RE: NT to 2003 wierdness
From: Jeff Qiu [MSFT] (jefffqiu_at_online.microsoft.com)
Date: 06/26/04
- Next message: Jeff Qiu [MSFT]: "Re: Remigrating users to update .mdb file"
- Previous message: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: DLL nightmares ..."
- In reply to: Jeff: "RE: NT to 2003 wierdness"
- Messages sorted by: [ date ] [ thread ]
Date: Sat, 26 Jun 2004 10:25:24 GMT
Hi Jeff,
Thank you for your update.
Based on your error logs, I found the following article may be helpful to
your issue:
180114 Netlogon Event ID 5770 and 5722 on Primary Domain Controller
http://support.microsoft.com/?id=180114
For your convenience, I have included the article here:
SYMPTOMS
========
The following errors may occur in Windows NT when connecting to a Windows
NT Workstation or a member Windows NT Server computer with User Manager or
Server Manager:
The trust relationship between this workstation and the domain failed.
Additionally, the following 5770 and 5722 errors may occur in the event log
on a primary domain controller:
Netlogon Event ID 5722:
The session setup from the computer CSWINS failed to authenticate. The
name of the account referenced in the security database is CSWINS$. The
following error occurred:
Access is denied.
Netlogon Event ID 5770:
The session setup to the Windows NT Domain Controller <\\server> from
computer CSWINS using account CSWINS$ failed. CSWINS2 is declared to be
a BDC in domain <domain_name>. However, CSWINS2 tried to connect as
either a DC in a trusted domain, a member workstation in domain
<domain_name>, or as a server in domain <domain_name>. Use the Server
Manager to remove the BDC account for CSWINS.
And the following errors will occur on the target workstation or member
server:
Netlogon Event ID 5719:
No Windows NT Domain Controller is available for domain <domain_name>.
The following error occurred:
There are currently no logon servers available to service the logon
request.
NOTE: This event is expected and can be ignored when booting with the No
Net Hardware Profile.
Netlogon Event ID 3210:
Failed to authenticate with <\\server>, a Windows NT domain controller
for domain <domain_name>.
CAUSE
=====
Workstation and stand-alone server computer accounts are mistakenly treated
as LanMan backup domain controllers (BDC) by the primary domain controller
(PDC). LanMan BDCs are declared as such in a Windows NT domain by creating
a special Windows NT global group called servers, creating user accounts
that correspond to the computer names of the LanMan BDCs, and placing
those user accounts in the servers group.
Authentication with the PDC fails when the accounts in the servers group
are actually Windows NT workstations and servers. This is because Windows
NT will use the secure channel account password against to authenticate
with the PDC. The PDC finds a matching user account in the servers group
for the Windows NT system and treats it as a LanMan BDC. During
challenge/response authentication, the PDC uses the user account password
instead of the secure channel password to authenticate the Windows NT
system. This causes the errors noted in the summary.
RESOLUTION
==========
If no LanMan BDCs exist, then remove the servers group and restart the
Netlogon service on the PDC.
If LanMan BDCs exist, then remove the user accounts for the Windows NT
systems experiencing this problem from the servers group. Restart the
Netlogon service on the PDC.
Please try the steps and let me know the results.
Have a nice day.
Best Regards,
Jeff Qiu
Microsoft Online Partner Support
MCSE 2k/2k3, MCSA 2k/2k3, MCDBA
Get Secure! - www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.
--------------------
>Content-Class: urn:content-classes:message
>From: "Jeff" <jkirk@savingsbank.com>
>Sender: "Jeff" <jkirk@savingsbank.com>
>Subject: RE: NT to 2003 wierdness
>Date: Thu, 24 Jun 2004 10:58:53 -0700
>microsoft.public.windows.server.migration
>
>Thank you Jeff for replying! I certainly appreciate your
>assistance. To make things a little clearer, the
>principals are as follows:
>
>NT4.0SP6a Domain=SAVINGSBANK name=SBNT1
>Win2003std AD=savingsbank.com netbios=sbmc name= FS-HO-01
>Win2003std AD=Savingsbank.com netbios=sbmc name= FS-HP-01
>
>FS-HO-01 root server GC DNS
>FS-HP-01 Pilot branch server GC DNS
>
>The following on the NT server in the System Event Log:
>
>Date: 6/23/04 Event ID: 5722
>Time: 1:23:33 PM Source: NETLOGON
>User: N/A Type: Error
>Computer: SBNT1 Category: None
>
>Description:
>The session setup from the computer FS-HO-01 failed to
>authenticate. The name of the account referenced in the
>security database is SBMC$: The following occurred:
>Access is denied.
>
>Data:
>0000: 22 00 00 c0
>
>Although not neccessarily synced, I am getting the
>following on the AD Server:
>
>Date: 6/23/04 Event ID: 3210
>Time: 10:27:28 am Source: NETLOGON
>User: N/A Type: Error
>Computer: FS-HO-01 Category: None
>
>Description:
>This computer could not authenticate with \\SBNT1, a
>Windows domain controller for domain SAVINGSBANK, and
>therefore this computer might deny logon requests. This
>inability to authenticate might be caused by another
>computer on the same network using the same name or the
>password for this computer account is not recognised. If
>this message appears again, contact your system
>administrator.
>
>Data:
>0000: 22 00 00 c0
>
>Curious that the data is the same. Does this help or not?
>Thanks...
>
>Jeff
>
>
- Next message: Jeff Qiu [MSFT]: "Re: Remigrating users to update .mdb file"
- Previous message: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: DLL nightmares ..."
- In reply to: Jeff: "RE: NT to 2003 wierdness"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
