• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 783
  • Last Modified:

NT4 domain upgrading to win2k3 domain

I upgraded my NT 4 domain to win2k3 domain, the domain controllers working fine, passed all dcdiag and netdiag. dns are correct. now i tried to log on to the clients, they are still NT4 machines, i couldn't log on, it's saying the domain does not exist. what should i do? i was going to log on to the machine to install the dsclient.

thanks
0
katie_miguel
Asked:
katie_miguel
1 Solution
 
Jay_Jay70Commented:
Hi katie_miguel,

you may need to rejoin the clients to the domain  -  not sure on the details with NT
0
 
katie_miguelAuthor Commented:
i can't log on to the machine, no one knows the local admin password. and the machines are all over the area, i can't use the password crack
0
 
Netman66Commented:
Try disabling SMB signing on the server.  NT4 can't deal with it.

On the Default Domain Controller policy:

Computer Config>Windows Settings>Security Settings>Local Policies>Security Options ::

Domain member: Digitally encrypt or sign secure channel data (always) = Disabled.
Domain member: Digitally encrypt secure channel data (when possible) = Enabled.
Domain member: Digitally sign secure channel data (when possible) = Enabled.

The key is the first entry, although the rest are important.

Let us know.
0
NEW Veeam Backup for Microsoft Office 365 1.5

With Office 365, it’s your data and your responsibility to protect it. NEW Veeam Backup for Microsoft Office 365 eliminates the risk of losing access to your Office 365 data.

 
Kini pradeepCommented:
i would agree with netman.
can you also check the restrictanonymous and LMcompatibilty values in the Registry under LSA.
0
 
katie_miguelAuthor Commented:
hi Netman66,

nice to hear from you again. the option Domain member: Digitally encrypt or sign secure channel data (always) = Disabled. is greyed out, i can't change it. it was enabled by default. i just found out that my domain function level is 2003, but i still have 2 working nt4 bdcs in the domain, do i need to demote them first? i tried to rejoin the client to the domain, after it's successfully joined to the domain. when i try to log on, it's still saying the domain is unavailable.
0
 
Netman66Commented:
Likewise Katie.

What level exactly is the domain and forest?  If it's 2003 Interim then your NT servers are okay.  If not, then therein lies the issue.

NT4 BDCs cannot participate in a 2003 or 2000 Native domain.  If this turns out to be the case, then you'll need to salvage any data on the BDCs, remove them and carve them out of AD.

As for the SMB signing being greyed out, make sure you're at the console of the 2003 server and logged in with DA rights.

Let us know.
0
 
Netman66Commented:
You might also want to check the Default Domain Policy to see if the SMB signing has been set there.  
0
 
katie_miguelAuthor Commented:
the forest and domain level are all win2k3 native. i'm using upromote to demote the bdcs right now.
0
 
Netman66Commented:
Bummer...how'd that happen?

By default, 2003 installs in Windows 2000 Mixed mode.

0
 
katie_miguelAuthor Commented:
oh, i joined the new domain as a child domain in my existing forest, the forest was win2k3. i think that was what happend. and i found out all the old nt4 clients use lmhosts, and it has the domain defind in it. i guess there are a lot cleaning up before i know what's exactly going on.
0
 
Netman66Commented:
That would be a valid observation!

You can clear out LMHOSTS now.

I thought you upgraded the domain?
0
 
katie_miguelAuthor Commented:
i did upgrade my domain, but the old clients are not registered with wins. it's taking a long time to demote my pdc, still haven't done yet.
0
 
Netman66Commented:
Ummm...

Hold on now...

If you upgraded your NT4 domain, you had to have upgraded the PDC - why is there still a PDC?

I'm either really not understanding you or there is something terribly wrong with what has been done there.

Please take a few minutes and explain what you did with respect to this "upgrade".  Please be specific.

0
 
katie_miguelAuthor Commented:
oh, i'm sorry, i mean the bdc
0
 
Netman66Commented:
Whew...!  That's better.

For a minute there I had visions of your domain going bye-bye...

You can setup WINS on the new server and enable DNS to use it as well so that you are well covered in the resolution department.  In fact, with NT4 clients I would likely setup WINS myself for this case.

You also want to install the DSClient on those NT4 workstations so that they are directory-aware.

http://www.microsoft.com/ntworkstation/downloads/Other/adclient.asp

Keep me posted.
0
 
katie_miguelAuthor Commented:
they are nt 4 servers, do i still need dsclient?
0
 
Netman66Commented:
I thought you said you had NT4 clients?    The DSClient is for the NT4 workstations.

0
 
katie_miguelAuthor Commented:
hi, netman66,

now i have some new problems, when i try to log on to the domain, the nt4 server i joined to the domain gave me "the system can not log you on (c00000E5), please try agian or consult your system administrator. and something wiered happen to my ipc$ share. whenever i try to get to the win2K3 DC, it saids " server is not accessible. you might not have permission to use this network resource. contact the administrator of this server to find out if you have access permissions. the reference account is currently locked out and may not be logged on to. it doesn't even prompt me for the user name and password.  i hope my whole domain is not fried. :(
0
 
katie_miguelAuthor Commented:
never mind, for some reason, my account was locked out.
0
 
katie_miguelAuthor Commented:
thanks for all the help, i finally got everything working. the problem was all the clients were configured with the lmhost file, i got rid of them, and reconfigured the wins and dns, it's all working now.
0
 
Netman66Commented:
That would do it!

Good job.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now