wheelibin
asked on
Access to your logon server has been denied error
When trying to sign on to Windows 2000 server using a 98 client I get the message "The password you supplied is incorrect or access to your logon server has been denied". The clients are on a seperate network to the server but we have been up and running for months now and never had this problem before. It is only effecting 95/98 clients not 2000 clients which I cannot work out.
From the 95/98 clients I can: ping the server and other machines on the other network, telnet to a server on the other network and use the internet through MS ISA server (proxy server) which is on the other network!
So the 95/98 clients can see everything they just CAN'T logon, the 2000 clients can see everything but CAN logon.
I'm desperate to get a solution to this because as you can imagine, the other site has been down for a while now and I'm coming under pressure to get it fixed.
Any help much appreciated, cheers.
Jon
From the 95/98 clients I can: ping the server and other machines on the other network, telnet to a server on the other network and use the internet through MS ISA server (proxy server) which is on the other network!
So the 95/98 clients can see everything they just CAN'T logon, the 2000 clients can see everything but CAN logon.
I'm desperate to get a solution to this because as you can imagine, the other site has been down for a while now and I'm coming under pressure to get it fixed.
Any help much appreciated, cheers.
Jon
I have seen something similar to this in my own network. On the Win 95/98 machines, do you have a WINS server in the network settings? We had to delete ours and re-add the domain server as the WINS server.
ASKER
Wily Guy:
It's all done via DHCP and when I look in winipcfg the WINS server is the Windows 2000 logon server (we only have 1 server). IPCONFIG shows the same.
I even gave one of the clients a static IP and defined the DNS/WINS servers manually. It still wouldn't logon.
It's all done via DHCP and when I look in winipcfg the WINS server is the Windows 2000 logon server (we only have 1 server). IPCONFIG shows the same.
I even gave one of the clients a static IP and defined the DNS/WINS servers manually. It still wouldn't logon.
How many DCs on the network?
try restarting the net logon service on the win2000 server.
try restarting the net logon service on the win2000 server.
>The clients are on a seperate network to the server but we have been up and running for months now and never had this problem before
the obvious question, what changed? any new additions or subtractions to the network?
any change in password policies? encryption?
the obvious question, what changed? any new additions or subtractions to the network?
any change in password policies? encryption?
for ur clients machines, go to control panel and user/password
u need to create an user account that is the same username and password, and the domain(the user account info in the AD user setting)
Also make sure that user account has the rights to access those folder
server:
check the user priviliages, security setting on the folder and policy setting too
u need to create an user account that is the same username and password, and the domain(the user account info in the AD user setting)
Also make sure that user account has the rights to access those folder
server:
check the user priviliages, security setting on the folder and policy setting too
Did you move the 9x machine accounts out of the default Computer container?
If so, either put them back or install the Active Directory client on them.
Also, check to see that you still have a DHCP relay working.
If so, either put them back or install the Active Directory client on them.
Also, check to see that you still have a DHCP relay working.
9x has machine accounts on w2k? they didn't on NT, just the users. I thought only NT/w2k/xp boxes could have machine accounts??
Uhhh...it's been a long night....what year is it?
Make sure the USER accounts are still in the default USERS container.....
Thanks Steve....
Make sure the USER accounts are still in the default USERS container.....
Thanks Steve....
ASKER
Thanks for all the comments.
It's nothing to do with users because the problem occurs whatever username I try. I will try and install AD client and see if that helps.
Netman: Could you tell me what exactly a DHCP relay is? It's definately using DHCP but I'm assuming you mean something different.
Cheers everyone
Jon
It's nothing to do with users because the problem occurs whatever username I try. I will try and install AD client and see if that helps.
Netman: Could you tell me what exactly a DHCP relay is? It's definately using DHCP but I'm assuming you mean something different.
Cheers everyone
Jon
ASKER
Installing AD Client has no effect.
In answer to Steve's first question:
The only thing I have changed recently is the server's external IP address for about 10 mins and then changed it back to its original.
Even though I've put it back to how it was, could this effect anything??
The server has 2 network cards in it, one that can just see the internet via an ISDN router (the one I've changed and then changed back) and one that is connected to our LAN (which I haven't touched)
In answer to Steve's first question:
The only thing I have changed recently is the server's external IP address for about 10 mins and then changed it back to its original.
Even though I've put it back to how it was, could this effect anything??
The server has 2 network cards in it, one that can just see the internet via an ISDN router (the one I've changed and then changed back) and one that is connected to our LAN (which I haven't touched)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Something else just came to mind.
If you're running RRAS on the server, you should increase the scope size in DHCP to compensate.
RRAS reserves blocks of 10 IP addresses at a time for use with it's dial-in clients. If your scope size isn't large enough to incorporate this change, then some clients will be left out in the cold.
If you're running RRAS on the server, you should increase the scope size in DHCP to compensate.
RRAS reserves blocks of 10 IP addresses at a time for use with it's dial-in clients. If your scope size isn't large enough to incorporate this change, then some clients will be left out in the cold.
as mike_ca said, stop the netlogon service on your server and restart the service. i had a similar problem, and this procedure solved it
i had a problem similar to this it turned out to be a corruption in the TCP stack on my 9x boxes.
i uninstalled and reinstalled TCP and it worked. have you done any global updates on the 9x boxes ?
i uninstalled and reinstalled TCP and it worked. have you done any global updates on the 9x boxes ?
ASKER
I've already tried restarting the netlogon service on the server and it has no effect.
Netman:
I can't set any options on the router for DHCP, I can only specify the range. I can use winipcfg to release the IP and then renew the IP but I get the same one everytime (but then again I would wouldn't I because the lease will be valid for 24 hours I think). I don't suppose there is a util or something that can query/remove entries from a DHCP server?
Huckey:
I'm going to try reinstalling TCP/IP and see if that has any effect, I haven't done any global changes though or none I know about.
cheers guys I'll let you know
Netman:
I can't set any options on the router for DHCP, I can only specify the range. I can use winipcfg to release the IP and then renew the IP but I get the same one everytime (but then again I would wouldn't I because the lease will be valid for 24 hours I think). I don't suppose there is a util or something that can query/remove entries from a DHCP server?
Huckey:
I'm going to try reinstalling TCP/IP and see if that has any effect, I haven't done any global changes though or none I know about.
cheers guys I'll let you know
ASKER
I reinstalled TCP/IP and that didn't work either.
Why is it only the 9x clients that don't work??
There must be something that the 2000 PCs are doing that the 9x ones aren't.
What records are kept on the W2K server about the clients? I think it must be something central rather than a setting on the clients beacause they all went at the same time.
AAARRRGGHH! HELP!!
Why is it only the 9x clients that don't work??
There must be something that the 2000 PCs are doing that the 9x ones aren't.
What records are kept on the W2K server about the clients? I think it must be something central rather than a setting on the clients beacause they all went at the same time.
AAARRRGGHH! HELP!!
ASKER
I've just found something really strange wich I hope will help someone think of something:
If I cancel the logon and don't sign in to the network, I can still set up Outlook to logon to the exchange server. As I have said we only have 1 server.
So it will accept the password/logon for exchange but it will still NOT logon at the domain password prompt.
I hope this triggers some more ideas!
cheers
If I cancel the logon and don't sign in to the network, I can still set up Outlook to logon to the exchange server. As I have said we only have 1 server.
So it will accept the password/logon for exchange but it will still NOT logon at the domain password prompt.
I hope this triggers some more ideas!
cheers
ASKER
I've fixed it!!!!!!
On the server, you can set a WINS server to use, it was blank.
I have set the WINS server to the server's own IP address and the clients can now sign on. All the clients settings were fine then in the end, its just that the server couldn't resolve the name of the client to log it on.
Thankyou to everyone who posted comments to this question especially Netman who got me thinking on the right lines. As nobody really gave me THE answer to this question I don't really know what to do with the points. I'd like to give some to Netman but it won't let me decrease the amount. I'm going to post in Community Support and request that some points go to Netman.
Thanks again
Jon
On the server, you can set a WINS server to use, it was blank.
I have set the WINS server to the server's own IP address and the clients can now sign on. All the clients settings were fine then in the end, its just that the server couldn't resolve the name of the client to log it on.
Thankyou to everyone who posted comments to this question especially Netman who got me thinking on the right lines. As nobody really gave me THE answer to this question I don't really know what to do with the points. I'd like to give some to Netman but it won't let me decrease the amount. I'm going to post in Community Support and request that some points go to Netman.
Thanks again
Jon
Hi wheelibin,
I've refunded 205 points enabling you to accept the comment from Netman66
modulo
Community Support Moderator
Experts Exchange
I've refunded 205 points enabling you to accept the comment from Netman66
modulo
Community Support Moderator
Experts Exchange
ASKER