• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3226
  • Last Modified:

Windows cannot connect to the new domain because: the logon attempt failed.

Hi,

We had a tech resign yesterday so we needed to change our administrative passwords.  We have a domain that consists of a single domain controller and no member servers.  It has about 20 clients attached to it.  We changed the administrative password and rebooted the server.  We entered the new administrator password and it came up fine.  However, now when we now go into AD Users & Computers we get the following dialog:

"Naming information cannot be located because: The Logon attempt failed."

The AD Users and Computers MMC will then come up but the snap-in has a red X on it.  If we try to connect to the domain from within the MMC we get this dialog:

"Windows cannot connect to the new domain because: the logon attempt failed."

Bottom line is why did we lose the authentication to AD and is there anyway to recover it?  I have seen some documentation on the use of NETDOM but I'm not sure how to proceed.

Any assistance will be most humbly appreciated.

Doug
0
dugodugo
Asked:
dugodugo
  • 3
  • 3
4 Solutions
 
Rob StoneCommented:
This might help

http://support.microsoft.com/?kbid=257346

Can you post the event id error and source?

If you right click My Computer and select Manage, then select Event Viewer and System you will have some red crosses in their. They will help.
0
 
dugodugoAuthor Commented:
I didn't see anything in the Event Logs that pertains to this.  I'll keep looking, but there's nothing that stands out.

Now, let's take a deep breath here, when I connect to the server using Remote Connect from my XP Desktop, I can logon fine using the Administartive password.  Once I have a remote session going I can launch AD fine from there!!!!  That my friends is what I call real strange???  What is it about a Terminal Service Session that allows for the Authentication with AD but won't allow it from the server itself???  Micosquish true to form here.

Anyway, things have taken a step to the better here, because I had thought I had lost my AD.  I am in on the Desktop, however, I'm not going to change the Adminstrative password back just yet.  I want to get some more input on this.  And I guess I'm wondering why I can't change my Admin Password without the system not updating the AD authentication.

Now here's a bit more info.  This box was an "upgrade" from WinNT 4.0.  My experience has been you NEVER want to upgrade from NT4.0 but instead do a clean install and re-establish accounts.  Yes more work but cleaner in the long run.  We have had problems in the past with the AD on this server in that when you change a persons name or other info, it says that it can not verify the changes made.  This tells me that something is not quite right in Kansas with this system.

Any thoghts?

Doug  
0
 
tengageCommented:
Are there any other authentication problems?  Are your users able to logon to the domain?  Are file shares accessible?  Did you check event logs on the DC?  Look on the DC under Event Logs | Security and see if there are any problems.  If not, it may just be that your policy is not set to enable failed logon attempts.  For fun, have you rejoined your workstation to the domain?  Another thing to try would be to right click the ADUC icon and "run as" the "administrator" account (assuming you all have unique IDs and don't use Administrator all the time).  Are you able to use any of the other AD tools such as "sites and services" or "domains and trusts"?
0
New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

 
tengageCommented:
PS

Here is another link.  It's symptom is the same one you described.  It's resolution is to rebuild the security config databases.  I would be careful as I don't know the ramifications, and you are only running one domain controller.  You should seriously consider promoting another AD server (even if it is not really a server class machine and won't hold any FSMO roles).

Let us know
0
 
dugodugoAuthor Commented:
Ok...tengage's link looks like the solution.  I believe that the WinNT4.0 upgrade to Win2000 server may have caused some problems with the Security Config.  This is the first we have tried to change the Admin PW and this is the result, so something ain't right in Kansas.

I have changed the admin password from the Remote Connect Terminal Session back to what it was and rebooted the server.  It came up fine and let me in as Admin.  I can now access the AD Snap In's fine.  Wheeeewww!!!  Looks like we're back in the saddle.

I do however want to get the PW changed so I'll continue to investigate and provide an update here when I get a solution (for future searches).  First thing to do though is a full backup of the AD, and I may get a box setup just to replicate it on another platform.

Thanks for all the help...I'll divey up points appropriately,

Doug
0
 
dugodugoAuthor Commented:
I found out what this issue was...it was an issue with the Global Catalog.  The permissions on it were set for "Domain Admins" but not local administrators.  Once I added the local admins in with full control to the Global Catalog, it worked properly.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now