IT Gal
asked on
Windows XP Client cannot login to NT Domain
Hello all. I just bought 10 new DELL desktops running Windows XP pro. I took the first one out of the box and set it up and joined my NT domain. I then tried to log off the machine and log on as an Administrator on my domain. It will not let me do this.
I get a message when I try to logon that the domain controller is down or unreachable. If I log back on to the machine I can browse the network and see shares, but I cannot logon to the domain.
I was planning to upgrade to active directory anyway, but I dont want to have to do it for this reason. I have one other machine running XP pro on my network, and I never had any trouble whatsoever joining and logging onto the NT 4.0 domain. Can anyone think of a reason why this might be happening and how to get around it?
I did check MS technet, but most of the solutions there deal with not being able to join the domain at all. I can join it successfully, I just cant log on to it.
Thanks for any help,
-Matt
I get a message when I try to logon that the domain controller is down or unreachable. If I log back on to the machine I can browse the network and see shares, but I cannot logon to the domain.
I was planning to upgrade to active directory anyway, but I dont want to have to do it for this reason. I have one other machine running XP pro on my network, and I never had any trouble whatsoever joining and logging onto the NT 4.0 domain. Can anyone think of a reason why this might be happening and how to get around it?
I did check MS technet, but most of the solutions there deal with not being able to join the domain at all. I can join it successfully, I just cant log on to it.
Thanks for any help,
-Matt
ASKER
Hey, thanks for the fast comment back, but unfortunately everything you suggested was already done. I had enabled NETBIOS over TCPIP in reference to the MS support document regarding being unable to join the domain in the first place. The browser service was already running.
I can ping local hosts by name and everything, I just cant log on to the domain. Very strange.
I even tried (while logged on to the local machine) adding a user from the domain, and when I did I got a message saying something to the effect of "the trust relationship between the client and the domain controller could not be established" or something like that.
Any other ideas?
Thanks,
-Matt
I can ping local hosts by name and everything, I just cant log on to the domain. Very strange.
I even tried (while logged on to the local machine) adding a user from the domain, and when I did I got a message saying something to the effect of "the trust relationship between the client and the domain controller could not be established" or something like that.
Any other ideas?
Thanks,
-Matt
Matt, definitly you have a name resolution problem.
If your name resolution method is DNS review that the domain name is correctly added in the DNS server.
If your name resolution methos is WINS the easy way to resolve the problem is restart your Domain Controler (PDC) and it regiser for itself in the wins server. But you must be think in reinstall your WINS server or at least review it slowly.
I hope this help you
bye
jacc
If your name resolution method is DNS review that the domain name is correctly added in the DNS server.
If your name resolution methos is WINS the easy way to resolve the problem is restart your Domain Controler (PDC) and it regiser for itself in the wins server. But you must be think in reinstall your WINS server or at least review it slowly.
I hope this help you
bye
jacc
additionally to add to jacc's comment about DNS, are you ruunning a DNS server on the NT domain controller? If so, then point the XP system to the DNS address, and it could help you out. XP requires DNS for almost the majority of its networking, and if not present it can kill/slow to a crawl/or basically not let you browse the network. I may be a bit off on this, but for 2000 and A/D, it is a must alm ost. I really know nothing of NT, but I hope it may help a bit.
XP and win2K tend to use DNS for name resolution, so If you are running DNS server on your NT server johns comment is useful. You may also want to consider adding host and lmhost files to help the machine find the domain. In Windows XP/NT/2000 these are located in c:\windows directory\system32\drivers
Regards
Anne
Regards
Anne
BTW- You dont happen to have IPX loaded on your server or xp box?, If ipx is on the wire, and the external IPX addresses are not matched, you can sometimes have connection problems.
ASKER
Ok, I'm digesting the comments here, but I think I need to comment on a couple things.
jacc - Matt, definitly you have a name resolution problem.
>I can ping hosts by name, so I dont think its a name resolution problem. Can you explain why you think this is the problem?
johnb6767 - are you ruunning a DNS server on the NT domain controller?
>No, not on the NT domain controller, but I am running caching-only DNS on a 2000 server machine on the domain. I have pointed the desktop to that for DNS, and it resolves external hostnames just fine
At any rate, like I mentioned, I have at least one other client on this network running XP pro and it is able to log on to the domain just fine, so Im not too sure what the problem is at this point. I can add LMHOSTS entries, I suppose, but I'd rather not if I don't have to. Its never fun updating static files if things move around.
I dont have IPX in the network stack on the client machine. Just Client for MSN, file and printer sharing, and TCPIP. I will add the 'exact' error messages in my next post.
jacc - Matt, definitly you have a name resolution problem.
>I can ping hosts by name, so I dont think its a name resolution problem. Can you explain why you think this is the problem?
johnb6767 - are you ruunning a DNS server on the NT domain controller?
>No, not on the NT domain controller, but I am running caching-only DNS on a 2000 server machine on the domain. I have pointed the desktop to that for DNS, and it resolves external hostnames just fine
At any rate, like I mentioned, I have at least one other client on this network running XP pro and it is able to log on to the domain just fine, so Im not too sure what the problem is at this point. I can add LMHOSTS entries, I suppose, but I'd rather not if I don't have to. Its never fun updating static files if things move around.
I dont have IPX in the network stack on the client machine. Just Client for MSN, file and printer sharing, and TCPIP. I will add the 'exact' error messages in my next post.
Do you have a wins server - If you set one up on your windows 2000 server you could add entries for the server and the domain. Add the wins server to DHCP (if you are using it of course), or staticly configure it in the tcpip config of the xp workstation. Then you should not need a lmhosts file. If the workstation is pointing to your local caching only DNS server and this doesn't have entries for your domain and domain controller, this could be part of the reason the workstation is having problems resolving the name of the domain controller servicing the domain.
A question, does your NT server have more than one IP address by any chance....
A question, does your NT server have more than one IP address by any chance....
Once you setup the Wins server, ensure the Domain controller is pointing to it in its TCPIP settings.
Within a few minutes 6-8 entries relating to the domain and domain controller should appear.
Particularly note for the domain (DC=domain controller)
Record Name Type Ip Address State Static etc....
1 DOMAINNAME [00h]Workgroup DCs IP address Active
2 DOMAINNAME [1Bh]Domain Master Browser DCs IP address Active
3 DOMAINNAME [0Ch]Domain Controller DCs IP address Active
4 DOMAINNAME [1Eh]Normal Group Name DCs IP address Active
5 DCname [20h]File Server DCs IP address Active
6 DCname [00h]WorkStation DCs IP address Active
7 DCname [03h]Messenger DCs IP address Active
If these entries don't appear, you may need to statically create 2, 3, and 5.
Once this is done your winxp boxes should be able to login to the domain. As I mentioned ideally winxp uses DNS for this sort of resolution, but that would be a bit difficult to setup in your environment without active directory.
Regards
Anne
Within a few minutes 6-8 entries relating to the domain and domain controller should appear.
Particularly note for the domain (DC=domain controller)
Record Name Type Ip Address State Static etc....
1 DOMAINNAME [00h]Workgroup DCs IP address Active
2 DOMAINNAME [1Bh]Domain Master Browser DCs IP address Active
3 DOMAINNAME [0Ch]Domain Controller DCs IP address Active
4 DOMAINNAME [1Eh]Normal Group Name DCs IP address Active
5 DCname [20h]File Server DCs IP address Active
6 DCname [00h]WorkStation DCs IP address Active
7 DCname [03h]Messenger DCs IP address Active
If these entries don't appear, you may need to statically create 2, 3, and 5.
Once this is done your winxp boxes should be able to login to the domain. As I mentioned ideally winxp uses DNS for this sort of resolution, but that would be a bit difficult to setup in your environment without active directory.
Regards
Anne
Oh before creating static entries in wins, try this from a dos prompt on the domain controller....
nbtstat -RR (both r's are capitals) to refresh the netbios names registered by the computer.
Regards
Anne
nbtstat -RR (both r's are capitals) to refresh the netbios names registered by the computer.
Regards
Anne
You can see the netbios names resolved on the workstation from a dos prompt by typing
nbtstat -r (lower case r this time)
You might like to try this on the winxp box that is working and one that isn't to see the difference.
nbtstat -r (lower case r this time)
You might like to try this on the winxp box that is working and one that isn't to see the difference.
Another thing that can cause an intermittant problem, is if there are computers (win9x) on your network that are configured to use a workgroup with the same name as your domain. If there are any like this, change the name of the workgroup.
ASKER
OK, here is the information regarding the problem and the setup of the computer in question:
Client for Microsoft Networks
File and Printer Sharing For Microsoft Networks
QOS Packet Scheduler
Internet Protocol (TCPIP)
The IP address is assigned by DHCP, running on a Watchguard Firebox. DNS is pointing to my caching-only DNS server (not the domain controller). WINS is set to the address of the DC. I can ping hosts by name.
If I try to add a user from the domain by going to control panel->user accounts->add->browse->adv
"The user could not be added because the following error has occurred"
"The Trust relationship between this workstation and the primary domain failed"
When I log off and try to log on to the domain, I get the message:
Windows cannot Connect to this domain, either because the domain controller is down or otherwise unavailable, or because your computer account was not found. Please try again later, contact your system administrator etc etc.
Now then,
WINS is already running on the DC itself (NT 4) I tried nbtstat -RR on it but it didnt work.
Whats odd is that if I do nbtstat -a on the XP machine that IS logging on to the domain, it shows the adapter address as 0.0.0.0. For the machine that is NOT logging onto the domain, I get the adapter address. This may be because the one that DOES log on is a laptop and has two NICS. Maybe its just looking at the wrong one.
Here is nbtstat output from the machine thats having the problem..it looks normal to me:
C:\Documents and Settings\Lisa>nbtstat -n
Local Area Connection:
Node IpAddress: [192.168.156.64] Scope Id: []
NetBIOS Local Name Table
Name Type Status
--------------------------
SMITH <00> UNIQUE Registered
SUNCOAST <00> GROUP Registered
SMITH <03> UNIQUE Registered
SMITH <20> UNIQUE Registered
SUNCOAST <1E> GROUP Registered
LISA <03> UNIQUE Registered
Client for Microsoft Networks
File and Printer Sharing For Microsoft Networks
QOS Packet Scheduler
Internet Protocol (TCPIP)
The IP address is assigned by DHCP, running on a Watchguard Firebox. DNS is pointing to my caching-only DNS server (not the domain controller). WINS is set to the address of the DC. I can ping hosts by name.
If I try to add a user from the domain by going to control panel->user accounts->add->browse->adv
"The user could not be added because the following error has occurred"
"The Trust relationship between this workstation and the primary domain failed"
When I log off and try to log on to the domain, I get the message:
Windows cannot Connect to this domain, either because the domain controller is down or otherwise unavailable, or because your computer account was not found. Please try again later, contact your system administrator etc etc.
Now then,
WINS is already running on the DC itself (NT 4) I tried nbtstat -RR on it but it didnt work.
Whats odd is that if I do nbtstat -a on the XP machine that IS logging on to the domain, it shows the adapter address as 0.0.0.0. For the machine that is NOT logging onto the domain, I get the adapter address. This may be because the one that DOES log on is a laptop and has two NICS. Maybe its just looking at the wrong one.
Here is nbtstat output from the machine thats having the problem..it looks normal to me:
C:\Documents and Settings\Lisa>nbtstat -n
Local Area Connection:
Node IpAddress: [192.168.156.64] Scope Id: []
NetBIOS Local Name Table
Name Type Status
--------------------------
SMITH <00> UNIQUE Registered
SUNCOAST <00> GROUP Registered
SMITH <03> UNIQUE Registered
SMITH <20> UNIQUE Registered
SUNCOAST <1E> GROUP Registered
LISA <03> UNIQUE Registered
ASKER
I just realized one of my own comments might be misinterpreted..
-WINS is already running on the DC itself (NT 4) I tried nbtstat -RR on it but it didnt work.
When I say 'it didnt work' I mean it didnt fix the problem. The actual release and renew worked fine.
-WINS is already running on the DC itself (NT 4) I tried nbtstat -RR on it but it didnt work.
When I say 'it didnt work' I mean it didnt fix the problem. The actual release and renew worked fine.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Nice find, Matt.
Thanks for sharing that with us!
- Cheers!
Thanks for sharing that with us!
- Cheers!
Tried this but did not work.
Enable NetBios over TCP/IP in WIndows XP
Step 1: Turn On NetBIOS over TCP/IP
Click Start, click Control Panel, and then click Network and Internet Connections.
Click Network Connections.
Right-click Local Area Connection, and then click Properties.
Click Internet Protocol (TCP/IP), and then click Properties.
Click the General tab, and then click Advanced.
Click the WINS tab.
Under NetBIOS setting, click Enable NetBIOS over TCP/IP, and then click OK two times.
Click Close to close the Local Area Connection Properties dialog box.
Close the Network Connections window.
Step 2: Start the Computer Browser Service
Click Start, right-click My Computer, and then click Manage.
In the console tree, expand Services and Applications.
Click Services.
In the right details pane, verify that the Computer Browser service is started, right-click Computer Browser, and then click Start.
Close the Computer Management window.
References:
http://support.microsoft.com/default.aspx?scid=kb;en-us;318030
http://support.microsoft.com/default.aspx?scid=kb;en-us;314366
http://support.microsoft.com/default.aspx?scid=kb;en-us;315267
http://www.practicallynetworked.com/sharing/troubleshoot/slowbrowse02.htm
http://www.michna.com/kb/WxNetwork.htm
One more submitted by expert LLYQUID:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;304040