Re: NT4 Server box fails to logon in upgraded AD Domain

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: Jerry (jerry.giacinto_at_ketteng.com.nospam.com)
Date: 08/11/04 

Date: Wed, 11 Aug 2004 10:23:15 -0700

Manos,

  Typically, when I've gotten this error message, I've been able to fix it
by doing one of two things:

1) If the computer no longer shows up or is grayed out in the computer
accounts for the domain, simply add a "new" computer to the domain using the
name of the computer.

If that doesn't work...

2) Delete the computer account from the domain. Then, at the MAIL server,
add it to a workgroup named WORKGROUP, restart, then add it to the domain.

Hope this helps,
  Jerry

By the way, we're going through a similar process here. Have you had any
problems running Windows Update or Automatic Updates on your Win2003 servers
after the migration?

"Manos Anastasiadis" <am@isc.tuc.gr> wrote in message
news:OZE72g5fEHA.3148@TK2MSFTNGP10.phx.gbl...
> Hi all,
>
> We have a plain-old NT4 domain with a PDC/BDC pair
> (PDC / BDC1) + an Exchange Server 5.5 (MAIL) that is
> still up and running.
> We currently are in the middle of the development phase
> of upgrading to Windows Server 2003 and Exchange Server
> 2003.
>
> During the process we decided to make things easier and
> perform an upgrade instead of migration and followed
> these steps:
> - Setup a second BDC (say BDC2).
> - Took BDC2 off-line and moved it on a separate network-leg,
> independent from the original domain.
> - Promoted BDC2 to PDC (NOTE: off-line).
> - Upgraded BDC2 to WS2003 and got AD
> (Windows-Interim level).
> - Formed a net with BDC2 and two brand-new WS2003 servers
> (say DC1, DC2); made the latter AD Domain Controllers,
> configured DNS.
> - Transferred all FSMO roles to DC1 (PDC Emulator too)
> and set both DC1 and DC2 to be GCs.
> - Took the original BDC2 off.
>
> Up to this point we have a new enivironment for testing
> purposes that will finally become the new 'production'
> enivironment. Connected a couple of W2K-Pro/SP4
> workstations to verify it was working ok
> (user logon, GPOs etc).
>
> Our next step would be to migrate Exchange 5.5 to
> Ex2003, so we did the following things:
> - Setup a new WS2003 server to hold the new
> Exchange 2003 mail Server (say ES).
> - Installed Exchange Tools (ExAllTools.exe) in order to
> run ExDeploy to perform preliminary tests and install
> AD Connector.
> - Temporarily took our production mail server (MAIL,
> NT4.0 Server/SP6, Ex5.5/SP4) off-line,
> added it to the network leg formed by DC1, DC2 & ES
> and rebooted it.
>
> The problem came along here:
> When we tried to logon to the MAIL server using a valid
> User account imported from the original NT4 domain, we got
> the following error message:
> "The system could not log you on to this domain because
> the system's computer account in its primary domain is
> missing or the password on that account is incorrect."
>
> As a consequence the Exchange services failed to start,
> since they are configured to use another valid domain User
> account, which also fails to login. So does the ExDeploy tests.
>
> NOTES:
> - All hot-fixes have been applied to the machines mentioned,
> up to ms04-025.
> - Network connecticity works fine (tested using ping).
> - The User account used for the failed logon is valid,
> so is its password (we've been using it without any problem
> to log-in to the WS2003 boxes, DC1, DC2 and ES).
> - The MAIL Computer account still exists in AD,
> so do the original NT4 domain controllers which are
> NOT connected to the test network. I guess that
> this should not be an issue, since DC1 or DC2 should
> authenticate accounts.
> - No firewall or IPSec applied to the test environment yet
> - The registry value for anonymous access on DC1, DC2 is:
> HKLM\SYSTEM\CurrentControlSet\Control\LSA
> RestrictAnonymous = 1
> - We checked http://support.microsoft.com/?id=kb;en-us;259736
> but the specified registry value exists and has the exact
> value as specified in the document:
> HKLM\SOFTWARE\Microsoft\RPC\SecurityService
> 68 = "netlogon.dll"
>
> Any ideas on how to solve this issue?
> Sorry for the lengthy e-mail.
>
> TIA
>
> -------------------------
> Manos Anastasiadis
> Systems Engineer
>
>
>

Relevant Pages

  • Re: Cant send emails HELP!!!
    ... > Secondly, if AVG is installed using the default install, its mail checking ... > restart Windows Mail and recreate the account. ... > error message, right-click on it, copy, then paste it into a reply here. ... have entered the server name correctly. ...
    (microsoft.public.windows.vista.mail)
  • Re: This keeps popping up when I open Windows Mail....
    ... Then click on Digital IDs. ... If no improvement, delete that mail account, restart Windows Mail, ... now i get the error message, if i delete the acct and just use the1princess ... the server you are connected to is using a security certificate that could ...
    (microsoft.public.windows.vista.mail)
  • Re: outlook express 6
    ... With the error message that you are getting it would not have worked ... Either of those can mess with your mail account settings. ... This one says that your account is Not correctly set up in in Outlook ... The server name would not be simply POP3. ...
    (microsoft.public.windows.inetexplorer.ie6_outlookexpress)
  • Re: Set up on Mail not working
    ... Go to Tools, Accounts, select that mail account, Properties, Servers. ... Account: 'Windows Mail ', Server: 'pop.gmail.com', Protocol: ... Secure: Yes, Server Error: 0x800CCC90, Error Number: 0x800CCC18 ... right-click on your error message, copy, then paste it into a reply ...
    (microsoft.public.windows.vista.mail)
  • Re: Re-Post - "the trust relationship between this workstation and
    ... account is NEW to the workstation. ... needs admin group priv at workstation level. ... only problem is adding a new user account on the station. ... This would be on the DNS server 172.20.100.2 ...
    (microsoft.public.windows.server.active_directory)