Solved

Domain Connection Issues

Posted on 2004-10-30
149 Views
Last Modified: 2010-04-13
Working with a new network.. Replacing an old network.
9 client machines, configured to login to the domain will now not log onto the domain. the domain is the same as before, there is no change.
The clients are running Windows 2000 Pro, we cannot log in via the domain, and can not login via the XXXXX (this computer) option in the login screen.
Is DHCP needed to have the server reconize these workstations? If so, how can I configure the computers to find the DHCP server? The internal IP of the DHCP server never changed, but when we try to login it says the domain can not be found or contacted.
The second server (fresh install) can connect to the first server via login and does successfully, but DHCP is not needed because it has a static IP because it's a server.
Please HELP!!!
0
Question by:iwalmsley
    11 Comments
     

    Author Comment

    by:iwalmsley
    I bootdown all computers, including DHCP server and nothing happens. usually when you reboot the computer asks for an IP and accepts the IP before you even login to the domain right? DHCP is not even seeing those computers when they turn on.
    To make things even stranger,  one client is assigned an ip 10.0.0.11 but cannot login to the domain because it does not exsist or cannot be contacted.
    0
     

    Author Comment

    by:iwalmsley
    added comment:
    We reset passwords to: password and checked 'user must change password at next login'
    we login proper username and the password, it states that user must change password.
    When you try to change password it says, the domain XXXXX is not available.
    When you type in the incorrect password it knows to tell you  that your password is incorrect.
    0
     
    LVL 11

    Expert Comment

    by:WeHe
    check, if any other dhcp server is running in your network. if yes, kill it.
    if there is any router, do you use dhcp proxy in any kind?
    is dhcp configured to offer the dns-servers?
    are theses dns-servers dc's?
    log in with on a workstation with local administrator and check "ipconfig /all" in a cmd windows.
    0
     
    LVL 7

    Accepted Solution

    by:
    to answer you first question, about login issues.

    Ok It would be good if you could provide a little more infomation, you say you have new network?? what exactly have you replaced?? the domain controler?? if so from what to what?? was it an inplace upgrade or a fresh install on a new box??

    DHCP is a very basic protocall when i say that i mean in the sence that it does not use any authentication.  Basicly any host on a network set to use DHCP will send a DHCP discover packet on boot up, ANY DHCP server will answer the request and anfter a bit of network chatter will assign an IP address from the pool. when you look in DHCP manager on the forest root DC, can you see address's beeing leased?? also logon local to one of the workstations using Administrator and run an IPCONFIG /all then if you can see a sucessfull IP lease and also note the DHCP server address this should be the IP of you DHCP server that you want to use.

    Hit start run, and type \\SERVERIP you should see a login box apear??? if this is the case log on using a DOMAIN ADMIN account.  if you can then browse the network then you know that you have connectivity.

    The next thing is, the logon issues:- more infomation first, but if you have replaced the DC with a new box and fresh install, then the SIDs for the domain will be wrong which is why you are getting logon issues. If this is the case its becasue you have replaed the FSMO Rid master, Sids are generated on the domain and also from the Rid pool. the easiest way is again to logon local, pop the host back into a workgroup, and then rejoin the new domain. try this first and let me know how you go.

    Paul Knight
    Network Consultant
    MCSE 2000/2003, CCNA, CompTIA Secutiy +, Linux +

    0
     

    Author Comment

    by:iwalmsley
    Reformated both Win2K servers. We had an intrusion to the network and it deleted the exchange data bases and AD.  Both servers are new fresh installs. Same hardware. Same domain name.
    I set DHCP up using the Configure Your Server, then went in and added a scope 10.0.0.11 - 10.0.0.99. My servers/printers/firewall reside on 10.0.0.1 - 10.0.0.10
    The only address being leased is to one machine a WindowsXP machine, but it cannot log into the network, same error.
    I cannot log onto the machines locally, because the owners of the business do not know the password to get in locally. I took over for a very unorganized tech and business. They don't even have the Windows 2000 Pro OS disk for me to do fresh installs of the workstations.
    YES YES YES!! The SIDs are wrong for the domain, I have found that error in the Event Log!
    Paul, if I cannot logon to the machine locally, is there a program out there? How can I get pass the login prompt, if I have been locked out?? I CANNOT login to these machines locally at all. I've tried all passwords, all usernames. everything.
    But the SID idea is what I am thinking is the problem BECAUSE it is a fresh install!!!!!!!!
    0
     

    Author Comment

    by:iwalmsley
    The DC is the DHCP & DNS server.
    It is the only DHCP server in the domain.
    0
     
    LVL 7

    Expert Comment

    by:knightfox
    walmsely...

    you can use a little tool called passware http://www.lostpassword.com/windows-xp-2000-nt.htm I have found it a valuable tool for my administrators pack :))) You really need local access to the boxes to re-join the new domain.  remember if and when you do re-join a new profile will be created on the local computer so any work that had been saved perviously in the useres mydocuments will still be on the old profile.. you will again need to logon on as administrator and copy the work over..  that is if a GPO wasnt securing the local drives. or are roaming profiles being used?????  The other option is to format the local boxes but again you have the issue that if work is stored on the local drives...

    hope this helps and GL :))

    Paul Knight
    Network Consultant
    MCSE 2000/2003, CCNA, CompTIA Secutiy +, Linux +
    0
     

    Author Comment

    by:iwalmsley
    >> or are roaming profiles being used?????

    No, but that's a good idea, any good guides for me to impletment that after I get this problem done?

    I think knightfox has my answer, let me reformat a machine and check.
    0
     
    LVL 11

    Expert Comment

    by:WeHe
    to reset a local administrator password, you can use Erd Commander to boot from.
    0
     
    LVL 7

    Expert Comment

    by:knightfox
    its pretty basic stuf

    http://support.microsoft.com/default.aspx?scid=kb;en-us;302082&sd=tech

    read that and create a share on either the primary drive or in another partition called Users, the sub dir called Staff - Managers - Cleaners ect, these should reflect the OU structure in AD.

    under each folder create Profiles and Work then setup each user to use these folders. should stop any future probelms :))

    Paul
    0
     

    Author Comment

    by:iwalmsley
    knightfox:

    thanks for all your help. There is an exchange question I have in that forum 500 points????????
    http://www.experts-exchange.com/Networking/Email_Groupware/Exchange_Server/Q_21189072.html

    THANKS!
    0

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    6 Surprising Benefits of Threat Intelligence

    All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

    NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
    Skype is a P2P (Peer to Peer) instant messaging and VOIP (Voice over IP) service – as well as a whole lot more.
    This video Micro Tutorial is the first in a two-part series that shows how to create and use custom scanning profiles in Nuance's PaperPort 14.5 (http://www.experts-exchange.com/articles/17490/). But the ability to create custom scanning profiles al…
    In this Experts Exchange video Micro Tutorial, I'm going to show how small business owners who use Google Apps can save money by setting up what is called a catch-all email address in their Gmail accounts. By using the catch-all feature, small busin…

    933 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now