[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

Windows 2003 Logon problem

Posted on 2004-10-31
12
Medium Priority
?
175 Views
Last Modified: 2010-05-18
    My company had two DC’s – one crashed and was removed from AD.  Near as I can tell all FSMO roles have been moved.  Ever since this time when we create new users in AD they are unable to logon.  The error is the generic “Systems could not log you on . . . check your user name and password” message.
0
Comment
Question by:BRSage
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 2
  • +1
12 Comments
 
LVL 104

Expert Comment

by:Sembee
ID: 12458434
First thing I would do is check that all the roles have been transfered correctly.

Install the support tools from the Windows server CD on to a domain controller.
Then run the following command in a command prompt:

netdom query fsmo

This will show what server has the key roles.
You will need to seize the ones that are still with the old server.

Have you introduced a replacement domain controller since the first one died? Is replication between those servers working correctly?
Any errors in the event logs of the domain controllers regarding replication or other AD related issues?

Simon.
0
 

Author Comment

by:BRSage
ID: 12460290
Here are the results of the query:

Schema owner                cisms04.cisinsgroup.com

Domain role owner           cisms04.cisinsgroup.com

PDC role                    cisms04.cisinsgroup.com

RID pool manager            cisms04.cisinsgroup.com

Infrastructure owner        cisms04.cisinsgroup.com

The command completed successfully.

No replacment has been introduced.  The event logs show no errors what so ever.  Any other thoughts?
0
 

Author Comment

by:BRSage
ID: 12460294
Also . . . CISMS04 is the correct name for DC
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 5

Expert Comment

by:map000
ID: 12461533
the clients are win 2000 or nt, win 98 ...?
0
 
LVL 11

Accepted Solution

by:
cfairley earned 2000 total points
ID: 12461803
Make sure that CISMS04 is a Global Catalog server.  AD allways queries a GC when logging on users.  Previous users are possibly using cached credentials.  To do this:

1. Click Start , point to Programs , point to Administrative Tools , and then click Active
Directory Sites and Services .
2. Double-click Sites to expand it, expand Servers.
3. Double-click the domain controller to expand the server contents.
4. Right-click the NTDS Settings object that is listed below the server, and then click
Properties .
5. On the General tab, click to select the Global Catalog check box to add the global catalog
function to the domain controller, and then click OK to apply the changes.

Also, when you remove a crashed DC, it's best to do a metadata cleanup.  That will completely remove all references to the old DC.  There could also be some entries in DNS for the old DC.  Here is a link that show how to remove a DC.

http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B216498
0
 

Author Comment

by:BRSage
ID: 12462624
Clients are Windows 2000 and XP - this is only a problem when new users are created, existing users are working just fine

CISMS04 is a Global Catalog server and I have performed the metadata cleanup

Other ideas?
0
 
LVL 5

Expert Comment

by:map000
ID: 12462885
do you have any failed logon messages in event viewer -> security?
0
 
LVL 5

Expert Comment

by:map000
ID: 12462920
you can also check the dns records from the DNS server ( you should delete the old records)
0
 
LVL 11

Expert Comment

by:cfairley
ID: 12463072
Are the new users logging on to new PCs?  If so, I would try logging them onto PC that an old user logs on to.  Just making sure that the machine account is not an issue as well.
0
 

Author Comment

by:BRSage
ID: 12467772
No failed logon messgaes in the event viewer
All DNS referances have been removed
New user accouants are logging on to existing machines

Any other thoughts?
0
 
LVL 5

Expert Comment

by:map000
ID: 12503037
I was interested about your problem.
Can you explain how did cfairley's answer helped you?
you said your DC was a GC
0
 

Author Comment

by:BRSage
ID: 13108165
The part that was the most help was " it's best to do a metadata cleanup.  That will completely remove all references to the old DC"  After cleaning up the metadatabase everything worked much better!
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
Video by: ITPro.TV
In this episode Don builds upon the troubleshooting techniques by demonstrating how to properly monitor a vSphere deployment to detect problems before they occur. He begins the show using tools found within the vSphere suite as ends the show demonst…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
Suggested Courses

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question