| Author |
Message |
Hokyfan
Guest
|
 Posted:
Wed Nov 09, 2005 9:50 pm Post subject:
Workstation account issues in Active Directory |
|
|
Over the past few weeks the follow problem has appeared on one of the
networks I’m administering…
Intermittently, each morning a number of the users cannot log in at their
workstations – they receive the following, or similar, message:
“Windows cannot connect to the domain either because the domain controller
is down or otherwise unavailable or because your computer account was not
found.”
At this point, the user cannot log on, but the administrator usually can log
in (but not always).
The computers are a mix of Windows 2000 Pro and Windows XP Pro. All have
the latest updates. All of the PCs are clean installs, i.e., they are not
cloned images. There is no way to predict which ones will exhibit the
problem on any particular
One of the following usually works to get user logged in:
1. Power off, restart and login.
2. Log in as administrator, log off and log in as the user.
3. Log in to the local administrator, remove the computer from the domain
and add it back in.
Once logged in, the workstation works fine.
The following is a description and brief history of the network –
The original network consisted of a Windows 2000 Server running Active
Directory and Exchange 2003 (Server A). In February a Windows 2003 server
was added as another Active Directory controller (Server B). (ADPREP
/domainprep and ADPREP /forestprep were run before promoting the new server.)
Replication of the Active Directory seems to be working fine. All computer
and users accounts appear on both servers. When a new user account is
created on Server A, it appears on Server B.
DHCP hands out DNS servers in the order of Server A – Server B – Internet.
It also hands out WINS address in the order Server A – Server B.
The network consists of a number of stacked 24 port 10/100 switches.
Any suggestions as to how to approach this issue?
Thanks,
Rick |
|
| Back to top |
|
 |
Olaf Engelke [MVP Windows
Guest
|
| Posted:
Wed Nov 09, 2005 9:50 pm Post subject:
Re: Workstation account issues in Active Directory |
|
|
As you describe it, all is possible from DNS issues over IP address
assignment problems or digital signing broken.
So some more detailed information from the client would be welcome.
Best greetings from Germany
Olaf |
|
| Back to top |
|
|
Hokyfan
Guest
|
| Posted:
Thu Nov 10, 2005 9:33 am Post subject:
Re: Workstation account issues in Active Directory |
|
|
Thanks for the reply - I was looking at the same area.
One thing that confuses me is that when a workstation doesn't allow the
login for the 'user' - I can immediately sign in as the domain admin and
there is no evidence of any problem. And even this is consistant - it may
work on the workstation one day and not the next - or work on one workstation
and not the one next to it.
I've started to log the incidents so I can trace which network switches the
problem pcs are going through.
I will check the PC's event logs and see if there are any entries for the
probems.
Rick |
|
| Back to top |
|
|
Olaf Engelke [MVP Windows
Guest
|
| Posted:
Thu Nov 10, 2005 9:50 am Post subject:
Re: Workstation account issues in Active Directory |
|
|
Hi,
Hokyfan wrote:
| Quote: | One thing that confuses me is that when a workstation doesn't allow
the login for the 'user' - I can immediately sign in as the domain
admin and there is no evidence of any problem. And even this is
consistant - it may work on the workstation one day and not the next
- or work on one workstation and not the one next to it.
|
maybe for the domain admin are working cached credentials, and for the users
not (depending from the configuration of your policies).
Best greetings from Germany
Olaf |
|
| Back to top |
|
|
Hokyfan
Guest
|
| Posted:
Thu Nov 10, 2005 1:50 pm Post subject:
Re: Workstation account issues in Active Directory |
|
|
I thought of that, but the admin has full access to network resources when
logged in. A cached accout would not. |
|
| Back to top |
|
|
Olaf Engelke [MVP Windows
Guest
|
| Posted:
Fri Nov 11, 2005 1:50 pm Post subject:
Re: Workstation account issues in Active Directory |
|
|
Hi again,
could it be, that the DHCP lease for those clients is running off, the
contact to the DHCP server is not fast enough or the users are trying log in
to early (the shell is up, but the network not)?
Would it work better
a) with a fixed IP address
b) if the users power on the PC, go _slowly_ pick up their morning coffee,
and then login?
Best greetings from Germany
Olaf |
|
| Back to top |
|
|
Hokyfan
Guest
|
| Posted:
Fri Nov 11, 2005 9:50 pm Post subject:
Re: Workstation account issues in Active Directory |
|
|
That doesn't feel right - if the DHCP lease was up - or the workstation did
not receive the IP address then the admin could not log in.
I will try a static IP on one of the workstations... |
|
| Back to top |
|
|
Olaf Engelke [MVP Windows
Guest
|
| Posted:
Fri Nov 11, 2005 9:50 pm Post subject:
Re: Workstation account issues in Active Directory |
|
|
Hokyfan wrote:
| Quote: | That doesn't feel right - if the DHCP lease was up - or the
workstation did not receive the IP address then the admin could not
log in.
well - user could have tried immediatly after startup, while admin comes |
later and tries delayed (which would also function for the user then).
Is the name resolution (DNS) working properly? Are there multiple domains in
the forest? If yes, what is the status of the global catalog in each domain?
Is it reachable for the user PC?
Enable also Auditing of all failures for the workstation, so that maybe the
security log will ring and tell you more details.
| Quote: | I will try a static IP on one of the workstations...
|
Good luck!
Best greetings from Germany
Olaf |
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in