October 6th, 2006, 05:49 AM
Problem logging users in to 2k3 domain
Ok, heres a slight problem I'm having right now that i haven't seen before.
I've tried google, support.microsoft etc etc. no joy
I just finished installing 2K3 Enterprise on a server, installed AD, and DNS on it. Created my users, but when I try to login to the domain from a computer it says that it cannot log me in.
Logging in as "Administrator" works, but logging in as a user/domain user does not work.
I've created about 10 different test users, but none of them can log in. If I go to the server itself and try to login, it tells me I cannot log in interactively to this machine. Which of course is cause I don't have "Allow local Login" enabled in the GPO, but at least its finding the user. But not on the workstations
I'm somewhat puzzled, my DNS on the workstations are pointing to the AD server, and I have no problems having computers join the domain, I just can't for the life of me get the users to be able to log in from a workstation.
Also another thing, not sure if its associated with this, but when you press CTRL + ALT + DEl to login, and you select the domain to login to a small window pops up that says "Finding Domains, or Refreshing Domain List" Don't remember which one. the only way to make it go away is to CTRL + ALT + DEL again.
October 6th, 2006, 12:49 PM
What does the event viewer say on the Domain Controller?
Are there any DNS errors in there too?
It looks like the workstation can't find the domain controller when it tries to log the user on......is it configured for the correct domain?
I would expect you to find errors along the lines of 'a suitable domain controller can not be found for the configured domain' in the workstation logs.....
Just out of interest - Does the work station have a Static IP or DHCP'd?
October 6th, 2006, 01:08 PM
Whats the exact error message you get when trying to login to the domain with a user?
Edit: Because its a fresh install, you could demote/promote the dc.
October 6th, 2006, 06:13 PM
Theres no errors in the event viewer about the Domain Controller, at least none that I could see. I'll check the workstation logs, didn't think of that.
There were a few DNS errors, about not being able to find certain root domains on the net, but nothing concerning the internal network.
The exact error message is "Unable to login to the domain with the specified User/pass" I've checked it like 3 million times, its the right user/pass.
The workstations user DHCP, the servers are Static.
October 6th, 2006, 06:37 PM
Are your servers pointing to themselves as the primary DNS server?
The object of war is not to die for your country but to make the other bastard die for his - George Patton
October 6th, 2006, 08:57 PM
yes, I only have 1 AD server at the momen which is also the DNS server, and it points to itself for DNS.
October 6th, 2006, 09:55 PM
Guess I'm having problems getting these computers to see the domain
But my DNS for the computers point to the AD machine.
Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.
Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.
October 6th, 2006, 10:35 PM
As an initial troubleshooting step I woud try deleteing the computer account from the AD and removing the workstation from the domain.
Then from the workstation logon locally and add it back in to the domain, enter the relevant credentials and let it create its own computer account in Active Directory - dont create the computer acount from the domain controller.
It is a two fold thing as if it works all is well, if it doesnt work you will get a more detailed event in the event viewer!
But in my experience it is usually a DNS problem or an auto enrollment problem, so I would re-double check you have the correct DNS server IP address configured on the client and then check your auto enrollment settings in the local policy (gpedit.msc).
Also check that the domain controller is pointing to itself for DNS resolution on all network interfaces.
Run a quick nslookup on the workstation to check it can talk to the DNS server and the DNS server is working.
I take it it is XP workstation and 2003 Domain Controller?
October 6th, 2006, 10:48 PM
I actually never create the computer accounts in AD, just create a use account in AD, the log on from the remote machines...I'double check my DNS settings and my GPO policies.
October 6th, 2006, 10:54 PM
Did you create the computer accounts in that way this time? If so everything must have been working at one point for the workstation to contact the DC and create the Computer Account successfully........? :S