Articles

Cannot login to domain from client

October 13, 2005 at 17:42:48
Specs: win 2003 SBS Premium Ed, 2.8/1Gb

Please help I have exhausted all attempts to solve this on my own.

I have been trying unsuccessfully for weeks to get one workstation (laptop) using windows xp pro sp2 to logon to the Windows 2003 SBS domain. I have read as many books, internet resources and ms tech info on this and still unable to solve this. All attempts from trying other possible solutions that people have encountered with the same error have not worked for me.

Can I ask an old hand at this how I might be able to get this working. The message I receive is as follows:

“The system cannot log you on now because the domain XXXXX is not available”.

This occurs no matter whether I try login to domain on client with the (local) admin account or create a new local user on client workstation. Creating exact same user on the server as domain user makes no difference. I have tried numerous suggestions for example ipconfig /registerdns on both workstation and server, joining and un-joining the domain. The workstation computer name is added to computer & user snap in. The same domain user in server is same user name and password login into the workstation.

When joining from workstation I do get a “Welcome to xxxxxx domain”. Its just when I try login to the domain I get the above message no matter what I try.

Perhaps the install of SBS was not done correctly for my current network configuration. I wanted the server to function initially as stand along server. It was installed mostly using defaults except I chose to use my existing router/firewall/dhcp service to continue as the gateway. (server utilizing only 1 nic) As far as I can see server DNS service is running ok, also I have same DNS IP address entered in both server and workstation. I am using Bigpond provided ones. Should they be different?? DHCP is being served from the router.

After OS installed I believe it automatically installed & configured AD & DC. I did not have to run dcpromo? Not sure why. Have also monitored the event viewer for error and found the following on workstation under Application:

Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

And

Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

IP config in server uses static internal IP, netmask is 255.0.0.0 and gateway is router 10.0.0.138. I have ftp service running on the server and can access it externally no problem. IIS is loaded.

Thanks 4 any help


See More: Cannot login to domain from client

Report •


#1
October 14, 2005 at 06:09:26

Point the SBS server to itself for DNS. Setup forwarding within its DNS setup to your ISP's DNS servers.

Point the client to use DNS on the SBS 2003 server.

Your client machine can't login because it can't locate where the domain controller is, hence saying the domain isn't available. Locating domain controllers is dependent on a DNS lookup for DC service records. Since your client is doing these queries on ISP DNS servers, your ISP servers don't have a clue.

I would also turn DHCP off on the router, and setup DHCP on the SBS2003 server, too.

Please help survivors of Hurricane Katrina...err...Rita. Starting to lose track...

www.redcross.org


Report •

#2
October 14, 2005 at 06:28:45

Hero thanks for your kind advice. I have already changed what you suggested accept where you stated "Setup forwarding within its DNS setup to your ISP's DNS servers."
I have never done this before can you advise how to setup forwarding within its DNS?

Regards


Report •

#3
October 14, 2005 at 07:31:09

The forward on the DNS to the ISP isnt that big of a deal. Without it the server will still use the main root servers on the net for a forward.

What DNS do you have setup on the laptop?

If the DNS is pointed to your ISP on the laptop the server name will not resolve.

You can test this by adding a line to the host file on the laptop.

%systemroot%\system32\drivers\ect

open the host file with notepad

Add a line with the server IP and name

IE
255.0.0.0 server

Attempt to log in to the domain again.

Is DNS installed on the server?
If not install it!

Turn off the DHCP in the router. Install DHCP on the server with the proper scope and DNS pointed to the server. (as recommended above.)


Report •

Related Solutions

#4
October 14, 2005 at 09:06:57

"If the DNS is pointed to your ISP on the laptop the server name will not resolve.

You can test this by adding a line to the host file on the laptop.

%systemroot%\system32\drivers\ect"

Incorrect. You're in effect saying the only DNS record relevant during a client record is the A record of the DC. The client doesn't even know the names of DC's for the domain yet.

The first DNS query is for service records for all DC's in the domain to which the client is trying to log in. Adding a value to the host file on the laptop for the DC does not tell the laptop the DC IS a DC for the domain. That must come from a DNS server.

"Is DNS installed on the server?"

DNS is automatically installed on Small Business Server 2003.

"The forward on the DNS to the ISP isnt that big of a deal. Without it the server will still use the main root servers on the net for a forward."

The . root should be deleted if it exists. Therefore, the forwarder is essential to DNS name resolution.

Please help survivors of Hurricane Katrina.

www.redcross.org


Report •

#5
October 14, 2005 at 09:32:07

Wow being flamed....

well then lets rock....

"Incorrect. You're in effect saying the only DNS record relevant during a client record is the A record of the DC. The client doesn't even know the names of DC's for the domain yet."

If the laptop is set with the DNS to the ISP and not the server...... then when trying to connect to the domain its calling its DNS from the ISP which has no clue who "servername" or "domain" is therfore will not resolve.

"The . root should be deleted if it exists. Therefore, the forwarder is essential to DNS name resolution."

The root servers on the internet are setup by default in DNS.

1.) I would never remove them. They are the last resort for DNS. They are the 14 or 15 server that hold the most info.

2.) Yes you can use them. You do not have to enter a forward. By default the server will use the root internet DNS servers. (Our company has over 300 clients setup without a forward and they function without a issue.)



Report •

#6
October 14, 2005 at 13:07:32

That wasn't a flame. It was technical data this person needed. Don't take it personally.

"If the laptop is set with the DNS to the ISP and not the server...... then when trying to connect to the domain its calling its DNS from the ISP which has no clue who "servername" or "domain" is therfore will not resolve."

It fails before the lookup of the A record ever occurs. You're on step 2 when step 1 already failed.

"The root servers on the internet are setup by default in DNS."

Root hints are, but not necessarily the (.) zone. That is only if the DNS server cannot contact a DNS server.

"If no DNS servers were detected during the initial configuration of Windows 2000 DNS, the system will typically designate the new DNS server as a "root server", which is the ultimate authority for all naming resolution activities. As a result, the new DNS server will not be able to forward any name resolution queries that it is unable to resolve to another server or to the root servers on the Internet."

http://support.microsoft.com/default.aspx?scid=kb;en-us;301191&sd=tech

"1.) I would never remove them. They are the last resort for DNS. They are the 14 or 15 server that hold the most info."

Your DNS server if it has the root zone (.), it thinks it is the authoritative DNS server for EVERYTHING. Therefore, your clients will be unable to resolve any internet FQDN. Root hints and forwarders are then not allowed.

You sound like you're confusing removing root hints and the root zone (.).

http://support.microsoft.com/default.aspx?scid=kb;en-us;301191&sd=tech

Please help survivors of Hurricane Katrina.

www.redcross.org


Report •

#7
October 16, 2005 at 15:39:44

Guys thanks for responding. Then I think your implying that all should be working? Could this be a problem with the router ST530. As I still don't understand the subnet mask. Why??

Still cannot logon to domain. Existing settings:

server:
Static IP 10.0.0.100
subnet 255.0.0.0
Gateway 10.0.0.138

Preffered DNS 10.0.0.100
Alternate none

Workstation Win XP Pro Sp2

Obtain IP address Automatically

Use following DNS server address:

Preffered DNS server 10.0.0.100
Alternate none

I still receive :

Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

In event viewer.

Any ideas? I am still lost on this?


Report •

#8
October 16, 2005 at 19:49:50

Run dcdiag on the server. Sounds like AD isn't set up properly somewhere.

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/TechRef/f7396ad6-0baa-4e66-8d18-17f83c5e4e6c.mspx

Help survivors of Hurricane Katrina. Please donate to the American Red Cross.

www.redcross.org


Report •

#9
November 17, 2005 at 23:36:55

Hi guys
I m have same Kind of problem here can u help
Lets see what i have

I have one Router for internet and secuirty
and its also run DHCP server for all clients

My server is windows 2000 advance server
with ip address 192.168.0.210


cleints are

Windows Xp Pro sp2
windows 2000 pro
with dynamic IP

Windows 2000 pro clients working fine no isuue but Xp clients have problems.
I join them to server ad make first logon to domain user its works but as i restart my system xp clients unable to logon to other user and same user logon but with old profiles
ERROr mesage
The user cannaot logon now becuause domain name is not available

but if i give server IP address in DNS it run but than internet stop working
Can u send some solution
It s only happened with xp clients


Report •


Ask Question