Windows 95-based CNC controller locked out of Server 2008-based domain

I have a CNC laser cutting machine running off a Windows 95-based controller.  This controller connects to our company's domain which is controlled by Windows 2008 Standard domain controllers (32-bit).  Three days ago, there was a brief network outage on the machine, which was traced to a faulty network switch which has been replaced.  However, the controller now won't log into the network with its original login credentials (an "access denied" message appears).  My supervisor, who is the overall network administrator, then tried a different password for that account, but with no success (the original password didn't meet our current security requirements).  The standard administrator login credentials were also tried, again without success.  The original login account was even made a member of the Administrators group for the domain (still no success).  Finally, my supervisor used his own login credentials (which have the highest security access), and was able to connect the machine to the network.  Obviously, because these credentials have full access to everything on the network, this isn't a viable long-term solution.  I know from prior research that Windows 95 wasn't meant to be part of domains, but apparently Microsoft had put out software for Windows 98 that would allow such computers to connect to a Server 2008 computer (I installed that program on this controller 2 years ago and was able to connect to a network drive successfully). So the question becomes how to get the original account to log into the domain again?
Michael BentfeldAssistant Network AdministratorAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

CompProbSolvCommented:
When attempting to log in with the original account was the same format used (domain/login or login@domain) as with the successful login using the supervisor's credentials?

If the format was the same and the only difference is the name and password, then issue should be somewhere in Active Directory.

Have you tried creating a new account in AD?
0
Michael BentfeldAssistant Network AdministratorAuthor Commented:
The format was the same for both (User Name on line 1, password on line 2, domain on line 3).  I haven't tried creating a new account in Active Directory, so I'll try that and see if that works.
0
Craig BeckCommented:
Have you checked the security logs on the DC?
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Michael BentfeldAssistant Network AdministratorAuthor Commented:
Thanks to all who have responded.  First, apparently a new Active Directory account was tried but was unsuccessful (so I was told).  I'm still looking through the security logs, but so far all I'm seeing are just entries indicating a bad user name or password was supplied (even though the correct user name and password for the account were used).
0
Craig BeckCommented:
Thinking about it (after reading everything again) I'd probably look at DNS (or WINS if you're running it), or at least the client's IP configuration.

If authentication worked for the administrator there's no reason why the machine itself wouldn't authenticate successfully for a particular user.  This kind of says to me that the authentication could have failed to reach a domain controller (or a DC which could process the authentication request successfully).

I'd have a play with configuring a single DNS or WINS server address to see if you get different results with different servers.
0
Michael BentfeldAssistant Network AdministratorAuthor Commented:
Just an update - nothing in the security logs other than the aforementioned standard bad username or password.  The gateway is incorrect, I tried changing it to the correct gateway but still no success logging back in afterwards.  Need to get my supervisor involved to log him back in to the machine.  He tried setting up another "ancient" user account (his and this one were created in the Windows NT days) as a domain admin, but I couldn't get the machine logged in with that account either.  I'll try the single DNS approach and see if that works.
0
Michael BentfeldAssistant Network AdministratorAuthor Commented:
Further update - tried going to single DNS - still no luck.
0
Michael BentfeldAssistant Network AdministratorAuthor Commented:
Thanks again for all of the responses.  I tried to modify the existing user profile on the machine controller, which as I understand can normally be done by going to Settings, then Control Panel, then double-clicking on the Users icon.  However, in this instance, there is no Users icon.  How is that possible?  Again, I would be very grateful for any assistance anyone can provide.

Thanks again.
0
Michael BentfeldAssistant Network AdministratorAuthor Commented:
One more item came up.  Further googling of the topic has led me to believe that the old login password is being cached on the computer and that this is casuing at least part of the problem.  Also, there is supposed to be a "Users" icon in the Control Panel to allow user profiles to be managed (including passwords).  However, on this machine, that icon is missing.  Is there any way to get it back?  Please help!
0
CompProbSolvCommented:
If caching is the issue (doubtful, but I guess it could be possible), it wouldn't interfere with logging in from a new account.  Have you been able to test that yet?
0
Michael BentfeldAssistant Network AdministratorAuthor Commented:
I have tried a new account with a revised version user name as the original account (I just added a number 2 to the end) and with the same rights as the original, but got the same error message as with the original ("The domain password you supplied is not correct, or access to your logon server has been denied.")  So far the only account that the logged in successfully is my supervisor's account.  In the course of troubleshooting, I did find with the DNS settings that one of the two DNS's originally referred to was an old domain controller that has been offline for some time.  I put in the current primary domain controller in it's place and left that in when it was suggested to go to a single DNS.  Perhaps I should try replacing that entry with the other DNS of the original two that was listed (which is our backup domain controller)?
0
Michael BentfeldAssistant Network AdministratorAuthor Commented:
One other thing I just tried from searching various sources was to locate the .pwl file associated with that username and deleting that file, then restarting the controller.  However, I was still only able to log in with the Admin credentials.  There is "Passwords" icon in the Control Panel, which has a "Change Windows Password" button.  The only option available there is to change the password for Microsoft Windows Networking.  If I use that option, which password would be changed - the original account, my supervisor's, or both?  I also noticed that there's another option under Passwords, which I didn't look at, for Other Windows Passwords.  Could that work?
0
Michael BentfeldAssistant Network AdministratorAuthor Commented:
Tried changing password, but that didn't work.  Ended up using the administrator's credentials mentioned earlier and setting machine for autologin by modifying the registry.  Haven't been able to test a more effective solution but so far it's working.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Michael BentfeldAssistant Network AdministratorAuthor Commented:
Accepting per guidelines for closing question.  Stated response was most effective solution available at the time.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Networking

From novice to tech pro — start learning today.