Re: Is her network profile corrupt?

Almost certainly not -- probably not a PROFILE issue at all.

"Conan Kelly" <CTBarbarin at msn dot com> wrote in message
news:ORHZntJvGHA.5056@xxxxxxxxxxxxxxxxxxxxxxx
Hello all,

First, my boss tried to log onto her computer under her normal login. She
got the message "Windows cannot connect to the domain. Either because the
domain controller is down or otherwise unavailable, or because your system
account was not found. Please try again later. If this message continues
to appear, contact your system admin for assistance."

Then, she tried to logon to her laptop in her office, it would let her log
onto her computer, but not the network.

What do you mean? Logon with a domain account to the laptop
or with a LOCAL account valid only on the laptop?

The two are unrelated.

If you mean instead Logon to the Laptop with CACHED domain
credentials that is different.

In any case, it is likely that the Computers cannot find the DOMAIN
CONTROLLERS. Almost always this is a DNS issue.

Were it just one computer we might instead suspect the computer
account was "hosed" but with two, DNS is even more likely than
usual.

Practically all authentication (logon requires authentication usually)
and replication problems are REALLY DNS issues.

Next, she tried to logon to her desktop with the admin account. She was
able to log on. She logged off.

That's a local account and irrelevant to the domain accounts.

She tried her normal logon, still no workie. She tried the admin account
again AND NOW THAT ISN'T WORKING!!!

What does "not working" MEAN?

Accounts don't allow logon for only a few reason:

1) Password wrong (user forgot)
2) Locked out (shouldn't happen to THE Admin account but
it can happen to a COPY of, or ANOTHER, admin account
3) Can't find the DCs of the computers domain (for domain accounts)
4) Can't find the trusted domain DCs (for trusted domain accouns)

There might be some more, but these are the biggies.

She took her laptop into the server room connected directly to the switch
(to eliminate the 4-port switch on her desk and the cabling between her
office and main switch). She still could not logon.

I would strongly suspect DNS for the Domain account issues.

Is her logon corrupt? How can we fix it? Is her desktop in her office
somehow corrupting any profile that logs on?

I would start by trying to logon to here machine MYSELF, with
first my domain account and then with THE Local computer
administrator account.

I would further run DCDiag on ever DC (involved) and NetDiag
on her machine(s).

I would also immediately look to see if here NIC->IP->DNS Server
properties were set to the WRONG DNS Server or a mixture of
internal and (wrong) external DNS servers (e.g., the ISP.)

This latter is a COMMON mistake by admins who really don't
understand DNS. You cannot reliably set a machine to a MIXTURE
of Internal and External DNS servers, but must use STRICTLY the
internal set which can resolve ALL (i.e., both internal and external)
names.


General notes on DNS for AD

1) Dynamic for the zone supporting AD
2) All internal DNS clients NIC\IP properties must specify SOLELY
that internal, dynamic DNS server (set.)
3) DCs and even DNS servers are DNS clients too -- see #2
4) If you have more than one Domain, every DNS server must
be able to resolve ALL domains (either directly or indirectly)

netdiag /fix

....or maybe:

dcdiag /fix

(Win2003 can do this from Support tools):
nltest /dsregdns /server:DC-ServerNameGoesHere
http://support.microsoft.com/kb/q260371/

Ensure that DNS zones/domains are fully replicated to all DNS
servers for that (internal) zone/domain.

Also useful may be running DCDiag on each DC, sending the
output to a text file, and searching for FAIL, ERROR, WARN.

Single Label domain zone names are a problem Google:
[ "SINGLE LABEL" domain names DNS 2000 | 2003 microsoft: ]

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

--
Thanks for any help anyone can provide,

Conan Kelly



.

Relevant Pages

  • Re: Howto refresh IIS 6 Application pool identity credential info
    ... You already have 80% of the work setup (DNS Aliases and HostHeaders) on the ... domain accounts (one for each layer) should be sufficient. ... The Application Servers are load balanced clustered, ... as the account name and SPN alias is correctly defined on both nodes. ...
    (microsoft.public.inetserver.iis.security)
  • Re: Connect Computer - Not successful after Numerous Attempts
    ... Since that temporary account is used in the migration ... Client LAN connection is now configured to ONLY show ... the SBS server IP as the DNS server. ... Looks like all DNS records are in place as you ...
    (microsoft.public.windows.server.sbs)
  • Re: slow or failed user logon authorization
    ... A *usual* cause of this is that in the client's TCP/IP settings ... the DNS Server entry is the ISP's DNS Server. ... WIN2000 and WINXP clients do at logon: ...
    (microsoft.public.win2000.active_directory)
  • Re: Number of GC servers
    ... Are you using the Restricted Groups GPO?? ... That might give you an indication as to why labserver works on one server ... DNS is handled by corporate servers. ... If I logon to cmpq02,cmpq04, as "labserver" (a generic account, that is ...
    (microsoft.public.windows.server.active_directory)
  • Re: Novell 4.11 -> Win 2003 AD migration
    ... In a login script this would add 10.10.10.1 as a DNS server entry. ... This allows the account domain to change, ... user2 Specifies the user who will own user1's profile. ...
    (microsoft.public.windows.server.migration)
Quantcast