win 7 cannot logon to domain via cisco 2950 switch and vlans


task 1

I am running a win 2008 local single domain network and I am using a cisco 2950 with no configurations just as a hub and my win 7 desktop can logon to the domain successfully.

task 2

I have now linked & configure 3 switches to provide fault tolerance as below:

vtp server (primary root bridge)
 - master dc/ad/dns/dhcp - plugged into primary root bridge
- fileprintwds server

- vtp server (secondary root bridge)

vtp client (access switch)
-  win 7 desktop - when I logon to the domain my desktop logs on with the temporary profile  ?


I am currently only using the default 'vlan 1' using same subnet: 192.168.0.x/24 on network and I can ping: master dc from access switch successfully.

note: all root ports & designated ports & altn/blk ports show as expected
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Just to clarify a few things:  
What are these additional switches providing fault tolerance against, the internet going down, or against internal issues?

You mentioned you can ping the master DC from the switch, do you mean using some config interface on the switch itself, or do you mean using your PC on the switch?  (I'd like to know results of both)

If you can ping the server from the PC, then the network is setup properly, and something else is going on:  I would probably start with DNS issues.  What happens if you ping by NAME rather than IP (from the PC)?
mikey250Author Commented:
hi kobus,

I can now logon from my access switch via win 7 desktop without the (temporary profile) using default vlan 1 so all should be good now.  there was obviously something wrong with my domain user account, as I created a new domain user account... so problem solved.

- the secondary root bridge is to guard against internal issues, ie loss of the primary root bridge.

- as I am currently using 'layer 2' switches, I was going to bolt on my 'router' for the layer 3 aspect and at the other end of the router my virgin media connected to the internet is also set to: 'modem' enable that provides me with the 'public ip address'......on the router I was going to configure the 'cbac' for the firewall part and I was going to plug to cables from the virgin media box to my router via 'int fa0/0 & int fa0/1' and configure 'hsrp'.

note: the above is due to what I currently have.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
>>... so problem solved.

Great, so it wasn't a networking issue at all! Using another account was a good test.

>>- the secondary root bridge is to guard against internal issues, ie loss of the primary root bridge.
Wow, I've never even heard of this.  Or perhaps I misunderstand what these bridges are doing; Are they simply acting as LAN switches, or are they going to another office via dedicated T1, or something like that (In which case fail-over, and the term "bridge" makes a lot more sense)?

>>- as I am currently using 'layer 2' switches, I was going to bolt on my 'router' for the layer 3 aspect
Since it sounds like you are trying to improve redundancy, I should mention: it sounds like you will still have a single point of failure for the internet, the router.
Cloud Class® Course: Ruby Fundamentals

This course will introduce you to Ruby, as well as teach you about classes, methods, variables, data structures, loops, enumerable methods, and finishing touches.

mikey250Author Commented:
hi korbus,

well that's what I was taught, however out of date, due to 'rstp' instead but I am using standard stp.  you can have multiple 'vtp server' but there are 2 methods to set them up depending on how old or what ios you have.  but yeah if my primary root bridge goes down then the secondary root bridge activates and traffic is sent in the other direction.  I am though talking from a local position anyway but as far as I know it is the same if remotely connected switches, but if not then I presume 'rstp' is used instead of 'standard stp'

with 'rstp' each vlan has its own root bridge per vlan so it also provides some sort of load-balancing to.

regarding my layer 3 aspect as you mentioned above well yes I only have 1 isp connection, just as a test so if it works I would then know what to do when I get a 2nd isp connection for fault tolerance if I was to do this or even required.
mikey250Author Commented:
regarding the primary and secondary switching you have to know what: root ports, designated ports, alternate/block, via show span and when you unplug cables to test, you will see the go through the election process and change, ie

- blocking, listening, learning, forwarding or whatever.
Thanks for the feedback :)
Since you got it working, may I suggest you select your post about the domain accounts, as the solution.
mikey250Author Commented:
there was an issue with my domain accounts, so I created a new one which solved the problem.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Switches / Hubs

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.