ACNielsenpk
asked on
Unable To Login On A Domain, Domain Not Available
I had configured 2 Windows XP SP2 clients to be migrated onto our domain. Provided them all the information i.e IP Address, Subnet Mask, Default Gateway, Preferred DNS Server & Alternate DNS Server. They both worked perfectly for a month or so on the domain till today morning when both the users complained that they are unable to login, further investigation reported that their system IP was pinging the Domain Controller IP perfectly.
Upon seeing the Event Viewer in both the systems, i found some common Event IDs which are:
1090 - Windows couldn't log the RSoP (Resultant Set of Policies) session status. An attempt to connect to WMI failed. No more RSoP logging will be done for this application of policy.
1053 - Windows cannot determine the user or computer name. Group Policy processing aborted
The last thing that i had to do to start up their work was to remove their PCs from the domain, add them to the local PC workgroup and then re-joined the domain.
Is this the solution to this? removing & re-joining it to the domain?
Upon seeing the Event Viewer in both the systems, i found some common Event IDs which are:
1090 - Windows couldn't log the RSoP (Resultant Set of Policies) session status. An attempt to connect to WMI failed. No more RSoP logging will be done for this application of policy.
1053 - Windows cannot determine the user or computer name. Group Policy processing aborted
The last thing that i had to do to start up their work was to remove their PCs from the domain, add them to the local PC workgroup and then re-joined the domain.
Is this the solution to this? removing & re-joining it to the domain?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
For the second error....
Please confirm that the "authenticated users" group has the "Access this computer from the network" right on the DDC.
http://support.microsoft.com/default.aspx?scid=kb;en-us;262958
Please confirm that the "authenticated users" group has the "Access this computer from the network" right on the DDC.
http://support.microsoft.com/default.aspx?scid=kb;en-us;262958
You could also try giving the "Domain Computers" Group "Read" rights on the "Computers" Container in Active Directory Users and Computers.
what you did was the simplest, other suggestiong might chip away, but removing and re-joining the domain is the ultimate solution.
Good Show,
Good Show,
dooleydog,
I'm 18 months into my latest AD migration and we're still fighting some of the symptoms ACNielsenpk describes.
Treating the 'symptoms' is not the solution.
"Remove and re-add" will get the user back up and functioning, but should be considered a short term fix.
Almost all of our problem boxes have been fixed with 3 steps:
1. Update the BIOS (we have lots of old built-for-NT computers);
2. Apply all SP's and critical patches; and
3. Fix the w32time service
When we perform those 3 tasks, the problem computer gets fixed and stays fixed.
Any other long-term solutions suggestions will be tried, because I am running out of hair.
Regards,
Vic
I'm 18 months into my latest AD migration and we're still fighting some of the symptoms ACNielsenpk describes.
Treating the 'symptoms' is not the solution.
"Remove and re-add" will get the user back up and functioning, but should be considered a short term fix.
Almost all of our problem boxes have been fixed with 3 steps:
1. Update the BIOS (we have lots of old built-for-NT computers);
2. Apply all SP's and critical patches; and
3. Fix the w32time service
When we perform those 3 tasks, the problem computer gets fixed and stays fixed.
Any other long-term solutions suggestions will be tried, because I am running out of hair.
Regards,
Vic
ACNielsenpk could you comment on exactly what solved it? Was it a clock problem or WMI?
Thx, J.
Thx, J.
Have you tried allowing the computer to 'automatically' make its selection for DHCP, DNS, etc?
You can also try inserting the 'Domain Name' in front of the 'User Name' when logging on.
(domain\user -- then password).
PowerIT's comment about time is critically true. You can create a 'batch file' out of the text below and run that from the problem computers:
cd\
w32tm /config /syncfromflags:domhier /update
net stop w32time
net start w32time
Also - if you have drop and re-add the boxes from the domain again -- do it without the re-boot in between.
Drop them into a 'workgroup', click OK, then immediately re-add them to the domain without re-booting.
Then re-boot.
Good Luck,
Vic