We are running in a Windows 2003 Domain, Forest is also at 2003. We have 5 Transitive Forest trusts to 5 seperate locations through VPN's. We have a single domain controller in the main location. We also have 3 Windows 2000 member servers and 1 Windows 2003 member server, all of which are not Domain Controllers.
From what we can tell after about 15 minutes after logging in the one Windows 2000 server begins to have issues communicating. The first thing we notice that happens is you cannot connect to itself through unc via the ip, doing this at the run command. Then machines cannot connect to it at all, through UNC or Network Neighborhood. We begin to get the error " Logon Failue: Account currently disabled", from the two Windows 2000 servers when they try to connect to each other via ip and name. Now we have tried NSLookup to make sure DNS is working and it is, both reverse and forward. The other thing that is happening is when we go to connect to a different Windows 2000 server from the Windows 2003 Domain Controller we are prompted for a username and password. When the Administrator username and password is used it comes up with the "This username has already been tried please check the password and try again."(Not 100% sure on the exact wording on that one.) When we use our other Administrator account it lets us right in.
Each machine is fixed by logging it off and logging it back on, but after about 15 minutes it starts to happen again. We have checked to see if the local administrator as well as the domain administrator accounts have been locked and neither have. Attached are the error messages we are receiving.
The only that changed that day in the way everything was done was as follows.
1.) The second administrator account was changed at 9 in the morning and then was changed back to the original 30 minutes later.
2.) A windows 98 machine was brought back for software backwards compatibility.
Start Free Trial
