Solved

Can NOT login with Domain Account

Posted on 2008-06-14
11
496 Views
Last Modified: 2013-12-23
Domain controller -

windows 2003 small business
second server is the old NT with our mission critical Database on it.


Get error can not log on interactively but it is at the LOCAL machine We are DOWN.

I tried RESOLUTION
To correct this problem and provide local access when connected to the domain, do the following:

Log off the domain and log on to the local computer using an account with administrative rights.
Go to the Administrative Tools group, select User Manager, click the Policies tab, and select User Rights.
Use the down arrow next to the "Right" dialog box and select "Log on locally", and then click Add. The Add Users and Groups dialog box is displayed.
In "List Names From:" select the domain name, and then in the Add Names box type your <domain name\username>. Click OK. The User Rights Policy dialog box is displayed with the new user name added to the list. Click OK.
Log off and back on. At the Welcome dialog box, select the domain and log on. You now have local logon access rights.


PLEASE HELP I would assign a BILLION points if I could :)
0
Comment
Question by:MyDanes
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
11 Comments
 

Author Comment

by:MyDanes
ID: 21786977
By the way - We just installed the 2003 server and domain our OLD PDC crashed unrecoverable and we had to rush a new Dell to our business.
0
 

Author Comment

by:MyDanes
ID: 21787066
we have tried to Rename the server
we have disconnected and made to a workgroup
then we rebooted and join domain and click check box to create account for computer and give correct user/password for DC it says 'welcome' to the domain but then reboot and can NOT connect get this rediculous error.
0
 

Author Comment

by:MyDanes
ID: 21787069
I even tried to plug my 500g external maxtor one touch IV plus

It won't read on the NT 4 server - I would try and move my db to the DC to get back up and running
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 38

Expert Comment

by:ChiefIT
ID: 21787305
I think we can work this out but I need to clarify a few things first.

You have SBS 2003 server as your PDCe?
And you have an NT4 server that you need to join the domain with?


0
 

Author Comment

by:MyDanes
ID: 21788989
YES - But I do NOT want my Active directory in Mixed Mode.

ALso - NEW problem IT IS A DISAsTER

XP boxes that were part of the OLD NT DC we change to workgroup

reboot

login

change to new domain

Says WELCOME
then reboots

THEN CAN"T LOGIN to thos machines AT ALL.

We have TWO so far that have done this and we can't access them.
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 21789279
It has to be in mixed mode brother.

NT uses a form of authentication called NTLMHash, while the default authentication protocol for a 2003 server SBS is Kerberose.

It's all right here: you may be able to allow NTLMHash in SBS.

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_2003_Active_Directory/Q_23132123.html
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 21789282
I should rephrase that. Your PDCe will need to be able to authenticate NTLMHash. It may not have to be in mixed mode unless you have AD projects that you need to transfer over to the new DC.
0
 
LVL 38

Accepted Solution

by:
ChiefIT earned 500 total points
ID: 21789908
Let me see if I can provide you with the ammo to get this resolved:

In active directory Users and computers, select the computer for the NT4 server. If not there you might have to created it manually. In that account, there is an option to show that this computer is a "Pre 2000 operating system". That will have to be checked.

Then, you will need to make sure that the SBS server is backwards compatible with NTLMhash authentication. Though this article is for Exchange I think it will guide you to set the appropriate backwards compatibility to your NT server.
http://support.microsoft.com/kb/820281

Furthermore, you could upgrade your NT4 authentication protocol to NTLM2 or later. I don' tknow what the latest is.
http://support.microsoft.com/kb/239869

For NT4 and 2003 server to work, they have to be able to talk on the same authentication protocol. SBS 2003 needs to be able to use backwards compatible to NTLM and your NT4 needs to have the highest form of protocol available for that machine.

Suggestions:
NTLMhash has some very serious vulnerabilities and If I may suggest something for security reasons. Migrate your data to a 2003 or later server and start using Kerberos.
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 21789923
WARNING***WARNING***WARNING

Please create a system restore point and backup your registry prior to doing anything. One little mistake on this can lock you out of your domain and cause unrecoverable blue screens.
0
 

Author Closing Comment

by:MyDanes
ID: 31467273
Thank you
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 21791563
Excellent:

Thanks. Glad to see you are up.
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
RRAS AND DNS 15 82
DHCP scope restore question Server 2003 to 2012R2 6 109
Windows routing: allowing Internet and L2TP VPN simultaneously. 2 80
No IP Address Assigned to VM 10 148
Trying to figure out group policy inheritance and which settings apply where can be a chore.  Here's a very simple summary I've written which might help.  Keep in mind, this is just a high-level conceptual overview where I try to avoid getting bogge…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question