starmistress
IS-IT--Management
We recently upgraded our PDC from NT4 to Win2k. Administrator level IDs are able to logon to any station. Domain users are not able to logon at all. Please help. Thank you very much.
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Wanet Telecoms Ltd on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Upgrade logon issue 1
- Thread starter starmistress
- Start date
- Status
-
1
- #2
brontosaurus
MIS
check to see that Authenticated Users have the right to "Logon Locally" in the domain policy.
brontosaurus
MIS
what error message are you getting when you attempt the login? Things to check in the meantime: Make sure there's no entries in the "Deny Logon Locally" policy. Check permissions on the %systemroot% directory and make sure "Everyone" has read/write....
The error message is as follows: "The domain password you supplied is not correct, or access to your logon server has been denied. it seems anyone who is on a win2k machine can log in but they cannot access the PDC or any shares on that machine?
Thanks,
Thanks,
brontosaurus
MIS
I should have asked earlier...that's a whole different nut. What OS are your clients using? Are you using IP only, or IP and IPX? Try something else. Create a new regular user in AD and try to log on with that account.
- Thread starter
- #7
starmistress
IS-IT--Management
Our clients are Win9x, NT4 wksts, and 2kPro. We are using only IP, DHCP assigned. Creating new AD accounts did not work.
brontosaurus
MIS
OK. I just re-read your posts so let me refresh the picture. Your W2K machines can log in as regular users, but can't access shares on the DC. Your NT and 9x clients can't log in at all as regular users. Domain Admins can log in from any OS and access shares on the DC. Is this correct?
GlenJohnson
MIS
Make sure the w2k machines log onto the domain and not the local computer. They will have to join the domain for that to happen. At the login, do you have an option dropdown to log on locally or to the domain? Glen A. Johnson
Microsoft Certified Professional
gjohn76351@msn.com
"Nothing can be done quickly and prudently at the same time."
Publilius Syrus (1st century B.C.); Roman writer.
Microsoft Certified Professional
gjohn76351@msn.com
"Nothing can be done quickly and prudently at the same time."
Publilius Syrus (1st century B.C.); Roman writer.
Yes that is correct, and i hope this adds to the "helpful info" list.. I went to Technet and saw this article that asked me to verify client authentication in active directory from a client computer. So i am on my XP machine and did the following:
1. start, search, for people
2. selected active directory from the d/d list.
3. entered the username for logon (ie. my username that i logon with) and hit search.
i get this response "the specified directory service could not be reached. The service may be temporarily unavailable or the server name may be incorrect.
Signed, Still guessing.
1. start, search, for people
2. selected active directory from the d/d list.
3. entered the username for logon (ie. my username that i logon with) and hit search.
i get this response "the specified directory service could not be reached. The service may be temporarily unavailable or the server name may be incorrect.
Signed, Still guessing.
GlenJohnson
MIS
You could try the same thing and select entire domain. I had a user hiding in a security folder so when I did a search for her in users, it couldn't be found. So I added the newuser, and AD said, "Nope, can't do that, the user already exists dummy" Glen A. Johnson
Microsoft Certified Professional
gjohn76351@msn.com
"Nothing can be done quickly and prudently at the same time."
Publilius Syrus (1st century B.C.); Roman writer.
Microsoft Certified Professional
gjohn76351@msn.com
"Nothing can be done quickly and prudently at the same time."
Publilius Syrus (1st century B.C.); Roman writer.
brontosaurus
MIS
OK, let's talk DNS. When you upgraded the server, did you install DNS on it? Or are you using DNS services from another source?
GlenJohnson
MIS
Good call bronto, also wins can be tricky. Glen A. Johnson
Microsoft Certified Professional
gjohn76351@msn.com
"Nothing can be done quickly and prudently at the same time."
Publilius Syrus (1st century B.C.); Roman writer.
Microsoft Certified Professional
gjohn76351@msn.com
"Nothing can be done quickly and prudently at the same time."
Publilius Syrus (1st century B.C.); Roman writer.
GlenJohnson
MIS
Is anything set up in active directory/sites and services. Maybe your trying to replicate with the other dns servers, and getting authentication from them? (Real shot in the dark!) Glen A. Johnson
Microsoft Certified Professional
gjohn76351@msn.com
"Nothing can be done quickly and prudently at the same time."
Publilius Syrus (1st century B.C.); Roman writer.
Microsoft Certified Professional
gjohn76351@msn.com
"Nothing can be done quickly and prudently at the same time."
Publilius Syrus (1st century B.C.); Roman writer.
brontosaurus
MIS
NO. Your clients should be pointing to your DNS server for name resolution in your domain (actually, your DNS server should be pointing to itself for name resolution as well). Then, your DNS server should be forwarding to your ISP's DNS server for internet name resolution (to do this, you'll need to delete the root "." zone in DNS manager). In DHCP, make sure you allow your DHCP server to update DNS on behalf of all your clients. In addition, you may want to make your DNS server a slave/secondary server to corporate's, so you get a copy of all their zone information locally. You'll need to work that out with them. Start with this stuff...
OK, here goes.. I had talked with a friend of mine that is also an IT admin. And upon reading the previous came up with the solution. When i installed the OS i used a "per seat" licensing schema, he states that if i had used a "per server" design then the server would be responsible for handing out the licenses. And the only way to do that is to reinstall. So here i go again.
I truly appreciate everyones input today and i hope that this helps someone else out in the future as well.
Trial by fire is surely the quickest way to learn..
Thanks again!!
Jcagle737
I truly appreciate everyones input today and i hope that this helps someone else out in the future as well.
Trial by fire is surely the quickest way to learn..
Thanks again!!
Jcagle737
GlenJohnson
MIS
Could very well be right. I've never installed per seat. If you've got the money, you could purchase more seats, but that's not a pleasant thing to do. Glen A. Johnson
Microsoft Certified Professional
gjohn76351@msn.com
"The greater the difficulty, the more the glory in surmounting it".
Epicurus (341-270 B.C.); Greek philosopher
Microsoft Certified Professional
gjohn76351@msn.com
"The greater the difficulty, the more the glory in surmounting it".
Epicurus (341-270 B.C.); Greek philosopher
JayKarabin
MIS
wait!!
you don't have to reinstall
go to start, control panel, licensing
should say per seat.
change to per server
M$ allows a one time change, how nice of them...
i ran into this issue also before, and thankfully this saved me.
good luck
jason karabin
MCP,MCSE,MCSA
jason@karabin.org
you don't have to reinstall
go to start, control panel, licensing
should say per seat.
change to per server
M$ allows a one time change, how nice of them...
i ran into this issue also before, and thankfully this saved me.
good luck
jason karabin
MCP,MCSE,MCSA
jason@karabin.org
Thanks Jason, But when i went there to do just that it was greyed out and wouldnt let me change a thing.. But i am not sure i would assume that most of you guys out there "and ladies too" would find that a fresh install is best when possible..
But i do appreciate the help for sure..
Thanks again,
Jcagle737@msn.com
But i do appreciate the help for sure..
Thanks again,
Jcagle737@msn.com
- Status
Similar threads
- Locked
- Question