Re: Some users unable to log into domain.
- From: "Steven Platt" <me@xxxxxxxxxxx>
- Date: Mon, 19 Jun 2006 21:44:18 -0500
I will try to find the docs that I followed when I was having major DNS
problems... I guarantee that is your problem. I highly doubt routing has
anything to do with it. What version of Windows Server are you running?
-Steven-
"quilty" <gtouss@xxxxxxxxx> wrote in message
news:1150745679.182268.189430@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
At the risk of spanning, here's another potential clue:
FROM THE LOCAL MACHINE:
I can ping localmachine.domain (name.celerant.local)
however, I cannot ping server.domain
FROM THE SERVER
I can ping server.domain
I cannot ping localmachine.domain
So it seems that name interpretation is ok, but perhaps a problem with
the routing.
Could this then be a problem with the DNS/static IPs I have assigned on
the terminals?
Forget the static IPs.. however, I now have the internal address of the
DNS server as the primary DNS at both stations, and our internet DNS as
the secondary DNS for both stations. Still no luck.
Argh.
quilty wrote:
I think you might be onto something, as I realized that I can ping the
internal address of the domain, however, I could not ping the name of
the domain from a command prompt.
I'm a little iffey as to how the DNS was supposed to be setup. (It did
pass all of the tests you suggested, but the DNS is the same server as
the PDC, so I dont see how it could really fail them.
I have a forward lookup zone ( I simply called it celzone) created. I
figured I would try now to make a new 'host' because I could not ping
the name of the domain server. I made the new host (celerant.local,
which shows that it creates celerant.local.celzone) and entered the
appropriate IP, but as it stands, I still cannot ping celerant.local,
celerant.local.celzone, OR <machine_name>.celerant.local
Was I supposed to right click and make a "New Domain" to put this host
in?
Steven Platt wrote:
It may have been working in the past and now it isn't. I would really
suggest you look into your DNS integrity. For some reason that
computer
cannot contact your domain controller upon login. In MMC(the DNS
snap-in)
right-click on your server then choose properties-->Monitoring
Tab-->run
those tests. I would also direct you to check the MS site for some DNS
troubleshooting docs. There are tons of them (I had to fix mine a
while
back).
-Steven-
"quilty" <gtouss@xxxxxxxxx> wrote in message
news:1150736922.263189.208110@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Actually, it is not. As of now, this is the only desktop which has
joined the domain, which I am using to test. As it stands now
(through
some more investigation), only one account login is able to currently
access the domain, and all other accounts receive the same error
message.
If one login was able to contact the domain, why wouldn't another be
able to from the same rig?
Thanks,
Gerard
Steven Platt wrote:
It just means that it can't contact the domain controller to
authenticate.
The reason you can login with that other user is probably because at
one
point the computer could contact the domain controller and
authenticate.
When you authenticate for the first time, by default, Windows will
cache
the
login information. Hence, even if the computer cannot contact the
domain
controller it will still login. Is this computer in question
perhaps a
wireless computer?
-Steven-
"quilty" <gtouss@xxxxxxxxx> wrote in message
news:1150734401.323372.243320@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Testing to slowly move over 40-50 computers to a domain.. but only
dealing with one XP box other than the server for now.
Anyway, I am able to log into the domain on my PC, using one
username.
(No roaming or managed profiles), and experience no problems. The
security is just as it should be.
Now, I want to log into this same PC with one of the higher-access
accounts(as well as the domain's admin account itself), and it
fails
under the error message
'Cannot log you in now because the domain <DOMAIN NAME> is not
available'
This is strange for a few reasons, mainly:
1) I can switch back to the reduced access account and it does
work
fine.
2) Ive tried two logins featured under the domain admins group, as
well
as added these individual user accounts to the access of this
computer
[I did create an entry for this PC in an OU titled desktops] just
incase there was a problem with the domain admins group, and do no
avail.
3) I removed these users from alternate groups, on the chance that
another group which they were in would diminish their status as a
domain admin for some reason.
4) I confirmed that this user has full logon times, and 'Log On
To...'
is set to allow connections to all computers.
I'm completely lost at this point. The only other security option
I
attempted to enable was "deny log on locally" which I disabled.Any
help
is appreciated....
.
- Follow-Ups:
- Re: Some users unable to log into domain.
- From: Jorge Silva
- Re: Some users unable to log into domain.
- References:
- Some users unable to log into domain.
- From: quilty
- Re: Some users unable to log into domain.
- From: Steven Platt
- Re: Some users unable to log into domain.
- From: quilty
- Re: Some users unable to log into domain.
- From: Steven Platt
- Re: Some users unable to log into domain.
- From: quilty
- Re: Some users unable to log into domain.
- From: quilty
- Some users unable to log into domain.
- Prev by Date: Re: setup a dc in a remote site
- Next by Date: Re: SSL over Ldap June 2006 Posting
- Previous by thread: Re: Some users unable to log into domain.
- Next by thread: Re: Some users unable to log into domain.
- Index(es):
Relevant Pages
|
