[Last Call] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 298
  • Last Modified:

win 7 cannot logon to domain via cisco 2950 switch and vlans


task 1

I am running a win 2008 local single domain network and I am using a cisco 2950 with no configurations just as a hub and my win 7 desktop can logon to the domain successfully.

task 2

I have now linked & configure 3 switches to provide fault tolerance as below:

vtp server (primary root bridge)
 - master dc/ad/dns/dhcp - plugged into primary root bridge
- fileprintwds server

- vtp server (secondary root bridge)

vtp client (access switch)
-  win 7 desktop - when I logon to the domain my desktop logs on with the temporary profile  ?


I am currently only using the default 'vlan 1' using same subnet: 192.168.0.x/24 on network and I can ping: master dc from access switch successfully.

note: all root ports & designated ports & altn/blk ports show as expected
  • 4
  • 3
1 Solution
Just to clarify a few things:  
What are these additional switches providing fault tolerance against, the internet going down, or against internal issues?

You mentioned you can ping the master DC from the switch, do you mean using some config interface on the switch itself, or do you mean using your PC on the switch?  (I'd like to know results of both)

If you can ping the server from the PC, then the network is setup properly, and something else is going on:  I would probably start with DNS issues.  What happens if you ping by NAME rather than IP (from the PC)?
mikey250Author Commented:
hi kobus,

I can now logon from my access switch via win 7 desktop without the (temporary profile) using default vlan 1 so all should be good now.  there was obviously something wrong with my domain user account, as I created a new domain user account... so problem solved.

- the secondary root bridge is to guard against internal issues, ie loss of the primary root bridge.

- as I am currently using 'layer 2' switches, I was going to bolt on my 'router' for the layer 3 aspect and at the other end of the router my virgin media connected to the internet is also set to: 'modem' enable that provides me with the 'public ip address'......on the router I was going to configure the 'cbac' for the firewall part and I was going to plug to cables from the virgin media box to my router via 'int fa0/0 & int fa0/1' and configure 'hsrp'.

note: the above is due to what I currently have.
>>... so problem solved.

Great, so it wasn't a networking issue at all! Using another account was a good test.

>>- the secondary root bridge is to guard against internal issues, ie loss of the primary root bridge.
Wow, I've never even heard of this.  Or perhaps I misunderstand what these bridges are doing; Are they simply acting as LAN switches, or are they going to another office via dedicated T1, or something like that (In which case fail-over, and the term "bridge" makes a lot more sense)?

>>- as I am currently using 'layer 2' switches, I was going to bolt on my 'router' for the layer 3 aspect
Since it sounds like you are trying to improve redundancy, I should mention: it sounds like you will still have a single point of failure for the internet, the router.
[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

mikey250Author Commented:
hi korbus,

well that's what I was taught, however out of date, due to 'rstp' instead but I am using standard stp.  you can have multiple 'vtp server' but there are 2 methods to set them up depending on how old or what ios you have.  but yeah if my primary root bridge goes down then the secondary root bridge activates and traffic is sent in the other direction.  I am though talking from a local position anyway but as far as I know it is the same if remotely connected switches, but if not then I presume 'rstp' is used instead of 'standard stp'

with 'rstp' each vlan has its own root bridge per vlan so it also provides some sort of load-balancing to.

regarding my layer 3 aspect as you mentioned above well yes I only have 1 isp connection, just as a test so if it works I would then know what to do when I get a 2nd isp connection for fault tolerance if I was to do this or even required.
mikey250Author Commented:
regarding the primary and secondary switching you have to know what: root ports, designated ports, alternate/block, via show span and when you unplug cables to test, you will see the go through the election process and change, ie

- blocking, listening, learning, forwarding or whatever.
Thanks for the feedback :)
Since you got it working, may I suggest you select your post about the domain accounts, as the solution.
mikey250Author Commented:
there was an issue with my domain accounts, so I created a new one which solved the problem.

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now