XP Pro - Logging on to Domain issues

B

Bobby

Hi there,

I previously posted as a mapped drive issue but it's a bit more than that
we've discovered. We are running a Windows 2000 Server domain and any "new"
XP Pro machines that are joined on the domain and rebooted cannot access the
network. After the reboot it seems as if you are joining the domain by
logging on but you're actually not and it's using the cached credentials
from the previous log on. We even manually put in all required numbers
(Primary DNS, Alternative DNS, Static IP, etc...) and it still doesn't work.
What ends up happening is let's say you go to My Network Places, then to
Entire Network, and choose Microsoft Network...all computers (including
domain controller) are visible but as soon as you go to click on one of them
you can't access them (and under normal circumstances with other clients
such as previous Win2K Pro AND XP Pro you can). Then a usernam/password
dialog box pops up asking you to log on with DIFFERENT credentials then what
we logged on the computer with...after which I can view the network and
shared folders and files and so on.

Is there something in particular that you need to watch for when adding XP
Pro machines to your domain? Like I mentioned before we already have an XP
Pro and an XP Home client on the domain that function just fine (the XP Home
I imagine was tweaked a bit or required a bit more work to function
correctly on the domain). If anyone can help me out with this that would be
great. If more info is required just let me know and I'll give it to you.
I'm pretty good with replies.

Thanks in advance guys!

Bobby
 
B

Bobby

Hi Doug,

The only thing I could find that closely resembles that is under Logon not
Group Policy and it is "Always wait for the network at computer startup and
logon." Is this where you want me to go? Or if you could be kind of enough
to direct me to where I should go exactly?

Thanks,
Bobby
 
D

Doug Sherman [MVP]

I think you're in the right place. What I meant was that you could use
Active Directory Group Policy to pump this setting out to all machines in
the domain or an OU within the domain as distinguished from changing the
setting on an individual machine.

To change the setting on an individual machine (probably the best way to
test whether this will solve your problem):

Click Start/Run gpedit.msc ENTER.

Expand Computer Configuration, Expand Administrative Templates, Expand
System, and click on Logon - enable the policy.

Note - it may take 2 logons for the policy to be effective.

Doug Sherman
MCSE, MCSA, MCP+I, MVP
 
B

Bobby

Another thing discovered is when a different user tries to log on to that
computer (that has access to the domain and can log on to any of the other
computers already on the domain Win2K or not) it says the following message
now "The system cannot log you on now because the domain DOMAIN is not
available."

This makes it seem that XP Pro isn't seeing the domain??
 
G

Guest

Bobby,

I was having a similar problem and fixed it by editing a DNS setting...
See tread: Cannot Logon to domain
Hope that helps...

Cheers!!!!
 
C

Chuck

Another thing discovered is when a different user tries to log on to that
computer (that has access to the domain and can log on to any of the other
computers already on the domain Win2K or not) it says the following message
now "The system cannot log you on now because the domain DOMAIN is not
available."

This makes it seem that XP Pro isn't seeing the domain??
Click to expand...

Bobby,

To login to a domain from a Windows XP computer, you have to setup the domain,
and the computer, properly.
<http://nitecruzr.blogspot.com/2005/05/windows-xp-on-nt-domain.html>
 
B

Bobby

Hey guys,

I appreciate the replies. I've tried the domain thing and I looked at that
thread pardal51 told me to look at but none of that really helps. I am part
of the domain and added fine, so that's definitely not it. That was taken
care of ages ago even before I ran into this problem.

Bobby
 
C

Chuck

Bobby
Click to expand...
Hey guys,

I appreciate the replies. I've tried the domain thing and I looked at that
thread pardal51 told me to look at but none of that really helps. I am part
of the domain and added fine, so that's definitely not it. That was taken
care of ages ago even before I ran into this problem.
Click to expand...

You said "we already have an XP Pro and an XP Home client on the domain". Is
the XP Pro client any more on the domain than the XP Home? Remember XP Home
computers will NOT join domains, so if you can't find some big differences
between the way the XP Home and Pro clients are setup, then none of them is
joined to the domain properly.
<http://nitecruzr.blogspot.com/2005/06/file-sharing-under-windows-xp.html#DomainClient>

Take a look at "browstat status" and "ipconfig /all" from each computer, as a
start. Look for differences. Read this article, and linked articles, and
follow instructions precisely:
<http://nitecruzr.blogspot.com/2005/05/troubleshooting-network-neighborhood.html#AskingForHelp>
 
B

Bobby

Sorry I didn't clarify...i meant XP Pro clients already use the domain and
the XP Home client is on a workgroup and able to access the network. That
is what I meant to say, I was referring to network access and I just typed
it all out making sense in my head. I apologize about that. Still have the
problem though...unfortunately.

I'll read the article and let you know...

Bobby
 
K

Kerry Brown

Bobby said:
Sorry I didn't clarify...i meant XP Pro clients already use the domain and
the XP Home client is on a workgroup and able to access the network. That
is what I meant to say, I was referring to network access and I just typed
it all out making sense in my head. I apologize about that. Still have
the
problem though...unfortunately.
Click to expand...

Reading through all the posts I see a couple of possible problems. This is
usually a DNS problem so I would follow Chuck's suggestion of thoroughly
checking the results of ipconfig /all and browstat status. If that doesn't
solve the problem then you have to dig a little deeper.

In your first post you say this only applies to new XP computers. Are you
sure the computers are joined to the domain? Open the Active Director Users
and Computers and make sure the computers are actually showing up there.
What OU are they showing up in? Is it the appropriate one? The next step
would be to see what group policies are being applied. Is there a policy
being applied that isn't applied to the other computers? Especially check
the policies regarding the Windows Firewall.

Kerry
 
C

Chuck

Sorry I didn't clarify...i meant XP Pro clients already use the domain and
the XP Home client is on a workgroup and able to access the network. That
is what I meant to say, I was referring to network access and I just typed
it all out making sense in my head. I apologize about that. Still have the
problem though...unfortunately.

I'll read the article and let you know...

Bobby
Click to expand...

OK, well you have to look at all possibilities. Besides the above articles,
read these ones and see if they make you think of any possibilities.
<http://nitecruzr.blogspot.com/2005/08/solving-network-problems-tutorial.html>
<http://nitecruzr.blogspot.com/2005/06/file-sharing-under-windows-xp.html>
 
R

Ron Lowe

Bobby said:
Another thing discovered is when a different user tries to log on to that
computer (that has access to the domain and can log on to any of the other
computers already on the domain Win2K or not) it says the following
message
now "The system cannot log you on now because the domain DOMAIN is not
available."

This makes it seem that XP Pro isn't seeing the domain??
Click to expand...


As others have indicated, this is almost certainly a DNS configuration
problem.
Here's my usual lecture on the topic:

XP differs from previous versions of windows in that it uses
DNS as it's primary name resolution method for finding domain
controllers:


How Domain Controllers Are Located in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;314861


If DNS is misconfigured, XP will spend a lot of time waiting for it to
timeout before it tries using legacy NT4 sytle NetBIOS.
( Which may or may not work. )


1) Ensure that the XP clients are all configured to point to the local
DNS server which hosts the AD domain. That will probably be the
win2k server itself.
They should NOT be pointing an an ISP's DNS server.
An 'ipconfig /all' on the XP box should reveal ONLY the domain's
DNS server.


( you should use the DHCP server to push out the local DNS server
address. )


2) Ensure DNS server on win2k is configured to permit dynamic updates.


3) Ensure the win2k server points to itself as a DNS server.


4) For external ( internet ) name resolution, specify your ISP's DNS server
not on the clients, but in the 'forwarders' tab of the local win2k DNS
server.


On the DNS server, if you cannot access the 'Forwarders' and 'Root Hints'
tabs because they are greyed out, that is because there is a root zone (".")
present on the DNS server. You MUST delete this root zone to permit the
server to forward unresolved queries to yout ISP or the root servers.
Accept any nags etc, and let it delete any corresponding reverse lookuop
zones if it asks.


The following articles may assist you in setting up DNS correctly:


Setting Up the Domain Name System for Active Directory
http://support.microsoft.com/default.aspx?scid=kb;en-us;237675
HOW TO: Configure DNS for Internet Access in Windows 2000
http://support.microsoft.com/default.aspx?scid=kb;en-us;300202
 
B

Bobby

Hi there,

I'm sorry I haven't responded sooner to those who were anxious to hear what
the result was. We're still trying a combination of things and taking into
consideration what was recommended. I will update you guys on the progress
and hopefully we get this sorted out since it's a new week.

Thanks for the help.

Regards,
Bobby
 
B

Bobby

Hi everyone,

This is what it came down to. Yes it was definitely a DNS issue there's no
doubt about it. What I had to do was point the DNS server to itself as that
wasn't correctly done previously (or there was no need to) and then a
Forwarder to the ISP's DNS server for any requests that were to be external.
Also, the root zone was deleted. This now allows XP machines to log on fine
on our domain with any user that has an account on our domain. This is all
feasible, however, with static IP addresses for the clients. Now any
machine, regardless of it were XP or Win2K, cannot access the network,
internet, etc...unless they have a static IP. Previously before the above
changes were made we could let the client computers be assigned IP addresses
dynamically and still access network reources and internet because the those
IP addresses were in the range that our static IP's would be in as well.
Now what happens is dynamically the rang is totally off, no where close to
what we have going here.

Any suggestions on how I could go about controlling/creating/setting up a
range for dynamically assigned IP addresses in this situation in particular?
If not then I wouldn't mind going the static IP route except for the fact
that there's a lot of laptop users that would have a problem every time they
took their laptops home and used the Internet at home and then came back to
work.

Thanks for all the previous help there guys, and if someone could help me
with this last thing I have that would be much appreciated.

Regards,
Bobby
 
C

Chuck

Hi everyone,

This is what it came down to. Yes it was definitely a DNS issue there's no
doubt about it. What I had to do was point the DNS server to itself as that
wasn't correctly done previously (or there was no need to) and then a
Forwarder to the ISP's DNS server for any requests that were to be external.
Also, the root zone was deleted. This now allows XP machines to log on fine
on our domain with any user that has an account on our domain. This is all
feasible, however, with static IP addresses for the clients. Now any
machine, regardless of it were XP or Win2K, cannot access the network,
internet, etc...unless they have a static IP. Previously before the above
changes were made we could let the client computers be assigned IP addresses
dynamically and still access network reources and internet because the those
IP addresses were in the range that our static IP's would be in as well.
Now what happens is dynamically the rang is totally off, no where close to
what we have going here.

Any suggestions on how I could go about controlling/creating/setting up a
range for dynamically assigned IP addresses in this situation in particular?
If not then I wouldn't mind going the static IP route except for the fact
that there's a lot of laptop users that would have a problem every time they
took their laptops home and used the Internet at home and then came back to
work.

Thanks for all the previous help there guys, and if someone could help me
with this last thing I have that would be much appreciated.

Regards,
Bobby
Click to expand...
Hi everyone,

This is what it came down to. Yes it was definitely a DNS issue there's no
doubt about it. What I had to do was point the DNS server to itself as that
wasn't correctly done previously (or there was no need to) and then a
Forwarder to the ISP's DNS server for any requests that were to be external.
Also, the root zone was deleted. This now allows XP machines to log on fine
on our domain with any user that has an account on our domain. This is all
feasible, however, with static IP addresses for the clients. Now any
machine, regardless of it were XP or Win2K, cannot access the network,
internet, etc...unless they have a static IP. Previously before the above
changes were made we could let the client computers be assigned IP addresses
dynamically and still access network reources and internet because the those
IP addresses were in the range that our static IP's would be in as well.
Now what happens is dynamically the rang is totally off, no where close to
what we have going here.

Any suggestions on how I could go about controlling/creating/setting up a
range for dynamically assigned IP addresses in this situation in particular?
If not then I wouldn't mind going the static IP route except for the fact
that there's a lot of laptop users that would have a problem every time they
took their laptops home and used the Internet at home and then came back to
work.

Thanks for all the previous help there guys, and if someone could help me
with this last thing I have that would be much appreciated.

Regards,
Bobby
Click to expand...

Bobby,

Run "ipconfig /all" on a computer using a static IP address (and connecting
successfully), and the same on a computer using a dynamic address (and not
connecting). What settings differ? Check the settings on the DHCP server, and
make sure that it agrees.

Any questions, post both ipconfigs here. Let's see what's up.
 
B

Bobby

Hi again,

Yes I believe the DHCP Server was not installed (I know weird huh) on the
server. Therefore obviously the DHCP did not know what ranges to assign
dynamically. I've decided I'll stick with the static route, just to be that
bit more secure.

Thanks for all the help guys, I really appreciate it.

Regards,

Bobby
 
C

Chuck

Hi again,

Yes I believe the DHCP Server was not installed (I know weird huh) on the
server. Therefore obviously the DHCP did not know what ranges to assign
dynamically. I've decided I'll stick with the static route, just to be that
bit more secure.

Thanks for all the help guys, I really appreciate it.

Regards,

Bobby
Click to expand...

Thanks for updating the thread, Bobby. Stay safe.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Problem mapping network shares in domain 3
Very long delay at logon to domain 4
XP Domain Issues 2
XP home on XP pro domain network 5
How to access an XP Pro computer using \\computername\C$ 5
XP can't or won't join the domain 3
Networks : Workgroups and Domains. How Do I Use Them? 9
Cannot connect XP Pro to Win 2003 Domain 6

Top