?
Solved

Suddenly can't log into domain from one specific PC - getting "account is disabled" error even though the domain accounts aren't disabled in AD

Posted on 2006-06-09
8
Medium Priority
?
1,220 Views
Last Modified: 2012-06-27
We have a Windows 2000-based domain in our company, running almost exclusively Windows XP clients. However, one of our client machines, a Windows 2000 Pro box (SP3), is having an issue.

When a user tries to log onto the PC with the username/domain that has always worked, it now comes up with an error saying the account is disbled and to call the administrator. The domain account works fine on other PCs in the domain and is not disabled in AD. In fact, every domain account we tried comes up with this error on this PC. The only way to log on is through the local administrator login.

Once I was able to log in locally, I looked at the list of user profiles (obtained through My Computer) and all the domin accounts say "Account Unknown" under the name column! The only ones that show up correctly are the local accounts.

I also tried to have a user (that has never logged into this computer before) log onto the PC with his domain account and he also received the account disabled error. I checked the PCs IP settings and they're fine. I also tested browsing a domain file server and that worked after supplying proper credentials, which proves to me that it's definitely still seeing the network and communicating with the domain controllers.

Does anyone have a solution to fix this problem? We'd like to be able to log into the domain again on this PC without wiping it off and starting over. I'm sure it's not an AD issue since the domain accounts work fine on other PCs on the domain.

I'm wondering if a user was doing something he/she shouldn't have been doing. We allow Domain Users as local administrators, so it's possible that a user could tinker with the registry, local group policy, etc.

Thanks for the help,
Jeff
0
Comment
Question by:mschmidt14
8 Comments
 
LVL 9

Expert Comment

by:louy3
ID: 16873506
Check to be sure that the time on your PC is in sync with the server.
0
 

Author Comment

by:mschmidt14
ID: 16873856
The time is right in line with our domain. You made me aware of an area I didn't even think of checking- the local PC's Event Viewer! In there I find tons of entries like this:

Event Type:      Error
Event Source:      NETLOGON
Event Category:      None
Event ID:      5721
Date:            5/29/2006
Time:            8:41:13 PM
User:            N/A
Computer:      PACCAR-88CF36D8
Description:
The session setup to the Windows NT or Windows 2000 Domain Controller <Unknown> for the domain [our domain] failed because the Domain Controller does not have an account for the computer [insert PC name here].
Data:
0000: 8b 01 00 c0               ?..À
______

I also see a lot of these starting on a specific date/date:

Event Type:      Error
Event Source:      Userenv
Event Category:      None
Event ID:      1000
Date:            5/19/2006
Time:            11:51:46 AM
User:            NT AUTHORITY\SYSTEM
Computer:      [insert PC name here]
Description:
Windows cannot determine the user or computer name. Return value (1317).

Jeff
0
 
LVL 8

Expert Comment

by:caddlady
ID: 16874252
I had this problem before and cannot remember where I fixed it at.  It seems as though I had to enable legacy computer support in Group Policy or the Domain Policy and then they were able to logon.

Try the Microsoft page below... It may have the solution for you.  In the meanwhile, I will try to locate the setting that I changed.

http://support.microsoft.com/?id=555038
0
Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

 
LVL 9

Accepted Solution

by:
louy3 earned 600 total points
ID: 16874352
Goto active directory users and computers on the server.  Expand computers, and delete the computer name of the problem pc, then re-add it to the list.  Reboot the problem pc.
0
 

Author Comment

by:mschmidt14
ID: 16874495
Louy3-

I looked in AD and it turns out this PC was in the Users folder, not the "computers" folder or the "[domain] computers" folder. I moved it to the latter. I wonder if that will help? There's no consequence for deleting the computer from the list and re-adding it?

Thanks,
Jeff
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 16875195
You could also remove the the PC from the domain from the PC and then rejoin it back and see if that helps.

Thanks
Mike
0
 
LVL 9

Expert Comment

by:louy3
ID: 16884516
It should help.  But, If the SID is messed up, it will be ok to remove it from the list and re-add it.
0
 

Author Comment

by:mschmidt14
ID: 16887624
Once I moved the computer from the Users group to the Domain Computers group and restarted the PC, I was able to log in fine with the domain.
0

Featured Post

Take Control of Web Hosting For Your Clients

As a web developer or IT admin, successfully managing multiple client accounts can be challenging. In this webinar we will look at the tools provided by Media Temple and Plesk to make managing your clients’ hosting easier.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
SingleRun is a tool that ensures that only one instance of an application is started, running it again brings the application to focus.
There may be issues when you are trying to access Outlook or send & receive emails or due to Outlook crash which leads to corrupt or damaged PST file. To eliminate the corruption from your PST file, you need to repair the corrupt Outlook PST file. U…
If you are looking for an automated solution for backup single or multiple Office 365 user mailboxes to Outlook data file, then you can use Kernel Office 365 Backup & Restore tool. Go through the video to check out the steps to backup single or mult…

600 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question