Sign in with
Sign up | Sign in
Your question

Can't log into a Windows 2003 domain

Last response: in Windows 2000/NT
Share
Anonymous
March 22, 2005 2:05:35 AM

Archived from groups: microsoft.public.win2000.active_directory,microsoft.public.win2000.group_policy,microsoft.public.win2000.setup,microsoft.public.windows.server.setup (More info?)

Hi

We have two DC's with Windows 2003 Enterprise Server installed (servers are
simple DC's with AD and DNS only)
A few weeks ago we moved all of our WinXP and Win200 client computers into a
domain and everything worked fine till last week
when users tried to log-in the system returned error saying 'there is no
domain or domain controller available...'
Strange is, that some computers can log-in with no problems, but with some
we get the same error.
Nothig was changed on the domain or computers, everything is just like it
was weeks ago, also no errors are reported on DC's.
The only way to resolve this, is to 're-join' computers from a domain - join
into a workgroup and than back to a domain and users can log-in normally.
But we have over 100 computers with the same problem? What can we do, to
solve this problem?

Thank you all in advance for help
Best regards
Miha
Anonymous
March 22, 2005 2:05:36 AM

Archived from groups: microsoft.public.win2000.active_directory,microsoft.public.win2000.group_policy,microsoft.public.win2000.setup,microsoft.public.windows.server.setup (More info?)

Miha,

This is sounds like a DNS problem. There are two things that you need to do
to start troubleshooting this. This should get you on the right track, but
you may want to give us more information to better help us help you (like
how many domains, how many sites).

Step 1.
Make sure that all DCs are running AD integrated DNS and that they are
pointing to themselves as their only source of DNS. Make sure that the
appropriate SRV records have been created (restart the netlogon services).
Make sure that the correct subnets have been assigned in Sites and Services.

Step 2.
Make sure that all workstations are pointing at your DCs for primary DNS
resolution and either outside or "upstream" for their secondaries. Make
sure that you have the correct search scope defined.

This should do it. You may also want to use the DCDiag and NetDiag
utilities on your servers to give you (and us) more insight. Run these with
the /v switch for verbose output. These are part of the Server support
tools on the 2000/2003 CDs and they should be a standard part of your domain
controller builds.
--
Ryan Hanisco
MCSE, MCDBA
FlagShip Integration Services
Chicago, IL

"Miha" <miha.bernik@isg.si> wrote in message
news:o L9pEImLFHA.3988@tk2msftngp13.phx.gbl...
> Hi
>
> We have two DC's with Windows 2003 Enterprise Server installed (servers
> are simple DC's with AD and DNS only)
> A few weeks ago we moved all of our WinXP and Win200 client computers into
> a domain and everything worked fine till last week
> when users tried to log-in the system returned error saying 'there is no
> domain or domain controller available...'
> Strange is, that some computers can log-in with no problems, but with some
> we get the same error.
> Nothig was changed on the domain or computers, everything is just like it
> was weeks ago, also no errors are reported on DC's.
> The only way to resolve this, is to 're-join' computers from a domain -
> join into a workgroup and than back to a domain and users can log-in
> normally. But we have over 100 computers with the same problem? What can
> we do, to solve this problem?
>
> Thank you all in advance for help
> Best regards
> Miha
>
>
Anonymous
March 22, 2005 10:21:53 AM

Archived from groups: microsoft.public.win2000.active_directory,microsoft.public.win2000.group_policy,microsoft.public.win2000.setup,microsoft.public.windows.server.setup (More info?)

I would like to add that if you have multiple DCs and DNS is the issue (99
times out 100 it is), then you might find it beneficial to point all DCs at
one for DNS, do the registrations and replication and then change them back
to pointing at self or whatever they were pointing at -assuming of course
they weren't pointing to a public DNS server ;-)

I just find it most efficient this way. Saves any fiddling and waiting.
Once replication is working, you're good to change back.

In addition to running the diagnostics mentioned by Ryan on the DCs you may
find some additional info. by doing the following on one of the clients:

C:\>nltest /dsgetdc:D omain-name.com
C:\>nltest /whowill:D omain-name.com username

C:\>nslookup
>set type=srv
>_ldap._tcp.dc._msdcs.domain-name.com


Also, don't forget the event logs on the clients. They too can provide
valuable insight into troubleshooting ;-)

**Note. NLTEST is a support tool too.

--

Paul Williams

http://www.msresource.net/
http://forums.msresource.net/
Related resources
Anonymous
March 22, 2005 7:29:13 PM

Archived from groups: microsoft.public.win2000.active_directory,microsoft.public.win2000.group_policy,microsoft.public.win2000.setup,microsoft.public.windows.server.setup (More info?)

On Mon, 21 Mar 2005 23:05:35 +0100, "Miha" <miha.bernik@isg.si> wrote:

>We have two DC's with Windows 2003 Enterprise Server installed (servers are
>simple DC's with AD and DNS only)
>A few weeks ago we moved all of our WinXP and Win200 client computers into a
>domain and everything worked fine till last week
>when users tried to log-in the system returned error saying 'there is no
>domain or domain controller available...'
>Strange is, that some computers can log-in with no problems, but with some
>we get the same error.
>Nothig was changed on the domain or computers, everything is just like it
>was weeks ago, also no errors are reported on DC's.
>The only way to resolve this, is to 're-join' computers from a domain - join
>into a workgroup and than back to a domain and users can log-in normally.
>But we have over 100 computers with the same problem? What can we do, to
>solve this problem?

Most likely DNS related. Make sure the systems have correct DNS
servers specified (the AD DC's normally). This is common where you
have an internal and external DNS specified in the client and it tries
to resolve the domain through a non-AD DNS. It could mean some
missing records in your DNS but I'd think all systems would have
problems then.

If you use DHCP, make sure the scopes are handing out only DNS for the
AD domain the systems are in.

Jeff
Anonymous
March 23, 2005 5:35:07 AM

Archived from groups: microsoft.public.win2000.active_directory,microsoft.public.win2000.group_policy,microsoft.public.win2000.setup,microsoft.public.windows.server.setup (More info?)

Jeff,

This could be because only once DC is having problems and only the
workstations using it for DNS are exhibiting the problem.

Just a guess...
--
Ryan Hanisco
MCSE, MCDBA
FlagShip Integration Services
Chicago, IL

"Jeff Cochran" <jeff.nospam@zina.com> wrote in message
news:42454745.8040331@msnews.microsoft.com...
> On Mon, 21 Mar 2005 23:05:35 +0100, "Miha" <miha.bernik@isg.si> wrote:
>
>>We have two DC's with Windows 2003 Enterprise Server installed (servers
>>are
>>simple DC's with AD and DNS only)
>>A few weeks ago we moved all of our WinXP and Win200 client computers into
>>a
>>domain and everything worked fine till last week
>>when users tried to log-in the system returned error saying 'there is no
>>domain or domain controller available...'
>>Strange is, that some computers can log-in with no problems, but with some
>>we get the same error.
>>Nothig was changed on the domain or computers, everything is just like it
>>was weeks ago, also no errors are reported on DC's.
>>The only way to resolve this, is to 're-join' computers from a domain -
>>join
>>into a workgroup and than back to a domain and users can log-in normally.
>>But we have over 100 computers with the same problem? What can we do, to
>>solve this problem?
>
> Most likely DNS related. Make sure the systems have correct DNS
> servers specified (the AD DC's normally). This is common where you
> have an internal and external DNS specified in the client and it tries
> to resolve the domain through a non-AD DNS. It could mean some
> missing records in your DNS but I'd think all systems would have
> problems then.
>
> If you use DHCP, make sure the scopes are handing out only DNS for the
> AD domain the systems are in.
>
> Jeff
!