Win 2000 Adv Srv and Win NT 4.0 Workstation Access Issues

[John Culbertson]

Hello,
currently our small business is operating Microsoft Windows 2000 Advanced
Server, SP 4 (with Microsoft Internet Acceleration and Security (ISA) Server
2000 installed) on our server computer. Two clients (Windows NT 4.0
Workstation) access the network domain. At the current time, the clients are
unable to access the domain's shared directories. They can logon, but when
we attempt to use Network Neighborhood to view the server (named PRIM-SRV),
we receive the error 'Access is Denied'.

An event in the Event Log 'Event ID: 3210 (NETLOGON)' stating 'Failed to
authenticate with \\PRIM-SRV, a Windows NT domain controller for domain
BUS-DOMAIN.' appears. Reading up on the issue from a number of websites; we
decided to disabled ISA Server, thinking it may have been an RPC port
blocking issue, deleted the clients Computer account, and then recreated
them manually through Active Directory Users and Computers. When this
attempt failed, kept ISA Server disabled, and attempted to create the
Computer accounts by selecting 'Create a Computer Account in the Domain'
from the Win NT 4.0 Network - Identification Changes dialog. However, the
error message 'Unable to connect to the domain controller for this domain.
Either the user name or password is incorrect', the username and password
are correct, after trying about ten times, and restarting client and server
machines.

Attempts to access the clients (\\FRONT-DESK and \\OFFICE-01) from the
server (\\PRIM-SRV) result in the error 'The account is not authorized to
log in from this station'.

DNS and WINS servers are setup on the Win 2000 Server, and Active Directory.
Users can logon (username/password gets authenticated, and there is no
message like 'The domain controller is unavailable...', although the
NTConfig.pol does not seem to be replaced (as the Logon Banner has not be
changed).

I thank anybody in advance for their assistance into this matter, as it is
creating serious problems for the business.
Merry Christmas, and a Happy New Year to All.

With Thanks,
John Culbertson.

 

[Marina Roos]

Does the ipconfig/all from the NT's show that everything is pointing to the
server-IP? How many nics in the server? Have a look at the RestrictAnonymous
registry setting on the server. It should be 0 or 1.

 

[John Culbertson]

Marina,

the server has two NICs - 1 for LAN access, 1 goes to a router for
Broadband Internet Access.
the RestrictAnonymous is set 0 on the server, and the clients all point
to the server's LAN Nic (Default Gateway, Primary WINS Server, DNS Server)

John.

 

[Marina Roos]

Check the bindingorder on the server (Network Connections, Advanced,
advanced) and make sure the internal nic is on top.
On the external nic there should only be TCP/IP bound.
Do the NT's login with a valid username?
Are all NT/W2K/XP's fully patched?

 

[Marina Roos]

You mentioned the 3210 event. Have a look at http://www.eventid.net/display.asp?eventid=3210&source=

Make sure all clients are (re)joined to the domain (when they have the trust relationship error). Make sure that all accounts are in the local administratorsgroup on the workstation (and have the local logon right).
Do you have options 003, 006, 015, 044 and 046 (0x8) in DHCP-server, Scope options?

--
Regards,

Marina

"John Culbertson" <[email protected]> schreef in bericht Marina,

- Binding order is Internal NIC first, External NIC Second, Remote
Connections Third.
- External NIC - TCP/IP only network protocol assigned
- NT Logon's with valid domain administrator username
- 2000 Server and NT Workstations fully patched using Windows Update
online.

I was able to use a Windows XP Pro laptop for testing purposes, and used
it to attempt to connect to the workstations and server, the results are
attached in the HTML File.

I also tried changing the computer names on the NT clients, deleting
WINS registration, but still no luck.

I thank you for your continued assistance.

John.