NT workstations cannot login after dcpromo

[Cooky]

We had 2 DC's on a Windows AD environment, both running 2000 server. After we promote a Server 2003 server to replace one of the original DC's, NT4 clients can no longer login. Users can only login w/ cached information. This starts happening the next day after we ran dcpromo, so not sure if the two are related.

The NT4 clients have network connectivity (can ping and get online), but just can't authenticate against their Windows accounts. An error pops up saying "no logon servers are available" whenever users try to access network shares.

Does anyone know how to get this fixed?

 

[JRock]

Was the 2003 AD DC setup in mixed-mode...?

Have you tried demoting it?

 

[Cooky]

I believe we set it to be in mixed-mode...is there any way to tell which mode it is operating on?

 

[JRock]

I think if you right-click in on the domain within the AD root and goto properties it tells you. I will confrim in like 5 mins.

Also I am not totally sure NT4 and 2003 can co-exist peacefully 😉

 

[JRock]

Yes open up Domain and Trusts and right-click on the domain. Goto properties and it will tell you the current mode.

 

[Cooky]

What should it say when it's in mix-mode?
Right now it says Windows 2000 native as the Domain functional level.

 

[JRock]

Domain operation mode:
Mixed-mode (supports both Windows 2000 and pre-Windows 2000 domain controllers)

 

[Rilex]

Mixed-mode/native mode only affects the ability of NT4 Server to be a BDC on the network, it doesn't lock out NT4 Server/Workstation from being a domain member.

Do your NT4 WKS resolve the domain controllers DNS entry correctly?

 

[Cooky]

"Do your NT4 WKS resolve the domain controllers DNS entry correctly?"
Yes, they can ping other hosts by either name or IP.

I was gonna remove the NT4's off the domain, and rejoin them into domain. This has worked for some XP clients before, but it didn't work on these NT4's - when I was joining the domain, it keeps saying it couldn't find any domain controllers.

Also, another admin who's been here for several years said they've always been running DC's in 2000 native mode and nobody ever had any problem until we promoted a Server 2003 DC.

 

[JRock]

Please disregard all comments I made in the post. For some reason I saw NT4 and though Server even through right next to it you saud "Workstation" in nice big letters 🙂

This is why I was confused as I interpreted it as you had an NT4 PDC and you just promoted a 2003 DC.

 

[Cooky]

That's ok, JRock.
We came up w/ one solution: get rid of NT4 machines. They're too old to exist on our network anyway.
If anyone knows how to get this fixed though, please post.
Thanks for everyone's replies.

 

[ktwebb]

I'd probably edit the local hosts file, pointing the actual domain name to the IP of that DC your trying to hit directly. Might do nothing. Worth a shot.

If the 2k3 domain is pizza and the IP of that DC is 192.168.1.1 hosts file would look like
192.168.1.1 pizza

Also, you said you removed the machine from the domain on the workstation already, assumably putting it into a workgroup. You might want to create a local account that matches a domain account with domain admin privileges, log into the workstation with that account and try to add. Also create the computer account in AD before you try to add it from the workstation. None of these are tried and true. Just some thigns I'd try personally.

 

[Rilex]

You need to use nslookup and see if that is working properly. Mearly pinging a host isn't good enough. That just means the local DNS/WINS cache is operating correctly.

Also make sure WINS is active and working properly on the network.

 

[Cooky]

I'll try the host file tomorrow.

I already tried nslookup and it worked. The resolving server was one of the DC's.

A lot of the users rely on WINS to share files and the fact that we haven't heard anyone complain probably means it's working.