RE: Cannot log in to Domain

Hello,

Thanks for posting in our newsgroup and Cris's input.

From your description, I know that workstation cannot logon on domain and
you get event ID 1058 and 1030. If I am off-base, please don't hesitate to
let me know.

Please let me know the following to make the situation more clearly:

1. Do all users or some specific users have this problem?

Please try Cris's suggestions. In addition, please try the steps below.

Step 1: The problem may occur when the Microsoft Distributed File System
(DFS) client is turned off. Please have a check as the following KB.

314494: Group policies are not applied the way you expect; "Event ID 1058"
and "Event ID 1030" errors in the application log
http://support.microsoft.com/default.aspx?scid=kb;EN-US;314494

Step 2: Please try to remove bad stored credentials on problem client and
prevent them from re-writing.

Control panel / user accounts / advanced tab / manage password / remove all
the stored credentials

Following Registry value removes the "Remember My Password" option from all
prompts for authentication:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
Value Name: disabledomaincreds
Value Type: REG_DWORD
Values: 0 = allow domain credentials to be stored
1 = do not store domain credentials
Set this key to 1

Step 3: Please check the AD settings on SBS server as the following KB

887421: A Group Policy setting is not applied to Windows XP
Professional-based client computers when you apply the policy setting to an
OU on a Windows 2000-based domain controller
http://support.microsoft.com/default.aspx?scid=kb;EN-US;887421

Step 4: Set Kerberos to use TCP on the SBS server and problematic
workstation, will the same issue reoccur? For the detail steps, please
refer to:

How to force Kerberos to use TCP instead of UDP in Windows Server 2003, in
Windows XP, and in Windows 2000
http://support.microsoft.com/kb/244474


If the problem persists, please help me collect the following information:

MPS Report on the SBS server and a problematic client workstation.

1. Download the MPSRPT_NETWORK.EXE from the following link and then run
this tool to gather some information from the problematic computer:
http://download.microsoft.com/download/b/b/1/bb139fcb-4aac-4fe5-a579-30b0bd9
15706/MPSRPT_NETWORK.EXE
2. Double-click on the MPSRPT_NETWORK.EXE file.
3. A CAB file will be generated in the
%systemroot%\MPSReports\Network\Reports\Cab directory called
%COMPUTERNAME%_MPSReports.CAB. The CAB file will contain the reports
generated by the MPS Reporting Tool.
4. Please send the CABs to v-robeli@xxxxxxxxxxxxx with subject: 29289182-
Cannot log in to Domain

I am looking forward to hear from you.

If you need further assistance, please don't hesitate to let me know.

Best regards,

Robert Li(MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================

This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.

=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
<Thread-Topic: Cannot log in to Domain
<thread-index: AcecokfXutIPjd15R36rsBPoxDDfMg==
<X-WBNR-Posting-Host: 207.46.192.207
<From: =?Utf-8?B?SGFubmVzdg==?= <Hannesv@xxxxxxxxxxxxxxxxxxxxxxxxx>
<Subject: Cannot log in to Domain
<Date: Tue, 22 May 2007 11:52:00 -0700
<Lines: 37
<Message-ID: <F587E237-893F-43AC-B34C-1BEC3AAEAD43@xxxxxxxxxxxxx>
<MIME-Version: 1.0
<Content-Type: text/plain;
< charset="Utf-8"
<Content-Transfer-Encoding: 7bit
<X-Newsreader: Microsoft CDO for Windows 2000
<Content-Class: urn:content-classes:message
<Importance: normal
<Priority: normal
<X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2826
<Newsgroups: microsoft.public.windows.server.sbs
<Path: TK2MSFTNGHUB02.phx.gbl
<Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:38679
<NNTP-Posting-Host: tk2msftibfm01.phx.gbl 10.40.244.149
<X-Tomcat-NG: microsoft.public.windows.server.sbs
<
<Hi
<I reinstalled SBS2003R2 Prem to fix a Netbios and DNS naming issues. All
<work great now. Got most working. But when putting users on the domain,
all
<works ok, but when I want to log on to the domain, "Domain is not
available"
<I added a second mail doamin to the Default Recipient policy in Exchange-
<only non standard config on the server.
<
<servername: smsdc01
<Netbios (and domain)name: soundmining
<FQDN: smsdc01.soundmining.local
<
<mail domain: soundmining.co.za
<
<Please help
<
<APPEvent viewer give the following:
<
<2007/05/20 14:27:03 Userenv Error None 1030 NT
<AUTHORITY\SYSTEM SMSDC01 Windows cannot query for the list of Group Policy
<objects. Check the event log for possible messages previously logged by
the
<policy engine that describes the reason for this.
<2007/05/20 14:27:03 Userenv Error None 1058 NT
<AUTHORITY\SYSTEM SMSDC01 Windows cannot access the file gpt.ini for GPO
<CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=soundmin
ing,DC=local.
<The file must be present at the location
<<\\soundmining.local\sysvol\soundmining.local\Policies\{31B2F340-016D-11D2-
945F-00C04FB984F9}\gpt.ini>.
<(Configuration information could not be read from the domain controller,
<either because the machine is unavailable, or access has been denied. ).
<Group Policy processing aborted.
<
<and
<
<Server Warning None 2510 N/A SMSDC01 The server service was unable to map
<error code 998.
<2007/05/20 14:22:41 Print Error None 33 NT AUTHORITY\SYSTEM SMSDC01 The
<PrintQueue Container could not be found because the DNS Domain name could
not
<be retrieved. Error: 6be
<

.