Re: Domain accounts not visible from Member Server
- From: "Herb Martin" <news@xxxxxxxxxxxxxx>
- Date: Sat, 15 Apr 2006 04:39:03 -0500
"Thomas Jespersen" <tje@xxxxxxxxxxxxxxxx> wrote in message
news:uWZtLHGYGHA.3496@xxxxxxxxxxxxxxxxxxxxxxx
Hi Herb
Thanks for you answer.
I tried adding the member server to the domain twice. Both times I did get
a "Welcome to the Domain", and the computer name changed to
mycomputer.domain.name. Also I can se an entry of the Member Server on the
Domain Controller (using Users and Computers MMC Snap-In).
I also se the domain in Windows logon dialog. But when I try to logon to
the domain, I get a message: "The system cannot log you on now because the
domain MENTUM is not available."... but I know the Domain Controller is
running!
Then you almost certainly have the other problem I
suggested: Authentication.
Authentication is usually a DNS issue.
My question: Shouldn't I be able to run a Domain Controller and a Member
Server as Virtual Machines?
Yes. IF you can route to/from them AND you can resolve their
DNS names.
Run DCDiag on the DC, and NetDiag on any non DC.
The servers are running as Virtual Machines on the same PC. They are using
a 10.10.10.* IP scope, where as the Virtual PC host is running
192.168.*.*. The Virtual PC host is itself member of production domain.
I'm thinking that my Virtual Domain Controller is not browse master, and
that the Member server is not able to se the domain controller using
broardcast?
Check your DNS -- a short guide follows...
DNS for AD
1) Dynamic for the zone supporting AD
2) All internal DNS clients NIC\IP properties must specify SOLELY
that internal, dynamic DNS server (set.)
3) DCs and even DNS servers are DNS clients too -- see #2
4) If you have more than one Domain, every DNS server must
be able to resolve ALL domains (either directly or indirectly)
netdiag /fix
....or maybe:
dcdiag /fix
(Win2003 can do this from Support tools):
nltest /dsregdns /server:DC-ServerNameGoesHere
http://support.microsoft.com/kb/q260371/
Ensure that DNS zones/domains are fully replicated to all DNS
servers for that (internal) zone/domain.
Also useful may be running DCDiag on each DC, sending the
output to a text file, and searching for FAIL, ERROR, WARN.
Single Label domain zone names are a problem Google:
[ "SINGLE LABEL" domain names DNS 2000 | 2003 microsoft: ]
--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]
Also, I'm able to select the Domain in the Windows login box. BUT when I
do, and tries to logon I get a messag saying: "Cond
"Herb Martin" <news@xxxxxxxxxxxxxx> wrote in message
news:uMTxNZ9XGHA.4920@xxxxxxxxxxxxxxxxxxxxxxx
"Thomas Jespersen" <tje@xxxxxxxxxxxxxxxx> wrote in message
news:OrQeBA8XGHA.508@xxxxxxxxxxxxxxxxxxxxxxx
Hi
I'v have 2 Windows 2003 R2 servers. A Domain Controller and a Member
Server.
I want to add a domain account to be an administrator of the Member
Server. But some how the Member Server can't see the domain accounts.
Also the Domain Admin is not even menber of the Member Servers
Administratos group (isn't that default?).
It looks like the "member server" is NOT (a member server.)
Or even if it is, then it isn't authenticating. Were you merely
unable to see the domain accounts authentication would be
the likely reason; since you don't even have the Domain Admins
in the local Adminstrators that is likely due to the server
NOT being a member.
--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]
.
- References:
- Domain accounts not visible from Member Server
- From: Thomas Jespersen
- Re: Domain accounts not visible from Member Server
- From: Herb Martin
- Re: Domain accounts not visible from Member Server
- From: Thomas Jespersen
- Domain accounts not visible from Member Server
- Prev by Date: Re: Domain accounts not visible from Member Server
- Next by Date: Re: AD problem
- Previous by thread: Re: Domain accounts not visible from Member Server
- Next by thread: Re: Single logon
- Index(es):
Relevant Pages
|
