• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 406
  • Last Modified:

Access to your logon server has been denied error

When trying to sign on to Windows 2000 server using a 98 client I get the message "The password you supplied is incorrect or access to your logon server has been denied".  The clients are on a seperate network to the server but we have been up and running for months now and never had this problem before.  It is only effecting 95/98 clients not 2000 clients which I cannot work out.  

From the 95/98 clients I can:  ping the server and other machines on the other network, telnet to a server on the other network and use the internet through MS ISA server (proxy server) which is on the other network!

So the 95/98 clients can see everything they just CAN'T logon, the 2000 clients can see everything but CAN logon.

I'm desperate to get a solution to this because as you can imagine, the other site has been down for a while now and I'm coming under pressure to get it fixed.  

Any help much appreciated, cheers.
Jon
0
wheelibin
Asked:
wheelibin
  • 8
  • 4
  • 2
  • +6
1 Solution
 
wheelibinAuthor Commented:
PS.  I've seen a few 'solutions' to this that just keep pointing to the same MS Knowledge Base article but that hasn't helped me at all.
0
 
WilyGuyCommented:
I have seen something similar to this in my own network.  On the Win 95/98 machines, do you have a WINS server in the network settings?  We had to delete ours and re-add the domain server as the WINS server.
0
 
wheelibinAuthor Commented:
Wily Guy:
It's all done via DHCP and when I look in winipcfg the WINS server is the Windows 2000 logon server (we only have 1 server).  IPCONFIG shows the same.

I even gave one of the clients a static IP and defined the DNS/WINS servers manually.  It still wouldn't logon.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
mike_caCommented:
How many DCs on the network?
try restarting the net logon service on the win2000 server.
0
 
stevenlewisCommented:
>The clients are on a seperate network to the server but we have been up and running for months now and never had this problem before
the obvious question, what changed? any new additions or subtractions to the network?
any change in password policies? encryption?
0
 
smallbeeCommented:
for ur clients machines, go to control panel and user/password

u need to create an user account that is the same username and password, and the domain(the user account info in the AD user setting)


Also make sure that user account has the rights to access those folder

server:

check the user priviliages, security setting on the folder and policy setting too
0
 
Netman66Commented:
Did you move the 9x machine accounts out of the default Computer container?

If so, either put them back or install the Active Directory client on them.

Also, check to see that you still have a DHCP relay working.

0
 
stevenlewisCommented:
9x has machine accounts on w2k? they didn't on NT, just the users. I thought only NT/w2k/xp boxes could have machine accounts??
0
 
Netman66Commented:
Uhhh...it's been a long night....what year is it?

Make sure the USER accounts are still in the default USERS container.....

Thanks Steve....
0
 
wheelibinAuthor Commented:
Thanks for all the comments.

It's nothing to do with users because the problem occurs whatever username I try.  I will try and install AD client and see if that helps.

Netman: Could you tell me what exactly a DHCP relay is? It's definately using DHCP but I'm assuming you mean something different.

Cheers everyone
Jon
0
 
wheelibinAuthor Commented:
Installing AD Client has no effect.

In answer to Steve's first question:
The only thing I have changed recently is the server's external IP address for about 10 mins and then changed it back to its original.  
Even though I've put it back to how it was, could this effect anything??  
The server has 2 network cards in it, one that can just see the internet via an ISDN router (the one I've changed and then changed back) and one that is connected to our LAN (which I haven't touched)
0
 
Netman66Commented:
What separates your 9x clients from the server's network?

If it's a router then DHCP relay is enabled there.

If your client's already get a good IP then it's likely working.  Try looking at one PC and noting the IP address it has been assigned.  Shut it down and go to the DHCP server and manually delete it's lease.  Restart the PC and take note of what IP it now holds.  Check the DHCP server for that entry.

What we are trying to do is see if the PC gets a new IP or continues to use the old one.

Another thing to do is make sure you have set the option for DHCP to register in DNS for clients that cannot do it themselves.

If it's an MS W2K DHCP server, open DHCP manager from within Administrative Tools.
Right-click the servername in the left pane and select properties.
On the DNS tab, make sure that Automatically update DHCP client information in DNS is checked, Always update DNS (in your case) is selected, Discard forward lookups when lease expires is checked and Enable update for DNS clients that do not support dynamic updates is checked.

Let us know.
0
 
Netman66Commented:
Something else just came to mind.

If you're running RRAS on the server, you should increase the scope size in DHCP to compensate.

RRAS reserves blocks of 10 IP addresses at a time for use with it's dial-in clients.  If your scope size isn't large enough to incorporate this change, then some clients will be left out in the cold.

0
 
jimmmmiCommented:
as mike_ca said, stop the netlogon service on your server and restart the service. i had a similar problem, and this procedure solved it
0
 
huckeyCommented:
i had a problem similar to this it turned out to be a corruption in the TCP stack on my 9x boxes.

i uninstalled and reinstalled TCP and it worked. have you done any global updates on the 9x boxes ?
0
 
wheelibinAuthor Commented:
I've already tried restarting the netlogon service on the server and it has no effect.

Netman:
I can't set any options on the router for DHCP, I can only specify the range.  I can use winipcfg to release the IP and then renew the IP but I get the same one everytime (but then again I would wouldn't I because the lease will be valid for 24 hours I think).  I don't suppose there is a util or something that can query/remove entries from a DHCP server?

Huckey:
I'm going to try reinstalling TCP/IP and see if that has any effect, I haven't done any global changes though or none I know about.

cheers guys I'll let you know
0
 
wheelibinAuthor Commented:
I reinstalled TCP/IP and that didn't work either.  

Why is it only the 9x clients that don't work??
There must be something that the 2000 PCs are doing that the 9x ones aren't.
What records are kept on the W2K server about the clients?  I think it must be something central rather than a setting on the clients beacause they all went at the same time.  

AAARRRGGHH!  HELP!!

0
 
wheelibinAuthor Commented:
I've just found something really strange wich I hope will help someone think of something:

If I cancel the logon and don't sign in to the network, I can still set up Outlook to logon to the exchange server.  As I have said we only have 1 server.

So it will accept the password/logon for exchange but it will still NOT logon at the domain password prompt.

I hope this triggers some more ideas!

cheers
0
 
wheelibinAuthor Commented:
I've fixed it!!!!!!

On the server, you can set a WINS server to use, it was blank.  
I have set the WINS server to the server's own IP address and the clients can now sign on.  All the clients settings were fine then in the end, its just that the server couldn't resolve the name of the client to log it on.

Thankyou to everyone who posted comments to this question especially Netman who got me thinking on the right lines.  As nobody really gave me THE answer to this question I don't really know what to do with the points.  I'd like to give some to Netman but it won't let me decrease the amount.  I'm going to post in Community Support and request that some points go to Netman.

Thanks again
Jon
0
 
moduloCommented:
Hi wheelibin,

I've refunded 205 points enabling you to accept the comment from Netman66

modulo

Community Support Moderator
Experts Exchange
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 8
  • 4
  • 2
  • +6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now