Problem logging users in to 2k3 domain
Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: Problem logging users in to 2k3 domain

  1. #1
    Senior Member
    Join Date
    Feb 2003
    Location
    Memphis, TN
    Posts
    3,747

    Problem logging users in to 2k3 domain

    Ok, heres a slight problem I'm having right now that i haven't seen before.

    I've tried google, support.microsoft etc etc. no joy


    I just finished installing 2K3 Enterprise on a server, installed AD, and DNS on it. Created my users, but when I try to login to the domain from a computer it says that it cannot log me in.

    Logging in as "Administrator" works, but logging in as a user/domain user does not work.

    I've created about 10 different test users, but none of them can log in. If I go to the server itself and try to login, it tells me I cannot log in interactively to this machine. Which of course is cause I don't have "Allow local Login" enabled in the GPO, but at least its finding the user. But not on the workstations

    I'm somewhat puzzled, my DNS on the workstations are pointing to the AD server, and I have no problems having computers join the domain, I just can't for the life of me get the users to be able to log in from a workstation.


    Also another thing, not sure if its associated with this, but when you press CTRL + ALT + DEl to login, and you select the domain to login to a small window pops up that says "Finding Domains, or Refreshing Domain List" Don't remember which one. the only way to make it go away is to CTRL + ALT + DEL again.


    Any ideas?
    =

  2. #2
    Right turn Clyde Nokia's Avatar
    Join Date
    Aug 2003
    Location
    Button Moon
    Posts
    1,696
    Hi!

    What does the event viewer say on the Domain Controller?

    Are there any DNS errors in there too?

    It looks like the workstation can't find the domain controller when it tries to log the user on......is it configured for the correct domain?

    I would expect you to find errors along the lines of 'a suitable domain controller can not be found for the configured domain' in the workstation logs.....

    Just out of interest - Does the work station have a Static IP or DHCP'd?
    Drugs have taught an entire generation of kids the metric system.

    http://tazforum.**********.com/

  3. #3
    It's a gas!
    Join Date
    Jul 2002
    Posts
    699
    Whats the exact error message you get when trying to login to the domain with a user?

    Edit: Because its a fresh install, you could demote/promote the dc.

  4. #4
    Senior Member
    Join Date
    Feb 2003
    Location
    Memphis, TN
    Posts
    3,747
    Theres no errors in the event viewer about the Domain Controller, at least none that I could see. I'll check the workstation logs, didn't think of that.

    There were a few DNS errors, about not being able to find certain root domains on the net, but nothing concerning the internal network.

    The exact error message is "Unable to login to the domain with the specified User/pass" I've checked it like 3 million times, its the right user/pass.


    The workstations user DHCP, the servers are Static.
    =

  5. #5
    Some Assembly Required ShagDevil's Avatar
    Join Date
    Nov 2002
    Location
    New Jersey
    Posts
    718
    Are your servers pointing to themselves as the primary DNS server?
    The object of war is not to die for your country but to make the other bastard die for his - George Patton

  6. #6
    Senior Member
    Join Date
    Feb 2003
    Location
    Memphis, TN
    Posts
    3,747
    yes, I only have 1 AD server at the momen which is also the DNS server, and it points to itself for DNS.
    =

  7. #7
    Senior Member
    Join Date
    Feb 2003
    Location
    Memphis, TN
    Posts
    3,747
    Guess I'm having problems getting these computers to see the domain


    Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

    Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
    Enrollment will not be performed.
    But my DNS for the computers point to the AD machine.
    =

  8. #8
    Right turn Clyde Nokia's Avatar
    Join Date
    Aug 2003
    Location
    Button Moon
    Posts
    1,696
    As an initial troubleshooting step I woud try deleteing the computer account from the AD and removing the workstation from the domain.

    Then from the workstation logon locally and add it back in to the domain, enter the relevant credentials and let it create its own computer account in Active Directory - dont create the computer acount from the domain controller.

    It is a two fold thing as if it works all is well, if it doesnt work you will get a more detailed event in the event viewer!

    But in my experience it is usually a DNS problem or an auto enrollment problem, so I would re-double check you have the correct DNS server IP address configured on the client and then check your auto enrollment settings in the local policy (gpedit.msc).

    Also check that the domain controller is pointing to itself for DNS resolution on all network interfaces.

    Run a quick nslookup on the workstation to check it can talk to the DNS server and the DNS server is working.

    I take it it is XP workstation and 2003 Domain Controller?
    Drugs have taught an entire generation of kids the metric system.

    http://tazforum.**********.com/

  9. #9
    Senior Member
    Join Date
    Feb 2003
    Location
    Memphis, TN
    Posts
    3,747
    I actually never create the computer accounts in AD, just create a use account in AD, the log on from the remote machines...I'double check my DNS settings and my GPO policies.
    =

  10. #10
    Right turn Clyde Nokia's Avatar
    Join Date
    Aug 2003
    Location
    Button Moon
    Posts
    1,696
    Hi,

    Did you create the computer accounts in that way this time? If so everything must have been working at one point for the workstation to contact the DC and create the Computer Account successfully........? :S
    Drugs have taught an entire generation of kids the metric system.

    http://tazforum.**********.com/

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides