NT4 connectiong to AD problem

B

BS

We have a problem with loging of NT4 user to Active Directory native domain
There is the message:
"The system cannot log you on to this domain because the system's computer
account in it's primary domain is missing or the password on that account is
incorrect"

This is NT4 server acting as a member of AD domain.
We thing that it has something to do with Kerberos authentification, but can
not tell why.
Nothing was done today and we do not know what could cause this problem, but
it is definately something with authentification issues . . . .
Exchange services running with accounts from the sam domain also can not
connect to the domain. All the w2k servers and computers seems to work fine.

Can anybody help with the way of looking to the problem or solution?
 
C

Charles McMillan

When dealing with Authentication between NT and 2K NTLM is
usually the culprit.

In NT
Run Regedit
Drill down to HKLocalmachine|system|Current Control
set|Control|LSA
Look for the LMCompatibilityLevel key and see what the
value is.
If the key does not exist then create it as a DWord and
set the value to what ever is on the 2K domain controllers.

YOu need SP4 or greater, I prefer 6a myself, in order to
use some of the higher NTLM settings.

On the 2K DCs
Go to Start|programs|Adminstrative tools|Local Security
policy

Expand Local Policies|Security Options and look for the
Lan Manager Authentication level key. If you click the
down arrow it will show you your options. There are six
options they number from 0 at the top to 5 at the bottem.
Make the NT machine match this.

Just remember that in the NT side is a registry key and
you have to enter a number from 0 to 5.
 
W

William Dempsey

For a start it sounds like you will need to remove your NT server from the
domain and rejoin, your secure channel with the DC looks like it has been
reset.

You can even use netdom to do this.

netdom reset domainmember /domain:mydomain

Once this is done, I would run Network Monitor to have a closer look at
whats happening
 
R

RM

On one domain controler AD entry for PDC was one server, and on second DC a
different one . . . .
So sync is not performing regulary. I don't know why? . . . .
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

AD Trust to NT4 Domain 3
Help moving from NT4 to 2000 AD? 5
Permissions Issue During NT4 to AD migration 3
NT4 to 2000 / 2003 Exch 2
NT4 to AD Question 5
NT4 Server RAS in native AD 2
Migration Approach in NT4 to Win2K3 AD 1
AD two-way trust with NT4 domain and authentication resolution LDA 1

Top