Windows 2000 Client doesn't connect to Windows 2000/2003 domain correctly

Posted on 2005-05-10
Last Modified: 2010-04-14
This is a really odd situation which is why I'm having a hard time finding any documentation to resolve it.  I have two DC's one running Windows 2000 and the other running Windows 2003.  All my client machines are running Windows 2000, but they are located in two subnets.  One subnet is the same as the servers is running just fine, but the other subnet clients can't connect to the printers and they get "Disk Full" errors when trying to save on the file server.  This is really bazarr but this issue surfaced about the same time as I upgraded AD to accomindate the 2003 server.  Just for kicks, I brought one machine from the other subnet over plugged it in and everythign works fine.  This rules out any updates or viruses for the time being.  I've even configured the network cards exactly the same as my test machine in the working subnet... no change.  One of the machines is receiving a 5789 DNS error "Access Denied"  but the others are not.   This machine is giving me an LDAP error while running NetDiag, but DCDIAG is passing.  The LDAP is the "SPN registration is missing", but I've unjoined this computer and joined it multiple times and still nothign.  Is there another program here that I'm missing, somethign that shows me I don't have a complete connection or somethign????

Question by:Mach03
    LVL 25

    Accepted Solution

    firstly can the pcs in the non-DC subnet ping your DCs??
    can you explain more about your printing setup?  how do your users print? via IP or print server?  in either case can they ping the ip of the printer or the print server?

    what method did you use to upgrade your domain to 2003??? it sounds as though you are running in 2000 native mode right?

    this link will tell you how to properly upgrade your domain from 2000 to 2003:

    this link will exlain different 2003 functional levels:

    Author Comment

    yes, the non-dc subnet can ping the DCs and it allows then to login.  I've done a test by changing a group policy and the setting are pushed through.  From a security standpoint, I have both set in the same OU with the same settings, so I'm ruling that out.

    The printers are a standard IP share from on the DC's and yes they can ping that server.   Since it's on of the DC's it running DNS and I have it set to my primary DNS.  When I run Nslookup it connected and gives my various IPs of sites all over the world.

    The method I did was a default action that the Windows 2003 setup did when I ran dcpromo on the 03 server.  It detected that my 2000 domain (yes native mode) wasn't prepaired for the 2003 server and it asked me to upgrade the domain before I did. I shifted the Domain Naming Master & RID Master FSMO's to the server running 2000 (PDC) and ran the "prepair 2000 domain for 2003" wizard.  Once that was done, I ran dcpromo on the 03 server and sync the AD.

    I'm back over in the non-dc subnet, brought the machine back and it's still not working properly.  The good news is I ran netdiag.. no errors.  I ran dcdiag on both of my DC's.. not errors neither.  However, printer and file shares are still giving me issues.  If I have all the settings the exact same, but just move the pc from one building to the next, how can this be?  The DNS servers, WINS server, and gateway are all connected and pingable (is that a word?) but still no method to the madness.
    LVL 25

    Expert Comment

    i think i may have missed something when i first read this post,,, is this happening for just one machine, or on all machines in the non-DC subnet?? If it is happening on just one machine i would remove it from the domain, reboot it, rename it, reboot it, and then re-add it to the domain, reboot.  This will give this computer a whole new account in AD.  

    Author Comment

    Good point, it's happening with all the computers on that subnet.   One machine I did remove it, rename it, and rejoin it.  Still nothing.  

    Author Comment

    Okay, now I'm getting a DCOM 10003 error.  "Access denied attempting to launch a DCOM Server using DefaultLaunchPermission.  The server is {00020906-0000-0000-C000-0000000046}  The user is Unavailable/Unavailable, SID=Unavailable.

    I've search the internet, but I haven't found any REAL descriptions to this probme or how to fine the {0002~46} server.  

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
    Great sound, comfort and fit, excellent build quality, versatility, compatibility. These are just some of the many reasons for choosing a headset from Sennheiser.
    In this sixth video of the Xpdf series, we discuss and demonstrate the PDFtoPNG utility, which converts a multi-page PDF file to separate color, grayscale, or monochrome PNG files, creating one PNG file for each page in the PDF. It does this via a c…
    Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now