Solved

Can NOT login with Domain Account

Posted on 2008-06-14
11
490 Views
Last Modified: 2013-12-23
Domain controller -

windows 2003 small business
second server is the old NT with our mission critical Database on it.


Get error can not log on interactively but it is at the LOCAL machine We are DOWN.

I tried RESOLUTION
To correct this problem and provide local access when connected to the domain, do the following:

Log off the domain and log on to the local computer using an account with administrative rights.
Go to the Administrative Tools group, select User Manager, click the Policies tab, and select User Rights.
Use the down arrow next to the "Right" dialog box and select "Log on locally", and then click Add. The Add Users and Groups dialog box is displayed.
In "List Names From:" select the domain name, and then in the Add Names box type your <domain name\username>. Click OK. The User Rights Policy dialog box is displayed with the new user name added to the list. Click OK.
Log off and back on. At the Welcome dialog box, select the domain and log on. You now have local logon access rights.


PLEASE HELP I would assign a BILLION points if I could :)
0
Comment
Question by:MyDanes
  • 6
  • 5
11 Comments
 

Author Comment

by:MyDanes
Comment Utility
By the way - We just installed the 2003 server and domain our OLD PDC crashed unrecoverable and we had to rush a new Dell to our business.
0
 

Author Comment

by:MyDanes
Comment Utility
we have tried to Rename the server
we have disconnected and made to a workgroup
then we rebooted and join domain and click check box to create account for computer and give correct user/password for DC it says 'welcome' to the domain but then reboot and can NOT connect get this rediculous error.
0
 

Author Comment

by:MyDanes
Comment Utility
I even tried to plug my 500g external maxtor one touch IV plus

It won't read on the NT 4 server - I would try and move my db to the DC to get back up and running
0
 
LVL 38

Expert Comment

by:ChiefIT
Comment Utility
I think we can work this out but I need to clarify a few things first.

You have SBS 2003 server as your PDCe?
And you have an NT4 server that you need to join the domain with?


0
 

Author Comment

by:MyDanes
Comment Utility
YES - But I do NOT want my Active directory in Mixed Mode.

ALso - NEW problem IT IS A DISAsTER

XP boxes that were part of the OLD NT DC we change to workgroup

reboot

login

change to new domain

Says WELCOME
then reboots

THEN CAN"T LOGIN to thos machines AT ALL.

We have TWO so far that have done this and we can't access them.
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 
LVL 38

Expert Comment

by:ChiefIT
Comment Utility
It has to be in mixed mode brother.

NT uses a form of authentication called NTLMHash, while the default authentication protocol for a 2003 server SBS is Kerberose.

It's all right here: you may be able to allow NTLMHash in SBS.

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_2003_Active_Directory/Q_23132123.html
0
 
LVL 38

Expert Comment

by:ChiefIT
Comment Utility
I should rephrase that. Your PDCe will need to be able to authenticate NTLMHash. It may not have to be in mixed mode unless you have AD projects that you need to transfer over to the new DC.
0
 
LVL 38

Accepted Solution

by:
ChiefIT earned 500 total points
Comment Utility
Let me see if I can provide you with the ammo to get this resolved:

In active directory Users and computers, select the computer for the NT4 server. If not there you might have to created it manually. In that account, there is an option to show that this computer is a "Pre 2000 operating system". That will have to be checked.

Then, you will need to make sure that the SBS server is backwards compatible with NTLMhash authentication. Though this article is for Exchange I think it will guide you to set the appropriate backwards compatibility to your NT server.
http://support.microsoft.com/kb/820281

Furthermore, you could upgrade your NT4 authentication protocol to NTLM2 or later. I don' tknow what the latest is.
http://support.microsoft.com/kb/239869

For NT4 and 2003 server to work, they have to be able to talk on the same authentication protocol. SBS 2003 needs to be able to use backwards compatible to NTLM and your NT4 needs to have the highest form of protocol available for that machine.

Suggestions:
NTLMhash has some very serious vulnerabilities and If I may suggest something for security reasons. Migrate your data to a 2003 or later server and start using Kerberos.
0
 
LVL 38

Expert Comment

by:ChiefIT
Comment Utility
WARNING***WARNING***WARNING

Please create a system restore point and backup your registry prior to doing anything. One little mistake on this can lock you out of your domain and cause unrecoverable blue screens.
0
 

Author Closing Comment

by:MyDanes
Comment Utility
Thank you
0
 
LVL 38

Expert Comment

by:ChiefIT
Comment Utility
Excellent:

Thanks. Glad to see you are up.
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Access shared drive during VPN session 9 61
Create remote access home server 4 82
change home folder path 4 37
Dentrix G4 1 30
Greetings, Experts! First let me state that this website is top notch. I thoroughly enjoy the community that is shared here; those seeking help and those willing to sacrifice their time to help. It is fantastic. I am writing this article at th…
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now