Login Issues on new domain

[Guest]

Hi, I have encountered a strange problem that is affecting one user
particularly badly. We have a multi-site single domain network. One of our
technicians cannot login to the domain from Windows 2k Pro workstations - but
he can from XP pro workstations! He also cannot login at his local server
console (2k server), although he can via remote desktop. Group policy seems
to be OK - he should be OK logging in at the server console as he is server
operator and has not had 'log on locally' disabled. Help!

 

[Herb Martin]

Hi, I have encountered a strange problem that is affecting one user
particularly badly. We have a multi-site single domain network. One of our
technicians cannot login to the domain from Windows 2k Pro workstations - but
he can from XP pro workstations! He also cannot login at his local server
console (2k server), although he can via remote desktop. Group policy seems
to be OK - he should be OK logging in at the server console as he is server
operator and has not had 'log on locally' disabled. Help!

Most authentication (and most replication) problems are
really DNS (Server and/or DNS client configuration)
problems.

Multi-sites also suggests you might have a GC (missing)
problem if there is not one (available) in each site and
if you have a Native mode domain. (GC required to logon.)

Check the following:

DNS
1) Dynamic for the zone supporting AD
2) All internal DNS clients NIC\IP properties must specify SOLELY
that internal, dynamic DNS server (set.)
3) DCs and even DNS servers are DNS clients too -- see #2

Restart NetLogon on any DC if you change any of the above that
affects a DC.

Ensure that DNS zones/domains are fully replicated to all DNS
servers for that (internal) zone/domain.

Also: Run DCDiag against all DCs in the domain (sending output
to a text file, /?) and search for FAIL, WARN, ERROR -- fix
those or ask for help with any problems you find.

 

[Guest]

Thanks for your suggestions Herb - we have had some DNS / Replication issues
(supposed to be fixed now though). What I still don't see is why the Tech in
question only encounters the problem from W2k PC's - not XP PC's (same site,
same DNS settings)?

 

[Herb Martin]

Thanks for your suggestions Herb - we have had some DNS / Replication issues
(supposed to be fixed now though). What I still don't see is why the Tech in
question only encounters the problem from W2k PC's - not XP PC's (same site,
same DNS settings)?

First guess would be that they aren't really using
the same IP/DNS settings (really).

Second, is perhaps these PCs are not really authenticating
themsevles with the domain (maybe a historical problem
requires their accounts to be reset...)

First get the DNS and DCs properly replicated and then
double-check (triple check) the clients for same settings
between those that work and those that don't.

For instance, DNS server is not really replicated and the
XP machines have it listed second while the W2K have
it as the Preferred DNS server -- something like that.

 

[Guest]

Thanks Herb. I'll have a thorough check through everything. Only problem is
that due to lack of capacity with our telecomms provider our main site isn't
yet on the new domain so I'll have to trek out to one of the other sites to
do the testing!!!

Regards,
Ian