Avatar of nigelbeatson
Flag for United Kingdom of Great Britain and Northern Ireland asked on

sbs2003 domain login problem

We have a single sbs2003 running exchange, and just recently, we are having problems with clients logging in to the domain. It seems to be worse on the older xp machines, but has occasionally affected V7 pro workstations too.

If we remove the workstation from the domain, and rejoin it, we can log in OK, but when we restart the workstation, the problem returns.

At the moment, all but one are logged in OK, but I wanted to know if there is anything we should look for, and how to resolve the issue.

Any advice, would be appreciated.

SBSWindows Server 2003

Avatar of undefined
Last Comment

8/22/2022 - Mon

What error are you getting when they try to login?

We just get the message that we have used an incorrect username or password.
Brian Harrington

Dumb question, is the time set correctly on both the client and the server?  Kerberos is time dependent.
Your help has saved me hundreds of hours of internet surfing.

Yes, I can confirm that the workstation and server are set to the correct time.

The current problem workstation, I have found allows one user to log in, but not the other??

Brian Harrington

have you ran dcdiag on the dc?  It may be a domain controller issue.

No, I will give it try and post the results. Thanks.
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
Brian Harrington

No problem.  If the dcdiag doesn't report errors, have you tried reinstalling the OS on the clients and re joining them to the domain? You may have some stuff in the registry causing the issue, such as HKU records for identical names, which would have different identifiers.

first step: check the event viewer on the pc. it may have problems connecting or updating with the DC. if this doesnt help, check the security log on the DC. if this shows the corresponding user login failure you know its not the PCs fault but the DC.

Let us know what you find and we can go from there,

I will check the event log. Where is the DC security log??

Here is the DCDIAG report. A couple of errors which are beyond me I am affraid. Any help in assessing this would be appreciated.

Many thanks.
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
Brian Harrington

One of them is a pretty big issue, but unrelated. The bad block on the hard drive should be addressed as soon as possible.  The SYSVOL may be the culprit but I doubt it.  have you tried a clean install on the client?  Also, is the client to the current on it's updates?

Thankyou. Yes, we are aware of the bad block, but presumed the OS would mark it so, relocate the data and mark it "don't use".

We have not tried a clean install of the client OS, if that is what you mean, due to the amount of programs and data on the workstation in question. We will of course have to do this if essential.

Due to the amount of work involved in doing this, we thought we should try further investigations first, particulalry, as it has affected other workstations too.

Updates are enabled on each of our servers and client workstations.

the security log in in the event viewer on the Domain Controller should show any failed attempts for users to log on. the faiiures (or lack of them) can help work out where the issue is.
You also need the events from the applicaton and system logs on the PC though.
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.

View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.

1. has anything changed with your DHCP scope options?

2. run ipconfig /flushdns on the server

3. on workstations run ipconfig /flushdns then ipconfig /registerdns

4. run the connect to the internet wizard on the SBS, its a good place to start SBS love the built in wizards.

Many thanks to all.

I have carried out the dcdiag test fir DNS and the results are as follows :-

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests
   Testing server: Default-First-Site-Name\SWWSERVER
      Starting test: Connectivity
         ......................... SWWSERVER passed test Connectivity

Doing primary tests
   Testing server: Default-First-Site-Name\SWWSERVER

DNS Tests are running and not hung. Please wait a few minutes...
   Running partition tests on : ForestDnsZones
   Running partition tests on : DomainDnsZones
   Running partition tests on : Schema
   Running partition tests on : Configuration
   Running partition tests on : swdom
   Running enterprise tests on : swdom.local
      Starting test: DNS
         Test results for domain controllers:
            DC: swwserver.swdom.local
            Domain: swdom.local

               TEST: Forwarders/Root hints (Forw)
                  Error: Forwarders list has invalid forwarder: (<name unavailable>)
         Summary of test results for DNS servers used by the above domain controllers:

            DNS server: (<name unavailable>)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the failed on the DNS server
         Summary of DNS test results:
                                            Auth Basc Forw Del  Dyn  RReg Ext  
            Domain: swdom.local
               swwserver                    PASS PASS FAIL PASS PASS PASS n/a  
         ......................... swdom.local failed test DNS

The strange thing is, I changed the DNS forwarders to and also one other that I often use, but the error persists. Very strange.

Any suggestions?

I can also confirm that the problem workstation form yesterday (XP Pro client) is now working fine, but one of our Windows V7 workstations failed to log in (again incorrect username / password).

The user tried to log on a different usrer at a different V7 workstation, and this logged in fine. After doing this, they could then log in OK on their workstion too.

I checked the Security event log, and it showed :--

Logon Failure:
       Reason:            Unknown user name or bad password
       User Name:      
       Logon Type:      3
       Logon Process:      Kerberos
       Authentication Package:      Kerberos
       Workstation Name:      -
       Caller User Name:      -
       Caller Domain:      -
       Caller Logon ID:      -
       Caller Process ID:      -
       Transited Services:      -
       Source Network Address:
       Source Port:      3911

All are working OK at the moment, but there must be an underlying issue, as it has been like this for a few weeks now, and I need to get to the bottom of it.

Any further help would be appreciated.


Not changed anything on the DHCP service at all.

I think it is a server based problem, as the workstations do connect sometimes, first time. They are all working now, but I know come Monday, we will get this issue somewhere on the network.

Many thanks.
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck

1. reset your switch since its a single point of failure, if it's a managed check the logs. Could be a port intermittently broadcasting bad info or something like this.

COuld you explain the following details from your post:

"Source Network Address:
       Source Port:      3911"

How come your IP has come out as an external IP instead an internal one?
Also, port 3911 is a little odd for workstation login.

Are there any details you've missed here?

Sorry for the delay in replying.

No, I cannot explain the IP address?? The workstation is a local device and is connected via ethernet to our server.

Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.