Solved

Users unable to logon after switch to windows 2003 domain from windows nt4.0

Posted on 2006-06-15
8
260 Views
Last Modified: 2010-04-18

               
hi,
this is extermemly urgent, as per instructions in an attempt to upgrade our domain to active directory/win2003 server i introducted a temp nt 4.0 server to our nt domain and prompoted to pdc, i then took it off line and upgraded to 2003 server, all appeared to be ok but now users are finding they can log on but cna't connect to another windows 2003 server which contains all application data etc. the only other change to the server that they can't log into is that i prompoted it to a global catalog server. help! there are two nt 4.0 bdc's on online (mail server) and one offline in case of problems!

users are getting the following error when attempting to access a network drive : r:\is not accessible.

an attempt was made to logon, but the network logon server was not started.

i noticed that the netlogon service on the existing server tha tusers can't access is stopped and reports the following error when i try to start it : could not stat the ntelogon server on local computer. error 1355 : the specified domain does not exist.

any help would be greatly appreciated. tony            
0
Comment
Question by:spower22
  • 4
  • 3
8 Comments
 
LVL 83

Accepted Solution

by:
oBdA earned 500 total points
ID: 16912491
Your DNS settings are probably incorrect. Any post-NT4 machine on your network as of now requires correct DNS settings for the logon to work, they will NOT use the NT4 BDCs anymore now that you introduced the AD DC.

*** TCP/IP-Settings ***
* On your DC/DNS, make sure the only DNS listed in the TCP/IP properties is itself.
* On your domain members, enter the DC only as primary DNS.
* Do NOT enter your ISP's DNS server in the TCP/IP settings on any domain member. All DNS resolution needs to be done by your internal DNS servers *only*.

*** DNS Server Settings ***
* Delete the root zone (if present) in your DNS servers' forward lookup zones (the single dot, "."), to enable external lookups.
* Right-click your forward and reverse lookup zones, go to Properties, and make sure that Dynamic Updates are enabled.
* In the properties page of your DNS servers, configure forwarders to point to your ISP's DNS. The forwarders section is the *only* entry in your network where your ISP's DNS should be listed.
* It's recommended (but not necessary) to set your zones to Active Directory integrated (this can be done in the properties of the zones as well).

Once you've checked this, open a command prompt and enter "ipconfig /registerdns", then stop and re-start the netlogon service. Check if the SRV records have been created (see link below).
For further troubleshooting, you can use dcdiag.exe and netdiag.exe (both support a /fix parameter to fix small problems on the fly) to check your system for errors in the domain setup.

10 DNS Errors That Will Kill Your Network
http://mcpmag.com/features/article.asp?EditorialsID=413

Frequently Asked Questions About Windows 2000 DNS and Windows Server 2003 DNS
http://support.microsoft.com/?kbid=291382

Best practices for DNS client settings in Windows 2000 Server and in Windows Server 2003
http://support.microsoft.com/?kbid=825036

How to Verify the Creation of SRV Records for a Domain Controller
http://support.microsoft.com/?kbid=241515

SRV Resource Records May Not Be Created on Domain Controller
http://support.microsoft.com/?kbid=239897

How Domain Controllers Are Located in Windows
http://support.microsoft.com/?kbid=247811

How Domain Controllers Are Located in Windows XP
http://support.microsoft.com/?kbid=314861

Windows Server 2003 Service Pack 1 32-bit Support Tools
http://www.microsoft.com/downloads/details.aspx?FamilyID=6ec50b78-8be1-4e81-b3be-4e7ac4f0912d&displaylang=en
0
 

Author Comment

by:spower22
ID: 16912623
obda, thanks for your prompt response.

I've checked DNS and their are two entries in forwards lookup :

_msdcs.domainname.ie

domainname.ie

There are no entries in reverse lookup, is this relevant?
0
 
LVL 83

Expert Comment

by:oBdA
ID: 16912687
The reverse lookup zone is "nive to have" (and it's useful to have one), but not really necessary.
Just make sure the DNS settings on your domain members are set as described above.
The only other thing that might interfere at least temporarily is WINS; what happened with your WINS server during the migration?
0
 

Author Comment

by:spower22
ID: 16912732
The strange this is that there are three 2003 server on the network and only one is inaccessible at present.  As far as I know this site doesn't have a WINS server
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 83

Expert Comment

by:oBdA
ID: 16912757
Your NT4 machines require WINS for proper name resolution (it can work through broadcasts as well, but that's not really a recommended setup).
For the sake of completeness, you should add a WINS server to your new DC and let your clients point to it as well. The main thing for the post-NT4 machines, though, are correct DNS settings.
0
 
LVL 33

Expert Comment

by:NJComputerNetworks
ID: 16912779
look at the TCP/IP settings of your clients...   Look for the DNS setting....  DNS should point to your Windows 2003 DC/DNS server ONLY and no where else...

example:  

Server or Client name : server1
IP: 10.10.10.25
subnet: 255.255.255.0
Gateway: 10.10.10.1
DNS: 10.10.10.5   <--- point to the IP of your Windows 2003 DNS server


Make sure all clients and servers use this...
0
 
LVL 83

Expert Comment

by:oBdA
ID: 16912849
That's already been pointed out; still waiting for spower22's confirmation ...
0
 

Author Comment

by:spower22
ID: 16919186
thanks for all your help
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Preface Having the need * to contact many different companies with different infrastructures * do remote maintenance in their network required us to implement a more flexible routing solution. As RAS, PPTP, L2TP and VPN Client connections are no…
Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.
A company’s greatest vulnerability is their email. CEO fraud, ransomware and spear phishing attacks are the no1 threat to a company’s security. Cybercrime is responsible for the largest loss of money to companies today with losses projected to r…

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now