Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Can't join a 2003 member server to a 2000 domain, error message = "Logon fsilure unknown user name or bad password"

Posted on 2007-11-15
31
Medium Priority
?
703 Views
Last Modified: 2013-12-05
I have a 2000 DC (SP3, and it can't go higher due to a program on the server) and I can't join a 2003 memeber server to the domain.

I right click on "My Computer"
Click on "Computer Name"
Click on "Change"
click on "Domain"
type the domain name "SCADA"
type the user name "administrator" (admin account for the SCADA domain"
type the admin password "###########"

and get the following error

"The following error occured while attempting to join the domin "SCADA" : Logon fsilure unknown user name or bad password"

I have tried using a static IP for the 2003 server and point the DNS to the 2000 DC.

Have also set the 2003 member server up for DHCP and let the 2000 DC (also the DHCP server) issue the IP address and DNS info.

Thanks
0
Comment
Question by:tjmustang
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 14
  • 13
  • 4
31 Comments
 
LVL 39

Expert Comment

by:ChiefIT
ID: 20289114
This problem may occur if you had this 2003 server on the domain prior to brining trying to bring it up as a member server. You may have a cached password for the domain administrator on that 2003 member server.

Go to Control Pannel>>Users and Computers>>Advanced>>Passwords and remove all cached passwords.

If you have forgotten the domain administrator's password, let us know. We may be able to help you reset it.
0
 
LVL 22

Expert Comment

by:dan_blagut
ID: 20289367
Hi
try to use domain\username instead of username.

Dan
0
 

Author Comment

by:tjmustang
ID: 20289952
I don't have a Users and Computers under the control panel.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 22

Expert Comment

by:dan_blagut
ID: 20290086
No
When you try to add your computer in domain, it ask for an user name and password from the domain. There try with domain\username instead of username.
0
 

Author Comment

by:tjmustang
ID: 20290221
Hi dan....I tried that before nad just tried it again.  Thanks for the suggestion.

My last post was in reply to ChiefIT
0
 
LVL 22

Expert Comment

by:dan_blagut
ID: 20290293
Sorry... Anyway is any firewall enable on your server? You can also could try with an fresh user promoted to domain admin.

Dan
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 20290556
The followin is a quote from this KB article:
http://support.microsoft.com/kb/913485

"""Windows XP Professional and Windows Server 2003 include a Stored User Names and Passwords feature that also provides credential management functionality. Depending on the type of authentication, this feature can save user credentials so they can be reused later.

Credential Manager stores user credentials securely. These credentials include passwords and X.509 certificates. Credential Manager lets both roaming and nonroaming users provide credentials only one time. For example, the first time that a user runs a program on a company's network, authentication is required. Therefore, the user is prompted to supply credentials.
--And here is the importatn part:--
**After the user provides these credentials, they continue to be associated with the program. """

I am not setting at my Domain, so I can't tell you where to remove credential manager cached credentials on a 2003 server. But, I have see it before with changing a domain password and all of a sudden you are not able to authenticate.

There are other things you may wish to look at. Your service applets of Netlogon and anything having to do with LSA services should be started?
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 20290645
credential manager might be an MMC snapin or under admisitrative tools
0
 

Author Comment

by:tjmustang
ID: 20376707
Still no luck joining the server to the domain.
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 20383663
Try this.

First add the computer in active directory manually. Create a GUI in active directory under the Computers "CN". Then, try to join the domain.

Can you ping the domain controller by IP address and computer name? Maybe the 2003 server doesn't recognize your DC as the DC of the domain and is trying to go elsewhere for AD authentication.
0
 

Author Comment

by:tjmustang
ID: 20388984
Hi CheifIT
I already created a computer in AD for the member server.  I can ping the DC by name or IP.  I have tried static IP &DNS addresses and also switched to DHCP.  FYI the DC is also the DHCP server.  The member server gets all the proper IP info when setup for DHCP.

Thanks

TJ
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 20393519
This is just thinking out loud:

You have a stand alone server you wish to join the domain. Upon trying to join the domain, you are getting a unkown username or password. You are getting DHCP from that AD server you are trying to replicate with.

So, it sounds like the AD server you are trying to join the domain on has an old password or a typographical error on the administrator username.  

Some people disable the administrator account because it is a generic account username. Then they create an account for individuals to be an administrator. I am sure you check active directory on your AD server for the following:

The administrator user account exists
The administrator user account is a member of the Domain Administrators group
The administrator user account is a member of AD adminins group.
The administrator uiser account doesn't have a type-o in it
You reset the administrator password on a number of occassions.

We already covered domain cached passwords.

So, I am beginning to think there is a problem with a 2003 server as a stand alone server on a 2000 domain. Maybe a mixed domain problem. It shouldn't be, though.

In event viewer you should have events that error for trying to join the domain. Could you supply the events for that error? Maybe a little research on these events will provide a solution.

0
 

Author Comment

by:tjmustang
ID: 20448902
FYI......


I have a windows 2000 memeber server next to the problem 2003 member server.  I joined the window 2000 domain without a problem with the 2000 member server.  All three servers are on the same switch.  All three servers have the same admin user name and password.

Nothing in the Event viewer after attempting to join the 2003 member server to the 2000 domain.

I now get the following error "The following error occured attempting to join the domain "SCADA": The account is not authorized to log in from this station"
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 20455666
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 20455739
Try this:

Go to Administrative Tools or on the MMC snapin
click on the lcoal policy for the local machine
double click Security Options
Find Send Unencrypted Password to Connect to third Party SMB Server
right click and Select Enabled
Click OK
Close all open windows
Restart your computer.

Also make sure "digitally sign client communications" is enabled.
0
 
LVL 22

Expert Comment

by:dan_blagut
ID: 20455764
Well check your account in AD to see if you don't have a list of computer where you can logon. If you have, add the new server on that list. (AD user and computers - Your User properties- Account LogonTo button)

Dan

0
 

Author Comment

by:tjmustang
ID: 20475271
Hi ChiefIT

I tried both suggestions and still no go.  The interesting thing is I can open shares on the Windows 2000 domain controller buy name (hidden shares as well) from the 2003 member server.
0
 

Author Comment

by:tjmustang
ID: 20475279
Hi Dan,

I checked and Logonto was set to all.  I changed it to allow just the 2003 member server but still no luck.
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 20520835
do you have a HP server
0
 

Author Comment

by:tjmustang
ID: 20526001
Hi ChiefIT,

The 2000 Domain COntroller is a Dell PowerEdge server.

The 2003 memberserver is an IBM rack server.
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 20526651
There has to be some sort of cached passwords or reminance of AD on this 2003 server. What role do  you want this to play as a member server?

To check on cached passwords, I think you will have to right click on my computer icon>>select manage>>select local for that server go to users and hit the advanced tab and delete all saved passwords or logons.

I am also beginning to think the differences in SMB may be a problem. Or the netlogon service isn't started.

Can you check on this?
0
 

Author Comment

by:tjmustang
ID: 20527389
Hi ChiefIT,

I will check on those items next time on site.

FYI.....this was a fresh load of 2003 (I think it is 2003 standard server)

The role of theis server will be member server only and it will host DDE server software that other member & PDC servers will access the DDE infomation from.

Happy Holidays
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 20547300
Another thing you could try is to reset the server's password. When you join a domain with a computer, the computer is given its own password. If you go into active directory>>computers CN and right click on it. you should be able to reset the 2003 server's password. If still not working, I am leaning more towards the SMB differences.

0
 

Author Comment

by:tjmustang
ID: 20665501
Update.........

I was able to joining the new 2003 member server to a new 2003 DC with no problem.  Using the same user name and password as with the 2000 DC.  The problem is definitely in the 2000 DC.  I am able to join Vista clients, XP clients, and 2000 pro clients to the 2000 DC.  I cannot join the new 2003 member server to the 2000 DC.

Any thoughts???????
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 20683490
Yes, I do have some thoughts.

Have you ever heard of a mixed domain. This is what you have. 2003 and 2000 don't always mix. This is why most run ADprep utility. AD prep utility makes the SMB compatible with mixed domains. Let me look this up and get back with you. There are command prompt commands that can change your domain from native mode, (meaning 2003 server only), to mixed mode, (meaning 2003, 2000 and NT4). Yes, here is an example:

http://technet2.microsoft.com/windowsserver/en/library/c5dcbad2-9ca2-408e-b2c2-618c668f6b291033.mspx?mfr=true
0
 

Author Comment

by:tjmustang
ID: 20800314
Thanks for all your suggestions.........I gave up on joining the 2003 std server to a 2000 domain controller.  I was able to joing the same 2003 Std sevrer to a 2003 domain controler using the same admin acocunt.  I think there was an issue with the 2000 DC as the 2003 Std server had not problem joining the 2003 domain.

Tom C.
0
 

Author Comment

by:tjmustang
ID: 20800327
Please close this question out.
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 20800750
There is a problem with a mixed domain. Before you close out the question, let's look into the mixed domain problem.
0
 

Author Comment

by:tjmustang
ID: 20818940
I wish I could look into it with you but the servers are now in a production environment and the 2000 DC was taken offline as I pressed a spare 2003 SBS DC into service.  All clients have been migrated to the new 2003 domain and the old 2000 DC is being loaded with 2003 Std server.

Thanks,

Tom C.
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 20820353
OK tom:

Do you know how to request a points refund?
0
 

Accepted Solution

by:
tjmustang earned 0 total points
ID: 20843984
No I don't........I have no problem giving points out for your efforts but did not want to accept it as a solution and have others bring it up in a search thinking that we found the problem.

Thanks,

Tom C
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question