Re: system's computer account in its primary domain is missing NT4 WS
From: Herb Martin (news_at_LearnQuick.com)
Date: 04/06/04
- Next message: Lee: "Re: Lsasrv Warnings"
- Previous message: Herb Martin: "Re: CSVDE import failed"
- In reply to: Neil: "Re: system's computer account in its primary domain is missing NT4 WS"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 6 Apr 2004 16:15:58 -0500
> Sorry again, I'm fairly new to AD. The 2 DC's based in this site
> sitting on the LAN do the following. RID Master, Operations Master,
> Schema master and Domain naming master. Another DC on the WAN does
> PDC Emulation, the NT4 WS is able to talk to this DC.
Usually none of the above matter (which is part of why I thought
it odd you mentioned the PDC Emulator separately) but it is
ALSO usually to keep the RID and PDC Emulator together.
I can't say if that will cause problems but it is the normal way.
> On WINS i'm a bit confused. WINS is running on 1 of the DC's on the
> LAN and replicates with the DC doing the PDC Emulation. The NT4 WS
Then WINS would be running on TWO DCs. Whatever, they must
replicate to make this work.
> only has a WINS entry for the DC on the LAN, does it need an entry for
> the DC on the WAN?
It needs an entry, or entries, for those accessible WINS servers with the
replicated database.
The machines register with their WINS server -- the others look them
up there. DCs must be WINS clients too.
Many people forget to make DCs and other servers WINS clients.
(And DNS clients too!)
> DNS is running on all of the DC's, the NT4 WS has
> an entry for each, and primary and secondary ordering is split fairly
> evenly between DC's on all of the clients.
Preferred and Alternate (client DNS setting). Primary and Secondary
are TECHNICAL terms in DNS that mean something else -- on the
servers themselves.
Do the DNS server replicate? If using Primary DNS server with
ordinary Secondaries go to each secondary and do a manual
zone transfer.
If using AD Integrated DNS on multiple DNS servers (on one server
is same as a single primary) then you probably have a failure to
replicate DNS because it is in AD which is dependent on DNS which
is in AD etc. -- Switch all but one AD Integrated DNS server back
to secondary point all DCs to ONLY the one Primary/AD-int that
actually accepts the registrations. Replicate DNS, then AD.
After you get clean AD replication you can go back to multiple AD-int
DNS servers.
Run DCDiag on all DCs and send the output to a text file -- search for
FAIL, WARN, IGNORE and/or post here.
-- Herb Martin "Neil" <neil662@yahoo.com> wrote in message news:940c16ab.0404060133.4da6c020@posting.google.com... > "Herb Martin" <news@LearnQuick.com> wrote in message news:<e742jLkGEHA.3772@TK2MSFTNGP12.phx.gbl>... > > > The initial problem I am having is that when I attempt to add the NT4 > > > WS to the domain and create a computer account, I get an error that > > > the domain controller cannot be found. The only way I've found round > > > this is to manually create a new computer object in the AD through the > > > User and Computers MMC. I'm then able to successfully ad the NT4 WS > > > if I don't ask it to create a computer account. > > > > It's not a problem "creating" the account probably but rather > > FINDING the domain controller but perhaps you never > > upgraded the NT boxes with DSClient (get it from MS site). > > Sorry for forgetting to add that, i have actually installed the DS > client, before i did i was unable to add the NT4 WS to the domain, > after its install i was, however that is when i started getting the > problem below. > > > > > Usually such problems are NetBIOS related for legacy systems > > (NT, 9x) and DNS related for Win2000+. > > > > > On reboot you can then log in and all appears well, however when a > > > user then logs off I get the following error when they attempt to log > > > back in... > > > The system cannot log you into this domain because the system's > > > computer account in its primary domain is missing. > > > I can then attempt to login any number of times and all will fail with > > > the message above. If I then leave the machine for about 5 minutes > > > and try to login again it will usually work, but again if I log out > > > and attempt to log on again the same problem occurs. > > > > > > Here are a few details on my AD setup. > > > 3 Sever 2003 DC's on the local site running DNS, WINS. One DC is the > > > RID Master and FSMO. > > > > An odd way to say this -- RID Master is only ONE of the > > FIVE FSMO roles. > > Sorry again, I'm fairly new to AD. The 2 DC's based in this site > sitting on the LAN do the following. RID Master, Operations Master, > Schema master and Domain naming master. Another DC on the WAN does > PDC Emulation, the NT4 WS is able to talk to this DC. > > > > > Make sure ALL DCs and other servers and clients are WINS clients > > in their NIC properties -- ensure that WINS is fully replicated. Do the > > same for DNS while you are at it (all are clients, replicated.) > > > Domain functional level 2000 native. Forest functional level Windows > > 2000. > > > A server on the WAN is acting as the PDC emulator. > > > > That's a FSMO role too -- did you apply DSClient to the NT > > boxes, since it makes them aware that the "other DCs" can > > change account passwords, let them join the domain etc. > > > > > NT4 WS is running SP6a and IE 5.5, name resolution of the DC's works > > > fine. I've also added an entry for the domain info into the LMHost > > > file to ensure successful resolution on the PDC emulator. > > > > No mention of DSClient so I bet that is your main problem. > > > > > Anyone out there with some suggestions? I've had no problems at all > > > adding Win9x PC's, W2K pro PC's or XP PC's. > > > > DSClient and make sure all DCs and all clients are using the WINS > > server in NIC properties. WINS is replicated fully. Same for DNS > > while you are at it. > > > Thanks for your help so far! > > Neil
- Next message: Lee: "Re: Lsasrv Warnings"
- Previous message: Herb Martin: "Re: CSVDE import failed"
- In reply to: Neil: "Re: system's computer account in its primary domain is missing NT4 WS"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
