locked
Client Login Domain problem RRS feed

  • 問題

  • Hello, All

    My network have PDC and BDC(all is window server 2003), when I use the Client PC login to Domain, it will prompt like "cannot find the AD or network, please contact system administrator" after in the PDC event viewer, is show the event 1030 and 1058, if i Stop the BDC, the user is login successful but cannot connect other File server or printer, if i stop PDC, the user is still cannot login the Domain, could anyone provide the solution for us?
    I try this solution but is doesn't work
    http://support.microsoft.com/kb/842804
    http://support.microsoft.com/kb/888943


    tomcruise881903
    2009年5月7日 上午 03:14

解答

  • Dear Customer,

     

    From your post, my understanding on this issue is: You cannot log on the Windows Server 2003 domain from a Windows 2003 system.  To resolve this issue, please perform the following steps:

     

    Step I: Check the client PC IP Configuration

    =======================

    Generally, improper DNS setting on the client side will cause similar issue. I suggest checking the DNS setting on the remote DC. The following are the general steps for your reference:

     

    1. Click Network and Dial-up Connections.

     

    2. Right-click the Connection and then click Properties.

     

    3. In the Local Area Connection Properties dialog box, click "Internet Protocol (TCP/IP)", and then click Properties.

     

    4. Please verify whether the "Preferred DNS server" and "Secondary DNS server" has been correctly set.

     

     

    Step II: restart net logon service

    =======================

    1. Use administrator account logon to Window Server 2003.

     

    2. Click Start and then run, type Servcies.msc and click OK.

     

    3. In the right details pane, right-click net logon, and then click Properties.

     

    4. Click Stop to stop the service and then click Start to restart the service.

     

     

    Step III: Rejoin the Computer to the Domain.

    =======================

    1. Please log on the Windows 2000 as a Local Administrators Group member, disconnect all mapped network drives.

     

    2. Right click My Computer on the desktop, and then click Properties. Click Computer Name tab, click Change button.

     

    3. If the check box of Domain is checked, please click to check the check box of Workgroup, and then type a workgroup name under it, for example type "WORKGROUP". And then click OK, restart the computer

     

    If the check box of Workgroup is already checked, simply skip step 3.

     

    If this step failed, please unplug the network cable and try again.

     

    4. Click to check the check box of Domain, and type your domain name, and then click OK.

     

    When the computer is rejoined to the domain, please go to the next step.

     

     

    Step IIII: Modify Local Security Policy.

    ----------------------------------------------------

    1. On Windows 2003 system, log on as a Local Administrators Group member, click Start, and then click Control Panel.

     

    2. If you are using Classic view in Control Panel, double-click Administrative Tools, and then double-click Local Security Policy.

     

    If you are using Category view in Control Panel, click Performance and Maintenance, click Administrative Tools, and then double-click Local Security Policy.

     

    3. Under the Local Policies\Security Options node, double-click the Domain Member: Digitally encrypt or sign secure channel data (always) policy to open it.

     

    4. Click Disabled, and then click OK.

     

    5. Log on the Windows 2003 as a domain user account to test this issue.

     

    Hope the above information helps. If you have any further questions or concerns, please feel free to let me know. I am happy to be of assistance.

     

    Thank you for your time.


    Sincerely


    Tom Zhang


    Tom Zhang – MSFT
    2009年6月10日 上午 10:53
    版主

所有回覆

  • Hi,

    I think there have some problem in your DNS. Please check what is the DNS IP the users and server is using. All the users should point to the AD as DNS server, and the DNS Server in AD should forward the DNS Requests to internet.

    You should also check the servers IP address, and DNS address, and all the Computers, servers and AD should registrate to the DNS servers as well.

    Hope this helps.
    Jacky
    2009年5月10日 下午 02:32
  • Dear Customer,

     

    From your post, my understanding on this issue is: You cannot log on the Windows Server 2003 domain from a Windows 2003 system.  To resolve this issue, please perform the following steps:

     

    Step I: Check the client PC IP Configuration

    =======================

    Generally, improper DNS setting on the client side will cause similar issue. I suggest checking the DNS setting on the remote DC. The following are the general steps for your reference:

     

    1. Click Network and Dial-up Connections.

     

    2. Right-click the Connection and then click Properties.

     

    3. In the Local Area Connection Properties dialog box, click "Internet Protocol (TCP/IP)", and then click Properties.

     

    4. Please verify whether the "Preferred DNS server" and "Secondary DNS server" has been correctly set.

     

     

    Step II: restart net logon service

    =======================

    1. Use administrator account logon to Window Server 2003.

     

    2. Click Start and then run, type Servcies.msc and click OK.

     

    3. In the right details pane, right-click net logon, and then click Properties.

     

    4. Click Stop to stop the service and then click Start to restart the service.

     

     

    Step III: Rejoin the Computer to the Domain.

    =======================

    1. Please log on the Windows 2000 as a Local Administrators Group member, disconnect all mapped network drives.

     

    2. Right click My Computer on the desktop, and then click Properties. Click Computer Name tab, click Change button.

     

    3. If the check box of Domain is checked, please click to check the check box of Workgroup, and then type a workgroup name under it, for example type "WORKGROUP". And then click OK, restart the computer

     

    If the check box of Workgroup is already checked, simply skip step 3.

     

    If this step failed, please unplug the network cable and try again.

     

    4. Click to check the check box of Domain, and type your domain name, and then click OK.

     

    When the computer is rejoined to the domain, please go to the next step.

     

     

    Step IIII: Modify Local Security Policy.

    ----------------------------------------------------

    1. On Windows 2003 system, log on as a Local Administrators Group member, click Start, and then click Control Panel.

     

    2. If you are using Classic view in Control Panel, double-click Administrative Tools, and then double-click Local Security Policy.

     

    If you are using Category view in Control Panel, click Performance and Maintenance, click Administrative Tools, and then double-click Local Security Policy.

     

    3. Under the Local Policies\Security Options node, double-click the Domain Member: Digitally encrypt or sign secure channel data (always) policy to open it.

     

    4. Click Disabled, and then click OK.

     

    5. Log on the Windows 2003 as a domain user account to test this issue.

     

    Hope the above information helps. If you have any further questions or concerns, please feel free to let me know. I am happy to be of assistance.

     

    Thank you for your time.


    Sincerely


    Tom Zhang


    Tom Zhang – MSFT
    2009年6月10日 上午 10:53
    版主