Solved

Suddenly can't log into domain from one specific PC - getting "account is disabled" error even though the domain accounts aren't disabled in AD

Posted on 2006-06-09
8
1,181 Views
Last Modified: 2012-06-27
We have a Windows 2000-based domain in our company, running almost exclusively Windows XP clients. However, one of our client machines, a Windows 2000 Pro box (SP3), is having an issue.

When a user tries to log onto the PC with the username/domain that has always worked, it now comes up with an error saying the account is disbled and to call the administrator. The domain account works fine on other PCs in the domain and is not disabled in AD. In fact, every domain account we tried comes up with this error on this PC. The only way to log on is through the local administrator login.

Once I was able to log in locally, I looked at the list of user profiles (obtained through My Computer) and all the domin accounts say "Account Unknown" under the name column! The only ones that show up correctly are the local accounts.

I also tried to have a user (that has never logged into this computer before) log onto the PC with his domain account and he also received the account disabled error. I checked the PCs IP settings and they're fine. I also tested browsing a domain file server and that worked after supplying proper credentials, which proves to me that it's definitely still seeing the network and communicating with the domain controllers.

Does anyone have a solution to fix this problem? We'd like to be able to log into the domain again on this PC without wiping it off and starting over. I'm sure it's not an AD issue since the domain accounts work fine on other PCs on the domain.

I'm wondering if a user was doing something he/she shouldn't have been doing. We allow Domain Users as local administrators, so it's possible that a user could tinker with the registry, local group policy, etc.

Thanks for the help,
Jeff
0
Comment
Question by:mschmidt14
8 Comments
 
LVL 9

Expert Comment

by:louy3
ID: 16873506
Check to be sure that the time on your PC is in sync with the server.
0
 

Author Comment

by:mschmidt14
ID: 16873856
The time is right in line with our domain. You made me aware of an area I didn't even think of checking- the local PC's Event Viewer! In there I find tons of entries like this:

Event Type:      Error
Event Source:      NETLOGON
Event Category:      None
Event ID:      5721
Date:            5/29/2006
Time:            8:41:13 PM
User:            N/A
Computer:      PACCAR-88CF36D8
Description:
The session setup to the Windows NT or Windows 2000 Domain Controller <Unknown> for the domain [our domain] failed because the Domain Controller does not have an account for the computer [insert PC name here].
Data:
0000: 8b 01 00 c0               ?..À
______

I also see a lot of these starting on a specific date/date:

Event Type:      Error
Event Source:      Userenv
Event Category:      None
Event ID:      1000
Date:            5/19/2006
Time:            11:51:46 AM
User:            NT AUTHORITY\SYSTEM
Computer:      [insert PC name here]
Description:
Windows cannot determine the user or computer name. Return value (1317).

Jeff
0
 
LVL 8

Expert Comment

by:caddlady
ID: 16874252
I had this problem before and cannot remember where I fixed it at.  It seems as though I had to enable legacy computer support in Group Policy or the Domain Policy and then they were able to logon.

Try the Microsoft page below... It may have the solution for you.  In the meanwhile, I will try to locate the setting that I changed.

http://support.microsoft.com/?id=555038
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 
LVL 9

Accepted Solution

by:
louy3 earned 200 total points
ID: 16874352
Goto active directory users and computers on the server.  Expand computers, and delete the computer name of the problem pc, then re-add it to the list.  Reboot the problem pc.
0
 

Author Comment

by:mschmidt14
ID: 16874495
Louy3-

I looked in AD and it turns out this PC was in the Users folder, not the "computers" folder or the "[domain] computers" folder. I moved it to the latter. I wonder if that will help? There's no consequence for deleting the computer from the list and re-adding it?

Thanks,
Jeff
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 16875195
You could also remove the the PC from the domain from the PC and then rejoin it back and see if that helps.

Thanks
Mike
0
 
LVL 9

Expert Comment

by:louy3
ID: 16884516
It should help.  But, If the SID is messed up, it will be ok to remove it from the list and re-add it.
0
 

Author Comment

by:mschmidt14
ID: 16887624
Once I moved the computer from the Users group to the Domain Computers group and restarted the PC, I was able to log in fine with the domain.
0

Featured Post

Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
kerberos errors 7 548
Group Policy 9 559
Auto kill system process when exceeding 80% CPU in windows 2000 8 214
P2V Windows Server 2000 - Network Issue 14 48
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Do you use a spreadsheet like Microsoft's Excel?  Have you ever wanted to link out to a non excel file on your computer or network drive?  This is the way I found to do it!
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question