• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 277
  • Last Modified:

Users unable to logon after switch to windows 2003 domain from windows nt4.0

this is extermemly urgent, as per instructions in an attempt to upgrade our domain to active directory/win2003 server i introducted a temp nt 4.0 server to our nt domain and prompoted to pdc, i then took it off line and upgraded to 2003 server, all appeared to be ok but now users are finding they can log on but cna't connect to another windows 2003 server which contains all application data etc. the only other change to the server that they can't log into is that i prompoted it to a global catalog server. help! there are two nt 4.0 bdc's on online (mail server) and one offline in case of problems!

users are getting the following error when attempting to access a network drive : r:\is not accessible.

an attempt was made to logon, but the network logon server was not started.

i noticed that the netlogon service on the existing server tha tusers can't access is stopped and reports the following error when i try to start it : could not stat the ntelogon server on local computer. error 1355 : the specified domain does not exist.

any help would be greatly appreciated. tony            
  • 4
  • 3
1 Solution
Your DNS settings are probably incorrect. Any post-NT4 machine on your network as of now requires correct DNS settings for the logon to work, they will NOT use the NT4 BDCs anymore now that you introduced the AD DC.

*** TCP/IP-Settings ***
* On your DC/DNS, make sure the only DNS listed in the TCP/IP properties is itself.
* On your domain members, enter the DC only as primary DNS.
* Do NOT enter your ISP's DNS server in the TCP/IP settings on any domain member. All DNS resolution needs to be done by your internal DNS servers *only*.

*** DNS Server Settings ***
* Delete the root zone (if present) in your DNS servers' forward lookup zones (the single dot, "."), to enable external lookups.
* Right-click your forward and reverse lookup zones, go to Properties, and make sure that Dynamic Updates are enabled.
* In the properties page of your DNS servers, configure forwarders to point to your ISP's DNS. The forwarders section is the *only* entry in your network where your ISP's DNS should be listed.
* It's recommended (but not necessary) to set your zones to Active Directory integrated (this can be done in the properties of the zones as well).

Once you've checked this, open a command prompt and enter "ipconfig /registerdns", then stop and re-start the netlogon service. Check if the SRV records have been created (see link below).
For further troubleshooting, you can use dcdiag.exe and netdiag.exe (both support a /fix parameter to fix small problems on the fly) to check your system for errors in the domain setup.

10 DNS Errors That Will Kill Your Network

Frequently Asked Questions About Windows 2000 DNS and Windows Server 2003 DNS

Best practices for DNS client settings in Windows 2000 Server and in Windows Server 2003

How to Verify the Creation of SRV Records for a Domain Controller

SRV Resource Records May Not Be Created on Domain Controller

How Domain Controllers Are Located in Windows

How Domain Controllers Are Located in Windows XP

Windows Server 2003 Service Pack 1 32-bit Support Tools
spower22Author Commented:
obda, thanks for your prompt response.

I've checked DNS and their are two entries in forwards lookup :



There are no entries in reverse lookup, is this relevant?
The reverse lookup zone is "nive to have" (and it's useful to have one), but not really necessary.
Just make sure the DNS settings on your domain members are set as described above.
The only other thing that might interfere at least temporarily is WINS; what happened with your WINS server during the migration?
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

spower22Author Commented:
The strange this is that there are three 2003 server on the network and only one is inaccessible at present.  As far as I know this site doesn't have a WINS server
Your NT4 machines require WINS for proper name resolution (it can work through broadcasts as well, but that's not really a recommended setup).
For the sake of completeness, you should add a WINS server to your new DC and let your clients point to it as well. The main thing for the post-NT4 machines, though, are correct DNS settings.
look at the TCP/IP settings of your clients...   Look for the DNS setting....  DNS should point to your Windows 2003 DC/DNS server ONLY and no where else...


Server or Client name : server1
DNS:   <--- point to the IP of your Windows 2003 DNS server

Make sure all clients and servers use this...
That's already been pointed out; still waiting for spower22's confirmation ...
spower22Author Commented:
thanks for all your help
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now