?
Solved

Access to your logon server has been denied error

Posted on 2003-03-10
20
Medium Priority
?
399 Views
Last Modified: 2012-06-27
When trying to sign on to Windows 2000 server using a 98 client I get the message "The password you supplied is incorrect or access to your logon server has been denied".  The clients are on a seperate network to the server but we have been up and running for months now and never had this problem before.  It is only effecting 95/98 clients not 2000 clients which I cannot work out.  

From the 95/98 clients I can:  ping the server and other machines on the other network, telnet to a server on the other network and use the internet through MS ISA server (proxy server) which is on the other network!

So the 95/98 clients can see everything they just CAN'T logon, the 2000 clients can see everything but CAN logon.

I'm desperate to get a solution to this because as you can imagine, the other site has been down for a while now and I'm coming under pressure to get it fixed.  

Any help much appreciated, cheers.
Jon
0
Comment
Question by:wheelibin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 4
  • 2
  • +6
20 Comments
 
LVL 1

Author Comment

by:wheelibin
ID: 8102259
PS.  I've seen a few 'solutions' to this that just keep pointing to the same MS Knowledge Base article but that hasn't helped me at all.
0
 
LVL 15

Expert Comment

by:WilyGuy
ID: 8102478
I have seen something similar to this in my own network.  On the Win 95/98 machines, do you have a WINS server in the network settings?  We had to delete ours and re-add the domain server as the WINS server.
0
 
LVL 1

Author Comment

by:wheelibin
ID: 8102715
Wily Guy:
It's all done via DHCP and when I look in winipcfg the WINS server is the Windows 2000 logon server (we only have 1 server).  IPCONFIG shows the same.

I even gave one of the clients a static IP and defined the DNS/WINS servers manually.  It still wouldn't logon.
0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 
LVL 2

Expert Comment

by:mike_ca
ID: 8104643
How many DCs on the network?
try restarting the net logon service on the win2000 server.
0
 
LVL 41

Expert Comment

by:stevenlewis
ID: 8106893
>The clients are on a seperate network to the server but we have been up and running for months now and never had this problem before
the obvious question, what changed? any new additions or subtractions to the network?
any change in password policies? encryption?
0
 
LVL 3

Expert Comment

by:smallbee
ID: 8106937
for ur clients machines, go to control panel and user/password

u need to create an user account that is the same username and password, and the domain(the user account info in the AD user setting)


Also make sure that user account has the rights to access those folder

server:

check the user priviliages, security setting on the folder and policy setting too
0
 
LVL 51

Expert Comment

by:Netman66
ID: 8108352
Did you move the 9x machine accounts out of the default Computer container?

If so, either put them back or install the Active Directory client on them.

Also, check to see that you still have a DHCP relay working.

0
 
LVL 41

Expert Comment

by:stevenlewis
ID: 8108407
9x has machine accounts on w2k? they didn't on NT, just the users. I thought only NT/w2k/xp boxes could have machine accounts??
0
 
LVL 51

Expert Comment

by:Netman66
ID: 8108479
Uhhh...it's been a long night....what year is it?

Make sure the USER accounts are still in the default USERS container.....

Thanks Steve....
0
 
LVL 1

Author Comment

by:wheelibin
ID: 8109719
Thanks for all the comments.

It's nothing to do with users because the problem occurs whatever username I try.  I will try and install AD client and see if that helps.

Netman: Could you tell me what exactly a DHCP relay is? It's definately using DHCP but I'm assuming you mean something different.

Cheers everyone
Jon
0
 
LVL 1

Author Comment

by:wheelibin
ID: 8109876
Installing AD Client has no effect.

In answer to Steve's first question:
The only thing I have changed recently is the server's external IP address for about 10 mins and then changed it back to its original.  
Even though I've put it back to how it was, could this effect anything??  
The server has 2 network cards in it, one that can just see the internet via an ISDN router (the one I've changed and then changed back) and one that is connected to our LAN (which I haven't touched)
0
 
LVL 51

Accepted Solution

by:
Netman66 earned 75 total points
ID: 8110408
What separates your 9x clients from the server's network?

If it's a router then DHCP relay is enabled there.

If your client's already get a good IP then it's likely working.  Try looking at one PC and noting the IP address it has been assigned.  Shut it down and go to the DHCP server and manually delete it's lease.  Restart the PC and take note of what IP it now holds.  Check the DHCP server for that entry.

What we are trying to do is see if the PC gets a new IP or continues to use the old one.

Another thing to do is make sure you have set the option for DHCP to register in DNS for clients that cannot do it themselves.

If it's an MS W2K DHCP server, open DHCP manager from within Administrative Tools.
Right-click the servername in the left pane and select properties.
On the DNS tab, make sure that Automatically update DHCP client information in DNS is checked, Always update DNS (in your case) is selected, Discard forward lookups when lease expires is checked and Enable update for DNS clients that do not support dynamic updates is checked.

Let us know.
0
 
LVL 51

Expert Comment

by:Netman66
ID: 8110687
Something else just came to mind.

If you're running RRAS on the server, you should increase the scope size in DHCP to compensate.

RRAS reserves blocks of 10 IP addresses at a time for use with it's dial-in clients.  If your scope size isn't large enough to incorporate this change, then some clients will be left out in the cold.

0
 

Expert Comment

by:jimmmmi
ID: 8113720
as mike_ca said, stop the netlogon service on your server and restart the service. i had a similar problem, and this procedure solved it
0
 
LVL 4

Expert Comment

by:huckey
ID: 8116024
i had a problem similar to this it turned out to be a corruption in the TCP stack on my 9x boxes.

i uninstalled and reinstalled TCP and it worked. have you done any global updates on the 9x boxes ?
0
 
LVL 1

Author Comment

by:wheelibin
ID: 8118054
I've already tried restarting the netlogon service on the server and it has no effect.

Netman:
I can't set any options on the router for DHCP, I can only specify the range.  I can use winipcfg to release the IP and then renew the IP but I get the same one everytime (but then again I would wouldn't I because the lease will be valid for 24 hours I think).  I don't suppose there is a util or something that can query/remove entries from a DHCP server?

Huckey:
I'm going to try reinstalling TCP/IP and see if that has any effect, I haven't done any global changes though or none I know about.

cheers guys I'll let you know
0
 
LVL 1

Author Comment

by:wheelibin
ID: 8118353
I reinstalled TCP/IP and that didn't work either.  

Why is it only the 9x clients that don't work??
There must be something that the 2000 PCs are doing that the 9x ones aren't.
What records are kept on the W2K server about the clients?  I think it must be something central rather than a setting on the clients beacause they all went at the same time.  

AAARRRGGHH!  HELP!!

0
 
LVL 1

Author Comment

by:wheelibin
ID: 8118479
I've just found something really strange wich I hope will help someone think of something:

If I cancel the logon and don't sign in to the network, I can still set up Outlook to logon to the exchange server.  As I have said we only have 1 server.

So it will accept the password/logon for exchange but it will still NOT logon at the domain password prompt.

I hope this triggers some more ideas!

cheers
0
 
LVL 1

Author Comment

by:wheelibin
ID: 8119738
I've fixed it!!!!!!

On the server, you can set a WINS server to use, it was blank.  
I have set the WINS server to the server's own IP address and the clients can now sign on.  All the clients settings were fine then in the end, its just that the server couldn't resolve the name of the client to log it on.

Thankyou to everyone who posted comments to this question especially Netman who got me thinking on the right lines.  As nobody really gave me THE answer to this question I don't really know what to do with the points.  I'd like to give some to Netman but it won't let me decrease the amount.  I'm going to post in Community Support and request that some points go to Netman.

Thanks again
Jon
0
 

Expert Comment

by:modulo
ID: 8122325
Hi wheelibin,

I've refunded 205 points enabling you to accept the comment from Netman66

modulo

Community Support Moderator
Experts Exchange
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question