XP Workstation cannot logon to Domain
Hi All,
I am having a weird problem.
I have setup a new Domain in the organisation.
I have started to move workstations from one domain to another.
If I just change the workstation to the new domain in the System - Computer Name tab, I run into problems. I'll explain the problems next.
But if I first move the workstation to a workgroup, reboot and then add the computer to the new domain it works fine.
This is the problem I have:
The computer joins the domain successfully.
But when I attempt to logon to the domain I get the message "The domain is unavailable".
But if I logon to the local machine, and access a share in the domain using appropriate credentials, logout, I can then login as a domain user.
If I reboot the machine I can still login as the previous domain user, but if I attempt to login as a new domain user I get "Domain is unavailable".
All workstations use DHCP to get I P/ DNS and WINS.
I see various messages in the workstation Event Log:
Firstly:
#######
Event ID: 4321
The name "DOMAIN :1d" could not be registered on the Interface with IP address 10.10.251.102. The machine with the IP address 10.10.251.103 did not allow the name to be claimed by this machine.
########
The IP 10.10.251.103 is a workstation on the domain that is operating as expected.
At about the same time:
######
Event ID: 11163
The system failed to register host (A) resource records (RRs) for network adapter
with settings:
Adapter Name : {70FF4EF4-E8CC-4C98-A3DD-1
Host Name : vtulppc5
Primary Domain Suffix : domain.com
DNS server list :
10.10.250.5
Sent update to server : 10.1.1.1
######
I have no idea where the IP 10.1.1.1 is coming from, machine is 10.10.251.102/24
#####
Event ID: 40960
The Security System detected an attempted downgrade attack for server DNS/vtulpps2.domain.com. The failure code from authentication protocol Kerberos was "There are currently no logon servers available to service the logon request.
(0xc000005e)".
#####
#####
Event ID: 40961
The Security System could not establish a secured connection with the server DNS/vtulpps2.domain.com. No authentication protocol was available.
#####
#####
Event ID: 5729
No Domain Controller is available for domain DOMAIN due to the following:
There are currently no logon servers available to service the logon request. .
Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
###
Any help would be greatly appreciated.
Many thanks,
Shane
I am having a weird problem.
I have setup a new Domain in the organisation.
I have started to move workstations from one domain to another.
If I just change the workstation to the new domain in the System - Computer Name tab, I run into problems. I'll explain the problems next.
But if I first move the workstation to a workgroup, reboot and then add the computer to the new domain it works fine.
This is the problem I have:
The computer joins the domain successfully.
But when I attempt to logon to the domain I get the message "The domain is unavailable".
But if I logon to the local machine, and access a share in the domain using appropriate credentials, logout, I can then login as a domain user.
If I reboot the machine I can still login as the previous domain user, but if I attempt to login as a new domain user I get "Domain is unavailable".
All workstations use DHCP to get I P/ DNS and WINS.
I see various messages in the workstation Event Log:
Firstly:
#######
Event ID: 4321
The name "DOMAIN :1d" could not be registered on the Interface with IP address 10.10.251.102. The machine with the IP address 10.10.251.103 did not allow the name to be claimed by this machine.
########
The IP 10.10.251.103 is a workstation on the domain that is operating as expected.
At about the same time:
######
Event ID: 11163
The system failed to register host (A) resource records (RRs) for network adapter
with settings:
Adapter Name : {70FF4EF4-E8CC-4C98-A3DD-1
Host Name : vtulppc5
Primary Domain Suffix : domain.com
DNS server list :
10.10.250.5
Sent update to server : 10.1.1.1
######
I have no idea where the IP 10.1.1.1 is coming from, machine is 10.10.251.102/24
#####
Event ID: 40960
The Security System detected an attempted downgrade attack for server DNS/vtulpps2.domain.com. The failure code from authentication protocol Kerberos was "There are currently no logon servers available to service the logon request.
(0xc000005e)".
#####
#####
Event ID: 40961
The Security System could not establish a secured connection with the server DNS/vtulpps2.domain.com. No authentication protocol was available.
#####
#####
Event ID: 5729
No Domain Controller is available for domain DOMAIN due to the following:
There are currently no logon servers available to service the logon request. .
Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
###
Any help would be greatly appreciated.
Many thanks,
Shane
Try to join a workgroup and then the domain again. Usually if a workstation joins a domain it writes the domain config in the registry and suses these for logon. Try re-joining the domain so these information get written again.
ASKER
Hi kyodai,
I have tried that already and I tried it again now.
No change.
I still see similar events in the logs but no new
Event ID: 4321
The name "DOMAIN :1d" could not be registered on the Interface with IP address 10.10.251.102. The machine with the IP address 10.10.251.103 did not allow the name to be claimed by this machine.
I have a feeling that may be the problem.
Is there someway to force this registration?
Many thanks,
Shane
I have tried that already and I tried it again now.
No change.
I still see similar events in the logs but no new
Event ID: 4321
The name "DOMAIN :1d" could not be registered on the Interface with IP address 10.10.251.102. The machine with the IP address 10.10.251.103 did not allow the name to be claimed by this machine.
I have a feeling that may be the problem.
Is there someway to force this registration?
Many thanks,
Shane
In your DNS zone, delete the record for 10.10.251.102 then try it again.
ASKER
Hi,
Thanks for the suggestion.
Still the same issue.
2 points to note:
1. The DNS entry was not recreated for the workstation.
2. The workstation sits "building domain list" for a few mins at first logon.
Any other ideas?
Thanks,
Shane
Thanks for the suggestion.
Still the same issue.
2 points to note:
1. The DNS entry was not recreated for the workstation.
2. The workstation sits "building domain list" for a few mins at first logon.
Any other ideas?
Thanks,
Shane
ASKER
Hi All,
Still no progress on this issue, anybody got any ideas?
Many thanks,
Shane
Still no progress on this issue, anybody got any ideas?
Many thanks,
Shane
Before you change the Domain name in My Computer to the new one, check the NIC settings for TCP/IP to determine what DNS server the workstation is pointing to.
Because you have 2 domains, each will have it's own DNS server. When you change domains, it will first go to the original domain to remove itself from AD then look for the new domain to join. It requires that the account you're using has Domain Admin rights to at least the original domain - you should be prompted for new credentials when joining the new domain. Since the old DNS server that the client is likely using knows nothing about the new domain, then this needs to be addressed.
So what I think you could try, is setting up a Delegation record or using Conditional Forwarding on the old DNS server to point to the new DNS server for the new domain. After that, the DHCP Scope Options need to be changed to hand out the new DNS info to the client - but this should be done AFTER all clients are migrated. Just be sure to get the original DNS forwarding new domain requests to the new DNS server before moving forward.
Because you have 2 domains, each will have it's own DNS server. When you change domains, it will first go to the original domain to remove itself from AD then look for the new domain to join. It requires that the account you're using has Domain Admin rights to at least the original domain - you should be prompted for new credentials when joining the new domain. Since the old DNS server that the client is likely using knows nothing about the new domain, then this needs to be addressed.
So what I think you could try, is setting up a Delegation record or using Conditional Forwarding on the old DNS server to point to the new DNS server for the new domain. After that, the DHCP Scope Options need to be changed to hand out the new DNS info to the client - but this should be done AFTER all clients are migrated. Just be sure to get the original DNS forwarding new domain requests to the new DNS server before moving forward.
I would use New SID
http://technet.microsoft.com/en-us/sysinternals/bb897418.aspx
Delete the computer out of ADUC and use NEW SID as per above and go to command prompt and do
ipconfig /flushdns
then join to the new domain ( ensuring that the clients computer system time / clock is within 5 minutes of the domain controllers time ) and you should be able to re join it assuming you have the microsoft client for networking added onto the network card
http://technet.microsoft.com/en-us/sysinternals/bb897418.aspx
Delete the computer out of ADUC and use NEW SID as per above and go to command prompt and do
ipconfig /flushdns
then join to the new domain ( ensuring that the clients computer system time / clock is within 5 minutes of the domain controllers time ) and you should be able to re join it assuming you have the microsoft client for networking added onto the network card
once re joined go to command prompt and do
ipconfig /registerdns
pressing enter after each command in the command prompt
ipconfig /registerdns
pressing enter after each command in the command prompt
ASKER
Hi Guys,
Many thanks for your responses.
I have tried what you both suggested but problem still remains.
This is what I did:
1. Logged in as Admin on local PC remove PC from Domain and add to TEST Workgroup
2. Run ipconfig /flush DNS
3. Verify that PC is using NEW domain DNS settings
4. Remove PC from AD
5. Reboot
6. Logged in as Admin on local PC and run NewSID
7.Reboot
8. Logged in as Admin on local PC add PC to Domain
9. Verify that DNS entry is created correctly for PC
10. Reboot
11. Attempt to login to Domain using user account "Message - Domain is not available"
The only errors I get in the event logs are Event 15 and 1054.
Event 15:
Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event 1054:
Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
But DNS and everything look ok.
I can do \\servername etc...
I suspect this is still going back to the error:
#######
Event ID: 4321
The name "DOMAIN :1d" could not be registered on the Interface with IP address 10.10.251.102. The machine with the IP address 10.10.251.103 did not allow the name to be claimed by this machine.
########
Many thanks,
Regards,
Shane
Many thanks for your responses.
I have tried what you both suggested but problem still remains.
This is what I did:
1. Logged in as Admin on local PC remove PC from Domain and add to TEST Workgroup
2. Run ipconfig /flush DNS
3. Verify that PC is using NEW domain DNS settings
4. Remove PC from AD
5. Reboot
6. Logged in as Admin on local PC and run NewSID
7.Reboot
8. Logged in as Admin on local PC add PC to Domain
9. Verify that DNS entry is created correctly for PC
10. Reboot
11. Attempt to login to Domain using user account "Message - Domain is not available"
The only errors I get in the event logs are Event 15 and 1054.
Event 15:
Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event 1054:
Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
But DNS and everything look ok.
I can do \\servername etc...
I suspect this is still going back to the error:
#######
Event ID: 4321
The name "DOMAIN :1d" could not be registered on the Interface with IP address 10.10.251.102. The machine with the IP address 10.10.251.103 did not allow the name to be claimed by this machine.
########
Many thanks,
Regards,
Shane
If you re image one of the machines and try again is it still the same ?
If so then that points at DNS or something else as apposed to the client machines.
If so then that points at DNS or something else as apposed to the client machines.
ASKER
I haven't tried that yet, I was hoping to avoid that.
I will try using NewSID and change the hostname 1st.
If that does not work I will reinstall the machine.
Many thanks
Shane
I will try using NewSID and change the hostname 1st.
If that does not work I will reinstall the machine.
Many thanks
Shane
If you do an IPCONFIG /ALL on that machine can you post the output?
As per netman ( am guessing he wants to see the output to check to see if the computer is pointing to the correct DNS server.
At least thats what I think he is getting at and also to make sure its on the correct subnet ( subnet mask )
At least thats what I think he is getting at and also to make sure its on the correct subnet ( subnet mask )
ASKER
AD Server:
Windows IP Configuration
Host Name . . . . . . . . . . . . : vtulpps2
Primary Dns Suffix . . . . . . . : domain.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.com
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : HP NC373i Multifunction Gigabit Server Ad
apter #2
Physical Address. . . . . . . . . : 00-18-FE-FE-AC-F4
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.10.250.5
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.10.250.1
DNS Servers . . . . . . . . . . . : 127.0.0.1
Workstation:
Windows IP Configuration
Host Name . . . . . . . . . . . . : vtulppc50
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.com
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . : domain.com
Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network Connecti
on
Physical Address. . . . . . . . . : 00-19-DB-53-49-E4
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 10.10.251.102
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.10.251.1
DHCP Server . . . . . . . . . . . : 10.10.250.5
DNS Servers . . . . . . . . . . . : 10.10.250.5
Primary WINS Server . . . . . . . : 10.10.250.5
Lease Obtained. . . . . . . . . . : 23 April 2009 17:47:25
Lease Expires . . . . . . . . . . : 26 April 2009 17:47:25
Windows IP Configuration
Host Name . . . . . . . . . . . . : vtulpps2
Primary Dns Suffix . . . . . . . : domain.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.com
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : HP NC373i Multifunction Gigabit Server Ad
apter #2
Physical Address. . . . . . . . . : 00-18-FE-FE-AC-F4
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.10.250.5
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.10.250.1
DNS Servers . . . . . . . . . . . : 127.0.0.1
Workstation:
Windows IP Configuration
Host Name . . . . . . . . . . . . : vtulppc50
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.com
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . : domain.com
Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network Connecti
on
Physical Address. . . . . . . . . : 00-19-DB-53-49-E4
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 10.10.251.102
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.10.251.1
DHCP Server . . . . . . . . . . . : 10.10.250.5
DNS Servers . . . . . . . . . . . : 10.10.250.5
Primary WINS Server . . . . . . . : 10.10.250.5
Lease Obtained. . . . . . . . . . : 23 April 2009 17:47:25
Lease Expires . . . . . . . . . . : 26 April 2009 17:47:25
Your DHCP addresses are wrong.
They're on another subnet than the server. You need to create a scope for the 10.10.250.0 network, then exclude the first 10 or 20 addresses (for the server and router and switches, etc) so that DHCP doesn't give them out.
Your Gateway is consequently incorrect also.
They're on another subnet than the server. You need to create a scope for the 10.10.250.0 network, then exclude the first 10 or 20 addresses (for the server and router and switches, etc) so that DHCP doesn't give them out.
Your Gateway is consequently incorrect also.
@ Netman
how can you tell the DHCP servers and the gateway are wrong and what should they be ( as an example )
Obviously missing something
how can you tell the DHCP servers and the gateway are wrong and what should they be ( as an example )
Obviously missing something
The server has a static address of 10.10.250.5 with a 24-bit mask.
The workstation posted above has an address of 10.10.251.102 with a 24-bit mask.
This means the workstation and server are on two different IP networks from each other - which would normally not be an issue except the gateway is obviously a device other than the server (a router maybe?).
Hopefully, the domain.com above is simply a scrubbed domain name. If not, this could be an issue because Domain.com is a real domain on the Internet.
The workstation posted above has an address of 10.10.251.102 with a 24-bit mask.
This means the workstation and server are on two different IP networks from each other - which would normally not be an issue except the gateway is obviously a device other than the server (a router maybe?).
Hopefully, the domain.com above is simply a scrubbed domain name. If not, this could be an issue because Domain.com is a real domain on the Internet.
Keep in mind, there could be a router in place passing the 251.x traffic to the 250.x subnet.....
I dont think it is a connectivity problem, as he could authenticate as a Domain User here.....
"But if I logon to the local machine, and access a share in the domain using appropriate credentials, logout, I can then login as a domain user."
This caches the profile, so even when another user didnt work, this one did as the credentials were cached....
Are you using the FQDN of the domain itself when attempting to join it?
I dont think it is a connectivity problem, as he could authenticate as a Domain User here.....
"But if I logon to the local machine, and access a share in the domain using appropriate credentials, logout, I can then login as a domain user."
This caches the profile, so even when another user didnt work, this one did as the credentials were cached....
Are you using the FQDN of the domain itself when attempting to join it?
@NetMan66
I have seen your skills around here for a long time.... I almost feel guilty to disagree with you....
I have seen your skills around here for a long time.... I almost feel guilty to disagree with you....
I am not going to agree or disagree with anyone as I would just like to see if we ( by we I mean most likely one of you ) can resolve the problem.
Just to clarify a few things
1. What is your domains FQDN ( Fully Qualified Domain Name ) ?
2. Does the client and server times synch ie are with in the 5 minute time limit and do you have an NTP server setup ?
3. Not sure if this will help but if you use something like delprof with the appropriate commands / switches or just manually delete the profiles along with the use hive profile cleanup service
Delprof can be found here
http://www.microsoft.com/downloads/details.aspx?familyid=901a9b95-6063-4462-8150-360394e98e1e&displaylang=en
hive profile clean up service can be found here
http://www.microsoft.com/downloads/details.aspx?FamilyId=1B286E6D-8912-4E18-B570-42470E2F3582&displaylang=en
Then try and join the domain does that help with it not caching the old profiles ? ( Not sure if that will be an issue or not due to security ie permissions or anything else but just thought if you cleared the old profiles assuming its a computer you have shifted from one domain to another to see if that helps some what ? )
Also do you have routing between the 250.x and the 251.x subnets ?
Also Just out of personal curiousity how have you got the dhcp pools / reservations setup for the 250.x and the 251.x subnets ( assuming they are both coming from the same and only one dhcp server ) ?
Not sure if any of the above will help but would be nice to know
Just to clarify a few things
1. What is your domains FQDN ( Fully Qualified Domain Name ) ?
2. Does the client and server times synch ie are with in the 5 minute time limit and do you have an NTP server setup ?
3. Not sure if this will help but if you use something like delprof with the appropriate commands / switches or just manually delete the profiles along with the use hive profile cleanup service
Delprof can be found here
http://www.microsoft.com/downloads/details.aspx?familyid=901a9b95-6063-4462-8150-360394e98e1e&displaylang=en
hive profile clean up service can be found here
http://www.microsoft.com/downloads/details.aspx?FamilyId=1B286E6D-8912-4E18-B570-42470E2F3582&displaylang=en
Then try and join the domain does that help with it not caching the old profiles ? ( Not sure if that will be an issue or not due to security ie permissions or anything else but just thought if you cleared the old profiles assuming its a computer you have shifted from one domain to another to see if that helps some what ? )
Also do you have routing between the 250.x and the 251.x subnets ?
Also Just out of personal curiousity how have you got the dhcp pools / reservations setup for the 250.x and the 251.x subnets ( assuming they are both coming from the same and only one dhcp server ) ?
Not sure if any of the above will help but would be nice to know
ASKER
Sorry Guys only back online now.
Thanks for all the comments.
First to address the DHCP issues, the workstation and servers are in different subnets.
I plan to install a firewall between them but at the moment I just have a router. 10.10.250.1 and 10.10.251.1 is the same router.
I have a dhcp relay on that router relaying DHCP requests from 251.x to the DHCP server 250.5
I do not use DHCP on 250.x, all servers with static IPs, I only have a DHCP pool for 251.x
My domain is validsoft.com which is a real domain name, but I had hoped to use split brain DNS to solve my DNS issues for internal and external addresses. Could this pose a problem? And if so why do most Workstations join the domain properly and operate normally when they have the same IP settings as the problem machines?
I am not using an NTP server currently but the times are pretty much in sync.
I will try those profile removers but one point to note, since I changed the SID and hostname the machine will not allow login with previuosly cached credentials so I doubt its a caching problem.
Is anybody familiar with WINS? Do I need it? I installed is as one of the Event IDs indicated that may be problem. But I'm not sure if it's required but I have a suspicion it may be something to do with my problem.
But the problem existed before I installed WINS.
Thanks guys,
Shane
Thanks for all the comments.
First to address the DHCP issues, the workstation and servers are in different subnets.
I plan to install a firewall between them but at the moment I just have a router. 10.10.250.1 and 10.10.251.1 is the same router.
I have a dhcp relay on that router relaying DHCP requests from 251.x to the DHCP server 250.5
I do not use DHCP on 250.x, all servers with static IPs, I only have a DHCP pool for 251.x
My domain is validsoft.com which is a real domain name, but I had hoped to use split brain DNS to solve my DNS issues for internal and external addresses. Could this pose a problem? And if so why do most Workstations join the domain properly and operate normally when they have the same IP settings as the problem machines?
I am not using an NTP server currently but the times are pretty much in sync.
I will try those profile removers but one point to note, since I changed the SID and hostname the machine will not allow login with previuosly cached credentials so I doubt its a caching problem.
Is anybody familiar with WINS? Do I need it? I installed is as one of the Event IDs indicated that may be problem. But I'm not sure if it's required but I have a suspicion it may be something to do with my problem.
But the problem existed before I installed WINS.
Thanks guys,
Shane
I suspected you may have had a router in the mix between the two subnets - what make/model is it? I'm thinking it's not a cheapo consumer model since you state that the two subnets are on the router which would mean two internal interfaces.
DNS is very likely the culprit here - I'm not certain that profiles have anything to do with it.
You should not need WINS at all.
If you have a Cisco router, make sure that you have an IP Helper address set for each internal interface - which it looks like you might.
DNS is very likely the culprit here - I'm not certain that profiles have anything to do with it.
You should not need WINS at all.
If you have a Cisco router, make sure that you have an IP Helper address set for each internal interface - which it looks like you might.
ASKER
Not very expensive I'm afraid, doing the routing on a switch at the moment.
Hoping to get a firewall in so not spending on a router.
Its a 3com 4500 switch.
All traffic is routed from one network to another.
I am suspect of this being a DNS issue on the server.
If it is then why are other clients operating normally if I go through the procedure where I remove them for the old domain by adding them to a Workgroup?
It only if I move them from on domain to another does the problem occur...
Cheers,
Shane
Hoping to get a firewall in so not spending on a router.
Its a 3com 4500 switch.
All traffic is routed from one network to another.
I am suspect of this being a DNS issue on the server.
If it is then why are other clients operating normally if I go through the procedure where I remove them for the old domain by adding them to a Workgroup?
It only if I move them from on domain to another does the problem occur...
Cheers,
Shane
I thought I detailed that earlier.
When simply changing domains, the workstation needs to be able to contact both domains AND have Domain Admin rights in the original domain.
Re-read my post above and let me know if there is something I didn't explain properly.
When simply changing domains, the workstation needs to be able to contact both domains AND have Domain Admin rights in the original domain.
Re-read my post above and let me know if there is something I didn't explain properly.
ASKER
Hi Netman66,
Yes you did, thank you.
I have had forwarders going in both directions, from old DNS to new DNS for the new domain and from new DNS to old DNS for old domain.
Everything works ok if I move workstation from old domain to workgroup and then to new domain, rebooting where required and not making any IP changes.
But I get my problem when I just move from one domain directly to another.
Anyway I'm not that worried about that, I am happy to go old domain-workgroup-new domain.
I just want to solve this problem for the machines that now have it.
Regards,
Shane
Yes you did, thank you.
I have had forwarders going in both directions, from old DNS to new DNS for the new domain and from new DNS to old DNS for old domain.
Everything works ok if I move workstation from old domain to workgroup and then to new domain, rebooting where required and not making any IP changes.
But I get my problem when I just move from one domain directly to another.
Anyway I'm not that worried about that, I am happy to go old domain-workgroup-new domain.
I just want to solve this problem for the machines that now have it.
Regards,
Shane
Im gonna step aside, and let you drive Netman66. This is not my specialty....
FYI, I only mentioned the profiles as to explain why the Runas/subsequent login worked, by creating a cached profile.
FYI, I only mentioned the profiles as to explain why the Runas/subsequent login worked, by creating a cached profile.
ASKER
Hi Guys,
I have reinstalled one of the XP workstations that was having this problem.
I reinstalled with Vista (needed to do this anyway sometime).
Same hostname and IP address and everything is fine, no problems.
This leads me to think this is a problem on the workstation, not on any server.
I have two more XP workstations that still have this problem which I cannot reinstall as easily.
Any ideas further ideas?
Thanks,
Shane
I have reinstalled one of the XP workstations that was having this problem.
I reinstalled with Vista (needed to do this anyway sometime).
Same hostname and IP address and everything is fine, no problems.
This leads me to think this is a problem on the workstation, not on any server.
I have two more XP workstations that still have this problem which I cannot reinstall as easily.
Any ideas further ideas?
Thanks,
Shane
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.