jeremywatco
asked on
NT to Windows 2000 Server Login Issues.
We have been in the process of upgrading from NT to Active Directory. Here is the basic rundown of how that was accomplished:
1. Promote BDC to PDC
2. Upgrade new PDC to Windows 2000 Server
Last night I flipped the switch and shutdown all NT Domain Controllers, just leaving the one Active Directory Domain Controller running. Made sure they I could log into my W2K Pro machine, and assumed everything was fine.
Come in to the office this morning and all hell is breaking loose. People either can't login to their Win98 machines or the 2000 Pro users cannot get into their email (exchange). I turned the NT BDC back on and everything was fine.
Did I miss something in this upgrade? The new 2000 DC is running DNS, WINS & DHCP and everything is configured properly. I can ping and perform lookups agains the DC from the workstations having issues. Any ideas? Would these machines still be trying to find the NT DC?
1. Promote BDC to PDC
2. Upgrade new PDC to Windows 2000 Server
Last night I flipped the switch and shutdown all NT Domain Controllers, just leaving the one Active Directory Domain Controller running. Made sure they I could log into my W2K Pro machine, and assumed everything was fine.
Come in to the office this morning and all hell is breaking loose. People either can't login to their Win98 machines or the 2000 Pro users cannot get into their email (exchange). I turned the NT BDC back on and everything was fine.
Did I miss something in this upgrade? The new 2000 DC is running DNS, WINS & DHCP and everything is configured properly. I can ping and perform lookups agains the DC from the workstations having issues. Any ideas? Would these machines still be trying to find the NT DC?
Most of you machines probably used WINS to do a lookup for the BDC's and tried to authenticate against servers that are not there. So alot of stuff has too be cleaned up. I will get you some more info in a few.
Joel
Joel
Here is the article you need from Microsoft.
http://www.microsoft.com/technet/prodtechnol/windows2000serv/deploy/cookbook/cookchp2.mspx
Upgrading the PDC to Windows 2000 is ther first step. But that does not remove the need for the BDC's. They are still part of your environment. Please review the article.
J
http://www.microsoft.com/technet/prodtechnol/windows2000serv/deploy/cookbook/cookchp2.mspx
Upgrading the PDC to Windows 2000 is ther first step. But that does not remove the need for the BDC's. They are still part of your environment. Please review the article.
J
ASKER
Thanks for the response. But I am still pretty confused. I didn't really get anything out of that article. Any specifics that can help me in this situation. What I am try to do is retire the old BDC completly and switch to native mode with just one DC (will create a secondary DC later).
Also, another odd thing. The NT BDC sometimes cannot contact the 2000 DC, thats odd. If I go into NT server manager about 2/3 of the time it says it cannot locate the Primary DC, and the other 1/3 time it works just fine and I can perform domain wide operations.
Something is really fishy.
Also, another odd thing. The NT BDC sometimes cannot contact the 2000 DC, thats odd. If I go into NT server manager about 2/3 of the time it says it cannot locate the Primary DC, and the other 1/3 time it works just fine and I can perform domain wide operations.
Something is really fishy.
What were the steps you followed to upgrade your domain. What happened to the original PDC etc.?
J
J
ASKER
ok here are the steps i did:
1. brought in a temp server and loaded it as a NT4 BDC & sync'd
2. promoted the temp server to PDC & took old PDC offline as a backup
3. upgraded the temp server to 2000 server
4. did a clean install of 2000 server on a new machine
5. allowed temp 2000 server to replicate with new machine
6. took temp server down
7. brought original pdc back up as a bdc.
now i am trying to get rid of that original pdc which is now a bdc.
1. brought in a temp server and loaded it as a NT4 BDC & sync'd
2. promoted the temp server to PDC & took old PDC offline as a backup
3. upgraded the temp server to 2000 server
4. did a clean install of 2000 server on a new machine
5. allowed temp 2000 server to replicate with new machine
6. took temp server down
7. brought original pdc back up as a bdc.
now i am trying to get rid of that original pdc which is now a bdc.
Whe you installed the Second 2000 server and let Active Directory syncronize, did you uninstall Active Directory on the first Windows 2000 server before removing it?
ASKER
Yes. I ran DCPromo & made it a member server first so that all the roles and config were transfered over.
I would try removing the BDC's, then remove them from DNS and WINS. After that you will need to reboot every computer. If any of your workstations are holding browse lists, etc, they can be telling the machines to go to the BDCs. How many subnets and workstations do you have?
ASKER
Single Subnet.
I will try what you suggested and report back tomorrow.
I will try what you suggested and report back tomorrow.
ASKER
Ok... I did the above and that did not fix it. I was however able to resolve the problem with my 2K & XP Machines. Their SIDS must have gotten messed up because I re-added them to the domain and they function just fine.
However 98 machines will not authenticate against the 2000 Server. Here is what I did to try and force them to:
Changed DHCP over To Static IP, Static WINS, Static DNS -- Did Nothing
Created LMHOSTS with Domain Info in it -- Did Nothing
Rebooted 100's of times --- Did Nothing
They simply say "No Domain Server was Available to Validate your Password", but I can still browse network resources and gain access, so something is off!
However 98 machines will not authenticate against the 2000 Server. Here is what I did to try and force them to:
Changed DHCP over To Static IP, Static WINS, Static DNS -- Did Nothing
Created LMHOSTS with Domain Info in it -- Did Nothing
Rebooted 100's of times --- Did Nothing
They simply say "No Domain Server was Available to Validate your Password", but I can still browse network resources and gain access, so something is off!
Go to one of the Windows 98 machines and open its Network Configuration, from within make sure Microsoft Networking is installed and then add it to a workgroup and reboot, when it comes back, put the Domain back in and reboot again.
Did you rename the domain, or make any changes at all when you installed the Active Directory server.. ?
Did you rename the domain, or make any changes at all when you installed the Active Directory server.. ?
ASKER
Domain was not renamed.
Went to the 98 machine and made the changes you suggested.. still no luck :(
Went to the 98 machine and made the changes you suggested.. still no luck :(
Did you know if there were any changes to the security provider such as, NTLM etc. and did you make the new server a Native AD DC, or is it still in mixed mode?
In addition, make sure you can ping the new domain controller from the win98 machine by name.
And last but not least, when Windows 98 boots up to the login screen are you getting prompted for a Username,
J
In addition, make sure you can ping the new domain controller from the win98 machine by name.
And last but not least, when Windows 98 boots up to the login screen are you getting prompted for a Username,
J
ASKER
No changes have been made. & we are still running in mixed mode.
I can ping fine.. the clients are able to resolve names just fine (which is why i dont understand this issue)
I do get prompted for a username & password & domain
I tried installing the Active Directory Client... but that didnt do anything for me.
I am thinking of possibly bandaiding this by trying NETBEUI on just these 98 machines... do i need that on the server too? could that fix this? Any other ideas? I dont get it... the Windows 95 machines can login just fine.
I can ping fine.. the clients are able to resolve names just fine (which is why i dont understand this issue)
I do get prompted for a username & password & domain
I tried installing the Active Directory Client... but that didnt do anything for me.
I am thinking of possibly bandaiding this by trying NETBEUI on just these 98 machines... do i need that on the server too? could that fix this? Any other ideas? I dont get it... the Windows 95 machines can login just fine.
That is odd, win95 but no win98. I am not sure. Is there an option for Netbios over TCP/IP in the TCP/IP settings? Netbeui should not have anything to do with it, but it could be NETBIOS. If it is not checked, please check it and try a reboot.
J
J
ASKER
Yes.. its checked.... i am totally confused about this. I just dont get it.. if it was truley a name resolution issue the LMHOSTS file would have cleared it up.. maybe TCPIP needs a reinstall?
Any other suggestions before I pick up the computers and throw them out the window? :)
Any other suggestions before I pick up the computers and throw them out the window? :)
You didn't create a computer account in the domain for the windows 98 computers did you?
J
J
ASKER
Actually I tried that with no luck. I guess windows 9X clients do not require computer accounts.
There should not be any computer accounts with those names, they don't have SIDS for the computers so having anythign in the AD with there computer name will prevent them from logging onto the domain.
J
J
ASKER
I tried them out briefly and deleted them right after that. This was after I was already having the issue
OK... figured as much... I will have to think more about this... I am wondering why no one else has responded... I will also see if I can get some more brains on this.
J
J
ASKER
OK.. I fixed the login problem but now have another related issue....
The login issue was because someone had originally setup this new server with multihoming NIC's on the same subnet :( wish i would have checked that first.
Now the issue I am having is that all these 98 clients are having Outlook Issues (Exchange2000) when they are authenticated to Active Directory. It seems that Outlook will freeze for about 30 seconds and then resume what its doing, then lockup, then resume, etc. When I power the NT BDC back up again everything works fine... very odd indeed.
The login issue was because someone had originally setup this new server with multihoming NIC's on the same subnet :( wish i would have checked that first.
Now the issue I am having is that all these 98 clients are having Outlook Issues (Exchange2000) when they are authenticated to Active Directory. It seems that Outlook will freeze for about 30 seconds and then resume what its doing, then lockup, then resume, etc. When I power the NT BDC back up again everything works fine... very odd indeed.
You are having a rough time. You disabled the other NIC, right? Or did you put it in another subnet? This is important.
ASKER
I actually Teamed them both for load balancing.
OK. You need to go through WINS and DNS, and try to find all entries relating to the Domain and this server and make sure everything is set to the proper address. Additionally, if you Teamed them for load balancing (not fault-tolerance), then you switch must support load balancing and it must be configured for it. If it is not you will have many problems with the teaming configuration. Because of these issues most people run them in fail over mode.
J
J
ASKER
Actually this machine is setup to do transmit load balancing which does not rely on the switch, so that is not the issue.
Also, I reviewed all entries in DNS & WINS, and they are all acurate... i wonder why outlook would hang.
Also, I reviewed all entries in DNS & WINS, and they are all acurate... i wonder why outlook would hang.
Ok... sit down on one of those machine and do a "ping -t exchangeservername", wait a while and hit ctrl-c. Are you getting 100% response? This is odd.
J
J
ASKER
Good idea.. however.. no suck luch.. 100% response.. sending an email locks outlook up for about 25 seconds or so.. then it goes out fine.. if i fire up the old server then everything works perfect... strange that this is effecting outlook now.. exchange is a different server from the DC and we have never had issues with it.. so it must be some sort of auth issue.
the Exchange 2000 server is on a Windows 2000 member server, that was a member of the NT domain and is now a member of the new AD domain, right?
ASKER
It's exchange 2000 and depends on AD, it was never a part of the NT domain. The old 5.5 server that we upgraded was.. but that has been decomisioned for some time now.
So the Exchange 2000 server, is brand new, you just set it up, after you upgraded the PDC to AD?
J
J
ASKER
Yeah.. then I moved all the mailboxes from the old 5.5 server to the 2000 server.... so it is new.
OK... You probably have a known issue, regarding the Address book, Outlook and moving the mailboxes. It has to do with the Personal Address Book. It can happen to any user, but it usually occurs when you send email to someone that is not in the Exchange System. Could this be the issue? If it is I could probably track down the KB.
J
J
ASKER
Well.. the only thing is, that this Exchange 2000 Server has been operating for about 2 months now. So all the clients have been connecting to this for email for a while without issue. It is only when I shut down the old PDC (no longer running exchange) that I run into issue. So I dont think it has to do directly with moving the mailboxes since this just came up recently and resolves itself whenever i boot the old pdc back up.. make any sense or am i just rambling on (long day, need food) :)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Well.. i recreated the outlook profiles and so far so good.
Thanks for the help.. i raised the points to 500, wish I could go higher because you were a great help.
Thanks again
Thanks for the help.. i raised the points to 500, wish I could go higher because you were a great help.
Thanks again
ASKER