Re: the system cannot log you on now because the domain <domain>is not available
From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 09/10/04
- Previous message: Bill Grant: "Re: Windows 2003 Remote Control"
- In reply to: Madhusudhan: "the system cannot log you on now because the domain <domain>is not available"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 9 Sep 2004 23:21:52 -0500
Windows XP Pro in certain configurations seems to have problems with SMB signing.
What I would suggest trying, at least temporarily, is to open Domain Controller
Security Policy and go to security settings/local policies/security options and
disable the security option for server digitally sign communications(always) if a
Windows 2003 domain. If this is a Windows 2000 domain try disabling all four
digitally sign communications options assuming that none of the domain member
computers are configured to require it in their Local Security Policy which they
would not be by default.
http://www.jsiinc.com/SUBL/tip5800/rh5874.htm -- description of XP and SMB issues.
The other main concern is that dns is configured correctly for the whole domain. In
short, domain controllers must point to the pdc fsmo [usually first domain
controller] and/or themselves as their preferred dns server in tcp/ip properties as
shown with Ipconfig /all. W2K/XP Pro domain computer must point only to domain
controllers running dns with the AD domain zone and NEVER an ISP dns server anywhere
in the list of dns servers. An ISP dns server could be third in the list, but if the
other dns server are slow to respond the domain computer may instead use the ISP dns
server and all kinds of problems will result including failed logons and failure to
join a domain. Review the Active Directory FAQ for dns below for details.
http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B291382
Use first netdiag and then dcdiag on your domain controllers to see if any failed
tests, errors, or fatal warnings are found that may indicate a problem. If you have
more than a few domain controllers just do the pdc fsmo and the domain controller
your computers are using for dns. If their is a problem it will probably pop up
testing those two. If problems are found with netdiag you can use the /v verbose
switch to find out further details as in " netdiag /test:dns /v ".
It is possible if a user has installed "protection" software on their computer that
it can interfere with network communications. Some of this software monitors for
spyware and may modify computer configuration so keep that in mind. There also seems
to be a lot of winsock corruption going around that causes dns problems. Lspfix is a
free program to repair winsock corruption and there seems to be no harm running it on
a computer that does not have the problem. The last link is how to use netsh to reset
tcp/ip on a Windows XP computer.
http://cexx.org/lspfix.htm -- lspfix
http://support.microsoft.com/default.aspx?scid=kb;en-us;299357
http://support.microsoft.com/?id=285034 -- how to reinstall tcp/ip on Windows 2000
Pro.
Check out these items and see if you make any progress. --- Steve
"Madhusudhan" <anonymous@discussions.microsoft.com> wrote in message
news:92eb01c496d3$f51ad9e0$a601280a@phx.gbl...
> Thanks to advice from you guys I went through teh event
> log and stuff and did every little thing suggested. THe
> event log showed teh failed attempts at locating the DC.
>
> However, after all this I just gave one last shot at
> registering the computer to the domain and miraculosly, it
> worked. I really don't know how to explain how it happened.
>
> Something similar happened when I had teh same problem
> adding a new dell to the domain a month back. After
> several unsuccesful attempts, I added it to a workgroup ,
> rebooted and added it to the domain and it worked.
> Something strange is surely happening between Dell
> Latitudes, Win2003, WinXP.
>
> My hitch :
> The latest problem happened after someone tried to log
> onto teh system as a stand alone at some other place using
> the same id, as if they were actually logging on to teh
> domain. Since their details were cached, it worked.
> That , I feel has in someway corrupted some files causing
> this problem.
> any takers for my theory. in any case im gonna replicate
> this error later and see what happens. that, im sure would
> help.
>
>
> NETDIAG (thanks steve):
> i ran this now(after teh comp was able to join teh domain)
> and this seems the only problem area in the result.
>
> DNS test . . . . . . . . . . . . . : Passed
> [WARNING] Cannot find a primary authoritative
> DNS server for the name
> 'ABC1107.umc-uc.com.'. [RCODE_SERVER_FAILURE]
> The name 'ABC1107.umc-uc.com.' may not be
> registered in DNS.
>
>
> Thanks for all teh help guys, esp. steve.
>
>
>
>>-----Original Message-----
>>Hi,
>>
>>Im using a Dell latitude laptop with win2003 professional
>>running on it. It was a member of my company's domain
> till
>>last eveninng.
>>
>>I used it as a stand alone elsewhere this morning and now
>>it refuses to log on to the network, giving the message
>>"the system cannot log you on now because the domain
>><domain>is not available".
>>
>>I am able to ping the domain controller from the computer
>>by logging in as admin of the local computer. But i'm not
>>able to enter the domain. Have tried many of the fixes
>>like switching to workgroup and then rejoining the domain
>>and such funny things.
>>
>>there are close to 20 other computers that are on the
>>domain and working fine with any valid username.
>>
>>None of them work. Can anyone help?
>>
>>This is urgent
>>.
>>
- Previous message: Bill Grant: "Re: Windows 2003 Remote Control"
- In reply to: Madhusudhan: "the system cannot log you on now because the domain <domain>is not available"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
