Solved

Win2003 AD cannot login to

Posted on 2013-11-27
15
350 Views
Last Modified: 2013-12-15
have a server 2000 and a server 2003. as far as I know, server 2003 had all the master roles. I tried demoting the server 2000 but it was erroring out so I had to do a forceremoval of the ad, then deleted it from the ad on the 2003. upon demotion it told me what normally says, that it will become a member of the DOMAIN. restarted, came back up, as a member of workgroup.

when I try to join ANY server/pc now to the domain says it cannot find the domain name. first thing I checked was the DNS, triple checked it. even removed the role from the 2003, re added it, deleted the domain.com zone, re added it and nothing.

then I  tried forcing all roles to the 2003, just in case it was missing some, none of them gave any errors. 2003 ad had all the roles of the domain.  since it wasn't working still, I decided to reboot that 2003 AD, and now when it came back up and I tried logging on, it says the domain is not available. Im at a dead end road on what to do now.
0
Comment
Question by:Comptx
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
  • 2
  • +3
15 Comments
 

Expert Comment

by:Kyotokyo
ID: 39682811
I would dettach the LAN cable from the Win server and log in the system and then check the event log for the AD related errors and warnings.
0
 
LVL 5

Expert Comment

by:Kwoof
ID: 39682817
check your dhcp server.  make sure it points DNS to your main server ip.

Did I read correctly...that you cannot log into your main AD server now?

Are you running exchange internally?  If not, can you startup a new domain...maybe on 2008R2 or 2012 and move your services there?  How big is your network and what services are running on it?
0
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 39683232
How many dc you have in env ?Have you tried DSRM mode to login try the same and check in the event log for any errors and warning and post the same.Also check the DNS pointing on DC and set as this:
Best practices for DNS client settings on DC and domain members.
http://abhijitw.wordpress.com/2012/03/03/best-practices-for-dns-client-settings-on-domain-controller/
0
Are You Headed to Black Hat USA 2017?

Getting ready for Black Hat next week? Kick things off with the WatchGuard Badge Challenge and test your puzzle and cipher skills. Do you have what it takes to earn our limited edition Firebox Badge? Get started today - https://crimsonthorn.net

 
LVL 20

Expert Comment

by:compdigit44
ID: 39688861
1)Are you client workstation able to log into the domain?

2) From at workstation please upload the results of the following command:
dcdiag /e /v >c:\dcdiag.txt
0
 

Author Comment

by:Comptx
ID: 39689043
I have not been able to do anything physically with the servers as I support them remotely.

they are only a really small business with about 10 employees, no exchange and only some specific programs for their business. we may just start over with them since I don't think its worth the time trying to fix it when we can redo much quickly
0
 
LVL 5

Expert Comment

by:Kwoof
ID: 39689095
I agree with the "start over" unless when you do get to their office, you can log in physically.  When I had physical servers at clients, I occasionally ran into RDP issues, but have since used the physical machine as just a host for virtuals.  It simplifies backup, recovery and the ability to remote to the actual servers by connected to the host first.  Also Server 2012 has improved vhdx files
0
 

Author Comment

by:Comptx
ID: 39689097
I use logmein for the remote control, so its a console and not an rdp session. both give out the same error logging on.
0
 
LVL 20

Expert Comment

by:compdigit44
ID: 39689795
You never answered the question is the client workstation are still able to log into the domain or not?
0
 

Author Comment

by:Comptx
ID: 39689933
Only administrator and the previously logged in user are able to login. Different user will have the no domain error
0
 
LVL 4

Expert Comment

by:Haslerct
ID: 39692002
Hi,

1. Boot to DSRM mode
2. Check the TCP/IP, make sure the DNS is pointing to correct + working DNS


Thanks
0
 
LVL 20

Expert Comment

by:compdigit44
ID: 39692707
DO you have access to a VPN connection on the client site with access to a IP KVM to gain console access or access to Out-of-Band management like IMM, ILO or DRAC?
0
 

Author Comment

by:Comptx
ID: 39692855
I do not, server is 10+ years old and didn't include any fancy stuff
0
 
LVL 20

Expert Comment

by:compdigit44
ID: 39693223
Ok, if you or someone else a remote access to a workstation computer, log in domain admin and run the dcdiag /v /e >c:\diag.txt and upload the results or talk through the process with a people on site.
0
 

Accepted Solution

by:
Comptx earned 0 total points
ID: 39709042
client has declined any more work to troubleshoot on their systems and opted for the option to redo their domain.

thank you all for your time
0
 

Author Closing Comment

by:Comptx
ID: 39719737
no solution, re-did domain
0

Featured Post

Are You Headed to Black Hat USA 2017?

Getting ready for Black Hat next week? Kick things off with the WatchGuard Badge Challenge and test your puzzle and cipher skills. Do you have what it takes to earn our limited edition Firebox Badge? Get started today - https://crimsonthorn.net

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question