Re: Some users unable to log into domain.

I think you might be onto something, as I realized that I can ping the
internal address of the domain, however, I could not ping the name of
the domain from a command prompt.

I'm a little iffey as to how the DNS was supposed to be setup. (It did
pass all of the tests you suggested, but the DNS is the same server as
the PDC, so I dont see how it could really fail them.

I have a forward lookup zone ( I simply called it celzone) created. I
figured I would try now to make a new 'host' because I could not ping
the name of the domain server. I made the new host (celerant.local,
which shows that it creates celerant.local.celzone) and entered the
appropriate IP, but as it stands, I still cannot ping celerant.local,
celerant.local.celzone, OR <machine_name>.celerant.local



Was I supposed to right click and make a "New Domain" to put this host
in?


Steven Platt wrote:
It may have been working in the past and now it isn't. I would really
suggest you look into your DNS integrity. For some reason that computer
cannot contact your domain controller upon login. In MMC(the DNS snap-in)
right-click on your server then choose properties-->Monitoring Tab-->run
those tests. I would also direct you to check the MS site for some DNS
troubleshooting docs. There are tons of them (I had to fix mine a while
back).

-Steven-
"quilty" <gtouss@xxxxxxxxx> wrote in message
news:1150736922.263189.208110@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Actually, it is not. As of now, this is the only desktop which has
joined the domain, which I am using to test. As it stands now (through
some more investigation), only one account login is able to currently
access the domain, and all other accounts receive the same error
message.

If one login was able to contact the domain, why wouldn't another be
able to from the same rig?

Thanks,
Gerard
Steven Platt wrote:
It just means that it can't contact the domain controller to
authenticate.
The reason you can login with that other user is probably because at one
point the computer could contact the domain controller and authenticate.
When you authenticate for the first time, by default, Windows will cache
the
login information. Hence, even if the computer cannot contact the domain
controller it will still login. Is this computer in question perhaps a
wireless computer?

-Steven-
"quilty" <gtouss@xxxxxxxxx> wrote in message
news:1150734401.323372.243320@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Testing to slowly move over 40-50 computers to a domain.. but only
dealing with one XP box other than the server for now.

Anyway, I am able to log into the domain on my PC, using one username.
(No roaming or managed profiles), and experience no problems. The
security is just as it should be.

Now, I want to log into this same PC with one of the higher-access
accounts(as well as the domain's admin account itself), and it fails
under the error message

'Cannot log you in now because the domain <DOMAIN NAME> is not
available'

This is strange for a few reasons, mainly:
1) I can switch back to the reduced access account and it does work
fine.
2) Ive tried two logins featured under the domain admins group, as well
as added these individual user accounts to the access of this computer
[I did create an entry for this PC in an OU titled desktops] just
incase there was a problem with the domain admins group, and do no
avail.
3) I removed these users from alternate groups, on the chance that
another group which they were in would diminish their status as a
domain admin for some reason.
4) I confirmed that this user has full logon times, and 'Log On To...'
is set to allow connections to all computers.



I'm completely lost at this point. The only other security option I
attempted to enable was "deny log on locally" which I disabled.Any help
is appreciated....



.

Relevant Pages

  • Re: Some users unable to log into domain.
    ... I can ping localmachine.domain ... DNS server as the primary DNS at both stations, ... cannot contact your domain controller upon login. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Some users unable to log into domain.
    ... suggest you look into your DNS integrity. ... cannot contact your domain controller upon login. ... only one account login is able to currently ... The reason you can login with that other user is probably because at one ...
    (microsoft.public.windows.server.active_directory)
  • Re: Some users unable to log into domain.
    ... I will try to find the docs that I followed when I was having major DNS ... What version of Windows Server are you running? ... I can ping localmachine.domain ... cannot contact your domain controller upon login. ...
    (microsoft.public.windows.server.active_directory)
  • Re: 3 mobile broadband - roaming...
    ... beforehand and set up international roaming on the account. ... I cannot ping any IP address on the internet. ... Are there DNS servers there, ...
    (uk.comp.homebuilt)
  • Re: SMTP queue
    ... I create an account in outlook express on the server, ... You give me some doubts about the DNS.. ... Can you ping the domains of the ...
    (microsoft.public.windows.server.sbs)