[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 177
  • Last Modified:

Windows 2003 Logon problem

    My company had two DC’s – one crashed and was removed from AD.  Near as I can tell all FSMO roles have been moved.  Ever since this time when we create new users in AD they are unable to logon.  The error is the generic “Systems could not log you on . . . check your user name and password” message.
0
BRSage
Asked:
BRSage
  • 5
  • 4
  • 2
  • +1
1 Solution
 
SembeeCommented:
First thing I would do is check that all the roles have been transfered correctly.

Install the support tools from the Windows server CD on to a domain controller.
Then run the following command in a command prompt:

netdom query fsmo

This will show what server has the key roles.
You will need to seize the ones that are still with the old server.

Have you introduced a replacement domain controller since the first one died? Is replication between those servers working correctly?
Any errors in the event logs of the domain controllers regarding replication or other AD related issues?

Simon.
0
 
BRSageAuthor Commented:
Here are the results of the query:

Schema owner                cisms04.cisinsgroup.com

Domain role owner           cisms04.cisinsgroup.com

PDC role                    cisms04.cisinsgroup.com

RID pool manager            cisms04.cisinsgroup.com

Infrastructure owner        cisms04.cisinsgroup.com

The command completed successfully.

No replacment has been introduced.  The event logs show no errors what so ever.  Any other thoughts?
0
 
BRSageAuthor Commented:
Also . . . CISMS04 is the correct name for DC
0
Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
map000Commented:
the clients are win 2000 or nt, win 98 ...?
0
 
cfairleyCommented:
Make sure that CISMS04 is a Global Catalog server.  AD allways queries a GC when logging on users.  Previous users are possibly using cached credentials.  To do this:

1. Click Start , point to Programs , point to Administrative Tools , and then click Active
Directory Sites and Services .
2. Double-click Sites to expand it, expand Servers.
3. Double-click the domain controller to expand the server contents.
4. Right-click the NTDS Settings object that is listed below the server, and then click
Properties .
5. On the General tab, click to select the Global Catalog check box to add the global catalog
function to the domain controller, and then click OK to apply the changes.

Also, when you remove a crashed DC, it's best to do a metadata cleanup.  That will completely remove all references to the old DC.  There could also be some entries in DNS for the old DC.  Here is a link that show how to remove a DC.

http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B216498
0
 
BRSageAuthor Commented:
Clients are Windows 2000 and XP - this is only a problem when new users are created, existing users are working just fine

CISMS04 is a Global Catalog server and I have performed the metadata cleanup

Other ideas?
0
 
map000Commented:
do you have any failed logon messages in event viewer -> security?
0
 
map000Commented:
you can also check the dns records from the DNS server ( you should delete the old records)
0
 
cfairleyCommented:
Are the new users logging on to new PCs?  If so, I would try logging them onto PC that an old user logs on to.  Just making sure that the machine account is not an issue as well.
0
 
BRSageAuthor Commented:
No failed logon messgaes in the event viewer
All DNS referances have been removed
New user accouants are logging on to existing machines

Any other thoughts?
0
 
map000Commented:
I was interested about your problem.
Can you explain how did cfairley's answer helped you?
you said your DC was a GC
0
 
BRSageAuthor Commented:
The part that was the most help was " it's best to do a metadata cleanup.  That will completely remove all references to the old DC"  After cleaning up the metadatabase everything worked much better!
0

Featured Post

[Webinar] Improve your customer journey

A positive customer journey is important in attracting and retaining business. To improve this experience, you can use Google Maps APIs to increase checkout conversions, boost user engagement, and optimize order fulfillment. Learn how in this webinar presented by Dito.

  • 5
  • 4
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now