be of
great help in tracking down networking and domain configuration
roblems. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;291382

Thanks for the info. The DC is the only one and I have started all over
with
AD. I have only created a few new users to try functionality and the
login
names are different than before. The secondary server which is also
windows
2000 joined and logs in fine using any of the users that I have created,
but
the Windows XP clients won't login. I did delete the copy of the local
profiles on the client machines because I thought there might be a
conflict.
In AD I don't have anything specified for the profile location although I
will be setting up a mandatory profile for the students once I get the
staff
working. Thanks, Tom

If the server was a domain controller, the only domain controller, and
you
did not restore Active Directory from a System State backup then you will
have to start all over. My guess is that the original profiles for domain
users no longer work because they do not have permissions to the profiles
since the user name may be the same for the domain but as far as the
operating system is concerned they are different because the operating
system keeps track of users by their "sid" which changed with the new
domain
install. You could verify that by taking ownership of a users profile as
local administrator and looking at the permissions to a users profile
folder. If you see a long number instead of name then that is the
problem.
You can try to delete the profile [along with their my documents folder
and
emails however which you really may NOT want to do] and then they will
get a
new base profile when they logon to the computer based on the default
profile or you can give them permissions to the original profile with a
command line tool like fileacl which can still allow them to remain owner
or
give them new user names and copy the original profile over to their new
profile by logging on as a local administrator to do such using System
Properties/profiles. --- Steve



I had to reload a windows 2000 server. The system was
having problems so I backed up the necessary info and
ran a new install. Everything is working fine from the
server end, but my clients that were part of the domain
before will not login. I assume it's because the domain name is the
same
as
before so I joined them to a workgroup and then back to the domain.
They
join fine, but when I restart and try to login a message pops up that
it
can't load
the user's profile and is logging in with a default profile.
I have access to all network shares. What am I missing?
Thanks for your help in advance. Tom

 

[Steven L Umbach]

Ok. So you actually can logon, but with the default profile. Thanks for
clearing that up. If these are test users that don't have anything they need
in their profiles then try to delete the user's profile to see if that will
make the error message go away and try creating a new user in the domain
that never existed before to see if the problem still persists. If it does
then there is some other type of problem, but I doubt that will happen. It
also is always a good idea to look in Event Viewer whenever experiencing
problems as you may get more detailed info there in the application or
system logs. To delete a user's profile in XP Pro, logon as a local
administrator and open System Properties. Then go to advanced/user profiles
where you can delete profiles. You probably will see unknown profiles listed
due to the domain reinstall which would be the old user's profiles that your
domain computer no longer recognizes.. --- Steve

Well..I get a message that "Windows cannot load the user's profile but has
logged you on with the default profile for the system. DETAIL-The system
cannot find the files specified." I have the server pointing to itself
for
dns and all of the clients are pointing to the server for dns.
I have XP SP2 running on the clients as well. When I initially joined the
secondary server to the domain I hadn't setup an administrator password
yet.
I don't know why that would make a difference, but now that I think about
it
it's the only thing that I have changed since. Thanks for your time.

What do you mean by Windows XP clients won't login?? Exactly what
happens
and what error messages to you get? It might be a problem with the XP
Clients not being joined to the domain or network connectivity. A common
problem is dns misconfiguration. Make sure your domain controller is
pointing to itself and the domain computers are pointing to the domain
controller as their preferred dns server and as shown via Ipconfig /all.
With the XP clients make sure you disable the built in ICF firewall at
least
until things work correctly. Also you should be using XP with Service
Pack 2
by now unless you have a real compelling reason not to. It has fixed a
lot
of problems/bugs that existed in XP including problems with SMB signing.
See
the link below to make sure your dns is up to snuff and keep in mind that
the support tools netdiag and dcdiag [for domain controllers] can be of
great help in tracking down networking and domain configuration
roblems. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;291382

Thanks for the info. The DC is the only one and I have started all
over
with
AD. I have only created a few new users to try functionality and the
login
names are different than before. The secondary server which is also
windows
2000 joined and logs in fine using any of the users that I have
created,
but
the Windows XP clients won't login. I did delete the copy of the local
profiles on the client machines because I thought there might be a
conflict.
In AD I don't have anything specified for the profile location although
I
will be setting up a mandatory profile for the students once I get the
staff
working. Thanks, Tom

:

If the server was a domain controller, the only domain controller, and
you
did not restore Active Directory from a System State backup then you
will
have to start all over. My guess is that the original profiles for
domain
users no longer work because they do not have permissions to the
profiles
since the user name may be the same for the domain but as far as the
operating system is concerned they are different because the operating
system keeps track of users by their "sid" which changed with the new
domain
install. You could verify that by taking ownership of a users profile
as
local administrator and looking at the permissions to a users profile
folder. If you see a long number instead of name then that is the
problem.
You can try to delete the profile [along with their my documents
folder
and
emails however which you really may NOT want to do] and then they will
get a
new base profile when they logon to the computer based on the default
profile or you can give them permissions to the original profile with
a
command line tool like fileacl which can still allow them to remain
owner
or
give them new user names and copy the original profile over to their
new
profile by logging on as a local administrator to do such using System
Properties/profiles. --- Steve



I had to reload a windows 2000 server. The system was
having problems so I backed up the necessary info and
ran a new install. Everything is working fine from the
server end, but my clients that were part of the domain
before will not login. I assume it's because the domain name is the
same
as
before so I joined them to a workgroup and then back to the domain.
They
join fine, but when I restart and try to login a message pops up
that
it
can't load
the user's profile and is logging in with a default profile.
I have access to all network shares. What am I missing?
Thanks for your help in advance. Tom

 

[Guest]

Ok. I'll give it a try. Thanks again for your help!
Tom

Ok. So you actually can logon, but with the default profile. Thanks for
clearing that up. If these are test users that don't have anything they need
in their profiles then try to delete the user's profile to see if that will
make the error message go away and try creating a new user in the domain
that never existed before to see if the problem still persists. If it does
then there is some other type of problem, but I doubt that will happen. It
also is always a good idea to look in Event Viewer whenever experiencing
problems as you may get more detailed info there in the application or
system logs. To delete a user's profile in XP Pro, logon as a local
administrator and open System Properties. Then go to advanced/user profiles
where you can delete profiles. You probably will see unknown profiles listed
due to the domain reinstall which would be the old user's profiles that your
domain computer no longer recognizes.. --- Steve

Well..I get a message that "Windows cannot load the user's profile but has
logged you on with the default profile for the system. DETAIL-The system
cannot find the files specified." I have the server pointing to itself
for
dns and all of the clients are pointing to the server for dns.
I have XP SP2 running on the clients as well. When I initially joined the
secondary server to the domain I hadn't setup an administrator password
yet.
I don't know why that would make a difference, but now that I think about
it
it's the only thing that I have changed since. Thanks for your time.

What do you mean by Windows XP clients won't login?? Exactly what
happens
and what error messages to you get? It might be a problem with the XP
Clients not being joined to the domain or network connectivity. A common
problem is dns misconfiguration. Make sure your domain controller is
pointing to itself and the domain computers are pointing to the domain
controller as their preferred dns server and as shown via Ipconfig /all.
With the XP clients make sure you disable the built in ICF firewall at
least
until things work correctly. Also you should be using XP with Service
Pack 2
by now unless you have a real compelling reason not to. It has fixed a
lot
of problems/bugs that existed in XP including problems with SMB signing.
See
the link below to make sure your dns is up to snuff and keep in mind that
the support tools netdiag and dcdiag [for domain controllers] can be of
great help in tracking down networking and domain configuration
roblems. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;291382

Thanks for the info. The DC is the only one and I have started all
over
with
AD. I have only created a few new users to try functionality and the
login
names are different than before. The secondary server which is also
windows
2000 joined and logs in fine using any of the users that I have
created,
but
the Windows XP clients won't login. I did delete the copy of the local
profiles on the client machines because I thought there might be a
conflict.
In AD I don't have anything specified for the profile location although
I
will be setting up a mandatory profile for the students once I get the
staff
working. Thanks, Tom

:

If the server was a domain controller, the only domain controller, and
you
did not restore Active Directory from a System State backup then you
will
have to start all over. My guess is that the original profiles for
domain
users no longer work because they do not have permissions to the
profiles
since the user name may be the same for the domain but as far as the
operating system is concerned they are different because the operating
system keeps track of users by their "sid" which changed with the new
domain
install. You could verify that by taking ownership of a users profile
as
local administrator and looking at the permissions to a users profile
folder. If you see a long number instead of name then that is the
problem.
You can try to delete the profile [along with their my documents
folder
and
emails however which you really may NOT want to do] and then they will
get a
new base profile when they logon to the computer based on the default
profile or you can give them permissions to the original profile with
a
command line tool like fileacl which can still allow them to remain
owner
or
give them new user names and copy the original profile over to their
new
profile by logging on as a local administrator to do such using System
Properties/profiles. --- Steve



I had to reload a windows 2000 server. The system was
having problems so I backed up the necessary info and
ran a new install. Everything is working fine from the
server end, but my clients that were part of the domain
before will not login. I assume it's because the domain name is the
same
as
before so I joined them to a workgroup and then back to the domain.
They
join fine, but when I restart and try to login a message pops up
that
it
can't load
the user's profile and is logging in with a default profile.
I have access to all network shares. What am I missing?
Thanks for your help in advance. Tom