Re: WIN2K Pro cannot login to domain (In-place upgrade to 2003 R2 from NT4.0)

Tech-Archive recommends: Fix windows errors by optimizing your registry

Hi,

Please reset the client computer account of course.

We of course install the support tools on DC and since we want to reset the
password for a Windows domain controller,we must stop the Kerberos Key
Distribution Center service and set its startup type to Manual

Please check the steps in the article one by one:

http://support.microsoft.com/default.aspx?scid=kb;EN-US;325850

I checked the DCdiag, it appears to be OK. I suspect it is the computer
accounts' problem.

Best regards,

Vincent Xu
Microsoft Online Partner Support

======================================================
Get Secure! - www.microsoft.com/security
======================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others
may learn and benefit from this issue.
======================================================
This posting is provided "AS IS" with no warranties,and confers no rights.
======================================================



--------------------
From: puliyadim@xxxxxxxxx
Newsgroups: microsoft.public.windows.server.migration
Subject: Re: WIN2K Pro cannot login to domain (In-place upgrade to 2003
R2 from NT4.0)
Date: 23 Aug 2006 02:21:21 -0700
Organization: http://groups.google.com
Lines: 405
Message-ID: <1156324881.467801.75300@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
References: <1156125348.002380.104730@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
<1156240784.195427.54060@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
<Tbq5q0nxGHA.396@xxxxxxxxxxxxxxxxxxxxx>
NNTP-Posting-Host: 202.79.209.131
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
X-Trace: posting.google.com 1156324889 20584 127.0.0.1 (23 Aug 2006
09:21:29 GMT)
X-Complaints-To: groups-abuse@xxxxxxxxxx
NNTP-Posting-Date: Wed, 23 Aug 2006 09:21:29 +0000 (UTC)
In-Reply-To: <Tbq5q0nxGHA.396@xxxxxxxxxxxxxxxxxxxxx>
User-Agent: G2/0.2
X-HTTP-UserAgent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;
SV1),gzip(gfe),gzip(gfe)
Complaints-To: groups-abuse@xxxxxxxxxx
Injection-Info: m73g2000cwd.googlegroups.com; posting-host=202.79.209.131;
posting-account=FxHRLg0AAAAGA5hFlTWPXdlJ2s7pZ1T5
Path:
TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTFEEDS02.phx.gbl!msrtrans!n
ews-spur1.maxwell.syr.edu!news.maxwell.syr.edu!postnews.google.com!m73g2000c
wd.googlegroups.com!not-for-mail
Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.windows.server.migration:24888
X-Tomcat-NG: microsoft.public.windows.server.migration

Hi Vincent,

Do you want me to reset the WIN2K client PC password or the DC
password, pl clarify.

Below is the DCDIAG result.


Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\UPDC
Starting test: Connectivity
......................... UPDC passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\UPDC
Starting test: Replications
......................... UPDC passed test Replications
Starting test: NCSecDesc
......................... UPDC passed test NCSecDesc
Starting test: NetLogons
......................... UPDC passed test NetLogons
Starting test: Advertising
......................... UPDC passed test Advertising
Starting test: KnowsOfRoleHolders
......................... UPDC passed test KnowsOfRoleHolders
Starting test: RidManager
......................... UPDC passed test RidManager
Starting test: MachineAccount
......................... UPDC passed test MachineAccount
Starting test: Services
......................... UPDC passed test Services
Starting test: ObjectsReplicated
......................... UPDC passed test ObjectsReplicated
Starting test: frssysvol
......................... UPDC passed test frssysvol
Starting test: frsevent
......................... UPDC passed test frsevent
Starting test: kccevent
......................... UPDC passed test kccevent
Starting test: systemlog
......................... UPDC passed test systemlog
Starting test: VerifyReferences
......................... UPDC passed test VerifyReferences

Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test
CheckSDRefDom

Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test
CheckSDRefDom

Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom

Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test
CheckSDRefDom

Running partition tests on : UNITEDPREMAS
Starting test: CrossRefValidation
......................... UNITEDPREMAS passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... UNITEDPREMAS passed test
CheckSDRefDom

Running enterprise tests on : UNITEDPREMAS.LOCAL
Starting test: Intersite
......................... UNITEDPREMAS.LOCAL passed test
Intersite
Starting test: FsmoCheck
......................... UNITEDPREMAS.LOCAL passed test
FsmoCheck

Rgds,

Dinesh

Vincent Xu [MSFT] wrote:
Hi,

Try to reset computer account first:

325850 How to use Netdom.exe to reset machine account passwords of a
Windows Server 2003 domain controller
http://support.microsoft.com/default.aspx?scid=kb;EN-US;325850

As well as, please run dcdiag on TBDC and let me know the exact output.

Thanks.


Best regards,

Vincent Xu
Microsoft Online Partner Support

======================================================
Get Secure! - www.microsoft.com/security
======================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others
may learn and benefit from this issue.
======================================================
This posting is provided "AS IS" with no warranties,and confers no
rights.
======================================================



--------------------
From: puliyadim@xxxxxxxxx
Newsgroups: microsoft.public.windows.server.migration
Subject: Re: WIN2K Pro cannot login to domain (In-place upgrade to
2003
R2 from NT4.0)
Date: 22 Aug 2006 02:59:44 -0700
Organization: http://groups.google.com
Lines: 209
Message-ID: <1156240784.195427.54060@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
References: <1156125348.002380.104730@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
<1156153042.057279.289390@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
<EeApuobxGHA.4700@xxxxxxxxxxxxxxxxxxxxx>
NNTP-Posting-Host: 202.79.209.131
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
X-Trace: posting.google.com 1156240790 16004 127.0.0.1 (22 Aug 2006
09:59:50 GMT)
X-Complaints-To: groups-abuse@xxxxxxxxxx
NNTP-Posting-Date: Tue, 22 Aug 2006 09:59:50 +0000 (UTC)
In-Reply-To: <EeApuobxGHA.4700@xxxxxxxxxxxxxxxxxxxxx>
User-Agent: G2/0.2
X-HTTP-UserAgent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0;
NET
CLR 1.1.4322),gzip(gfe),gzip(gfe)
Complaints-To: groups-abuse@xxxxxxxxxx
Injection-Info: m73g2000cwd.googlegroups.com;
posting-host=202.79.209.131;
posting-account=FxHRLg0AAAAGA5hFlTWPXdlJ2s7pZ1T5
Path:

TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTFEEDS01.phx.gbl!newsfeed.c

w.net!cw.net!news-FFM2.ecrc.de!newsfeed.gamma.ru!Gamma.RU!newsfeed.icl.net!n

ewsfeed.fjserv.net!news.tele.dk!news.tele.dk!small.news.tele.dk!proxad.net!2

16.239.36.134.MISMATCH!postnews.google.com!m73g2000cwd.googlegroups.com!not-
for-mail
Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.windows.server.migration:24871
X-Tomcat-NG: microsoft.public.windows.server.migration

Hi Vincent,

As mentioned all my test clients (Win XP Pro / WIN2K Pro / WIN2K
Server
& WIN2K3 Server) are able to logon to the NT domain after i promote
the
TBDC to PDC.

The problem starts only after performing the inplace upgrade on the
TBDC to AD.

After the upgrade WIN2K Pro does not seems to change the domain name
automatically and when i shut the TBDC1 (BDC) WIN2K Pro are not able
to
logon to the domain.

Need ur advice as i am struck now.

Thanks & Rgds,

Dinesh


Vincent Xu [MSFT] wrote:

Hi,

Actually, regarding the NO2 in my previous reply, I suggest you
perform
a
test as:

After you take TBDC offline and upgrade it to PDC, connect it with a
Win2k
client to see if it can login into domain with the TBDC. Not other
DCs.

Best regards,

Vincent Xu
Microsoft Online Partner Support

======================================================
Get Secure! - www.microsoft.com/security
======================================================
When responding to posts, please "Reply to Group" via your
newsreader so
that others
may learn and benefit from this issue.
======================================================
This posting is provided "AS IS" with no warranties,and confers no
rights.
======================================================



--------------------
From: puliyadim@xxxxxxxxx
Newsgroups: microsoft.public.windows.server.migration
Subject: Re: WIN2K Pro cannot login to domain (In-place upgrade to
2003
R2 from NT4.0)
Date: 21 Aug 2006 02:37:22 -0700
Organization: http://groups.google.com
Lines: 115
Message-ID: <1156153042.057279.289390@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
References:
<1156125348.002380.104730@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
<m$xhsbOxGHA.5720@xxxxxxxxxxxxxxxxxxxxx>
NNTP-Posting-Host: 202.79.209.131
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
X-Trace: posting.google.com 1156153047 728 127.0.0.1 (21 Aug 2006
09:37:27 GMT)
X-Complaints-To: groups-abuse@xxxxxxxxxx
NNTP-Posting-Date: Mon, 21 Aug 2006 09:37:27 +0000 (UTC)
In-Reply-To: <m$xhsbOxGHA.5720@xxxxxxxxxxxxxxxxxxxxx>
User-Agent: G2/0.2
X-HTTP-UserAgent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT
5.0;
.NET
CLR 1.1.4322),gzip(gfe),gzip(gfe)
X-HTTP-Via: 1.0 PREMAS-ISA
Complaints-To: groups-abuse@xxxxxxxxxx
Injection-Info: 74g2000cwt.googlegroups.com;
posting-host=202.79.209.131;
posting-account=FxHRLg0AAAAGA5hFlTWPXdlJ2s7pZ1T5
Path:


TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTFEEDS02.phx.gbl!msrnewsc1!


TK2MSFTFEEDS01.phx.gbl!newsfeed00.sul.t-online.de!t-online.de!border2.nntp.d


ca.giganews.com!border1.nntp.dca.giganews.com!nntp.giganews.com!postnews.goo
gle.com!74g2000cwt.googlegroups.com!not-for-mail
Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.windows.server.migration:24860
X-Tomcat-NG: microsoft.public.windows.server.migration

Hi Vincent,

1) Original PDC is in the production NW
2) Yes all clients were able to login to NT domain
3) I tried this morning and it worked but it might not be a
workable
solution as we have more than 200 WIN2K pro in our infra.

Pl suggests.

Rgds,

Dinesh

Vincent Xu [MSFT] wrote:

Hi,

Something need to be clarified:

1. Since you take the TBDC offline and upgraded it. How about
the
original
PDC?

2. When you take TBDC offline and upgrade it to PDC, can all
clients
login
into domain successfully?

3. For the Windows 2000 clients, I suggest you disjoin the out
of
domain by
using TBDC1 and rejoin into AD domain to see the results.


Best regards,

Vincent Xu
Microsoft Online Partner Support
======================================================
Get Secure! - www.microsoft.com/security
======================================================
When responding to posts, please "Reply to Group" via your
newsreader so
that others
may learn and benefit from this issue.
======================================================
This posting is provided "AS IS" with no warranties,and confers
no
rights.
======================================================



--------------------
From: puliyadim@xxxxxxxxx
Newsgroups: microsoft.public.windows.server.migration
Subject: WIN2K Pro cannot login to domain (In-place upgrade to
2003 R2
from NT4.0)
Date: 20 Aug 2006 18:55:48 -0700
Organization: http://groups.google.com
Lines: 37
Message-ID:
<1156125348.002380.104730@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
NNTP-Posting-Host: 202.79.209.131
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
X-Trace: posting.google.com 1156125353 23613 127.0.0.1 (21 Aug
2006
01:55:53 GMT)
X-Complaints-To: groups-abuse@xxxxxxxxxx
NNTP-Posting-Date: Mon, 21 Aug 2006 01:55:53 +0000 (UTC)
User-Agent: G2/0.2
X-HTTP-UserAgent: Mozilla/4.0 (compatible; MSIE 6.0; Windows
NT
5.0;
.NET
CLR 1.1.4322),gzip(gfe),gzip(gfe)
X-HTTP-Via: 1.0 PREMAS-ISA
Complaints-To: groups-abuse@xxxxxxxxxx
Injection-Info: i42g2000cwa.googlegroups.com;
posting-host=202.79.209.131;
posting-account=FxHRLg0AAAAGA5hFlTWPXdlJ2s7pZ1T5
Path:



TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTFEEDS02.phx.gbl!newsfeed.c



w.net!cw.net!news-FFM2.ecrc.de!newsfeed.gamma.ru!Gamma.RU!postnews.google.co
m!i42g2000cwa.googlegroups.com!not-for-mail
Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.windows.server.migration:24852
X-Tomcat-NG: microsoft.public.windows.server.migration

Hello,

I am in the final testing of the in-place upgrade and
yesterday i
was
struck with a new potential problem which i have not come
accross
with
previous pilot testing.

What i did was..

a) Install 1 WIN2K (SP4) & 1 WINXP (SP2) pc and joing to the
production

NT infra.
b) Intall a BDC on the production infra (say - TBDC)
c) Intall another BDC on the production infra (say - TBDC1,
this
is to
simulate the actual upgrade process, as we will have 1 BDC
serving as
a

print server for few months after the upgrade). This has DHCP
&
WINS
installed
d) Take TBDC off from the production and promote it to PDC.
e) Those 2 client PC's will use TBDC1 as the DHCP & WINS
server
f) Perform in-place upgrade on TBDC which went on smooth.
g) Modify the DHCP scope to include the new AD DC's IP for
DNS.
h) WINXP was able to detect the presence of AD and it joined
the
AD
automatically.
i) But WIN2K was not able to join the AD but was able to login
using
the TBDC1 (BDC), when i tried shutting down the TDBC1, WIN2K
was
not
able to login.
The event logs reported...
1)Event ID: 5719 / NETLOGON
2)Event ID: 1000 / Userenv


Appreciate if you could let me know what could be causing this
issue.


Thanks & Rgds,
Dinesh









.

Relevant Pages