Can't log into a Windows 2003 domain

M

Miha

Hi

We have two DC's with Windows 2003 Enterprise Server installed (servers are
simple DC's with AD and DNS only)
A few weeks ago we moved all of our WinXP and Win200 client computers into a
domain and everything worked fine till last week
when users tried to log-in the system returned error saying 'there is no
domain or domain controller available...'
Strange is, that some computers can log-in with no problems, but with some
we get the same error.
Nothig was changed on the domain or computers, everything is just like it
was weeks ago, also no errors are reported on DC's.
The only way to resolve this, is to 're-join' computers from a domain - join
into a workgroup and than back to a domain and users can log-in normally.
But we have over 100 computers with the same problem? What can we do, to
solve this problem?

Thank you all in advance for help
Best regards
Miha
 
R

Ryan Hanisco

Miha,

This is sounds like a DNS problem. There are two things that you need to do
to start troubleshooting this. This should get you on the right track, but
you may want to give us more information to better help us help you (like
how many domains, how many sites).

Step 1.
Make sure that all DCs are running AD integrated DNS and that they are
pointing to themselves as their only source of DNS. Make sure that the
appropriate SRV records have been created (restart the netlogon services).
Make sure that the correct subnets have been assigned in Sites and Services.

Step 2.
Make sure that all workstations are pointing at your DCs for primary DNS
resolution and either outside or "upstream" for their secondaries. Make
sure that you have the correct search scope defined.

This should do it. You may also want to use the DCDiag and NetDiag
utilities on your servers to give you (and us) more insight. Run these with
the /v switch for verbose output. These are part of the Server support
tools on the 2000/2003 CDs and they should be a standard part of your domain
controller builds.
 
P

ptwilliams

I would like to add that if you have multiple DCs and DNS is the issue (99
times out 100 it is), then you might find it beneficial to point all DCs at
one for DNS, do the registrations and replication and then change them back
to pointing at self or whatever they were pointing at -assuming of course
they weren't pointing to a public DNS server ;-)

I just find it most efficient this way. Saves any fiddling and waiting.
Once replication is working, you're good to change back.

In addition to running the diagnostics mentioned by Ryan on the DCs you may
find some additional info. by doing the following on one of the clients:

C:\>nltest /dsgetdc:domain-name.com
C:\>nltest /whowill:domain-name.com username

C:\>nslookup
set type=srv
_ldap._tcp.dc._msdcs.domain-name.com
Click to expand...


Also, don't forget the event logs on the clients. They too can provide
valuable insight into troubleshooting ;-)

**Note. NLTEST is a support tool too.

--

Paul Williams

http://www.msresource.net/
http://forums.msresource.net/
 
J

Jeff Cochran

We have two DC's with Windows 2003 Enterprise Server installed (servers are
simple DC's with AD and DNS only)
A few weeks ago we moved all of our WinXP and Win200 client computers into a
domain and everything worked fine till last week
when users tried to log-in the system returned error saying 'there is no
domain or domain controller available...'
Strange is, that some computers can log-in with no problems, but with some
we get the same error.
Nothig was changed on the domain or computers, everything is just like it
was weeks ago, also no errors are reported on DC's.
The only way to resolve this, is to 're-join' computers from a domain - join
into a workgroup and than back to a domain and users can log-in normally.
But we have over 100 computers with the same problem? What can we do, to
solve this problem?
Click to expand...

Most likely DNS related. Make sure the systems have correct DNS
servers specified (the AD DC's normally). This is common where you
have an internal and external DNS specified in the client and it tries
to resolve the domain through a non-AD DNS. It could mean some
missing records in your DNS but I'd think all systems would have
problems then.

If you use DHCP, make sure the scopes are handing out only DNS for the
AD domain the systems are in.

Jeff
 
R

Ryan Hanisco

Jeff,

This could be because only once DC is having problems and only the
workstations using it for DNS are exhibiting the problem.

Just a guess...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Cross Domain Connection Issues 6
Windows 2000 Domain with Windows 2003 DC's?? 6
change computer name in a domain 1
Changing Company Name means Changing Domain Name 3
Upgrading from windows 2003 to windows 2008. 4
How to log users log-on-off time 8
Joining to a Domain!! 7
Surpass the Windows Log On Screen 1

Top