Cannot Logon to Domain

[Dave Mackler]

I have 4 locations with Win 2003, SP1 Domain Controllers and 6-75 users
each. I have one location with 4 users and two workstations with no local
DC. These folks often lose AD logon ability.

If I try to remote into one of these using my domain administrator account,
or any domain account, I get an error message that the domain does not exist
or the user name or password is not correct. But I can remotely logon using
an account local to the machine but that is not a domain account. So the
network is physically there so I can remotely log on as a local user.

If I try and browse in network neighborhood I only see the two local
workstations. This problem exists with both workstations at that site.

An interestin issue is that I cannot ping the router at that site from my
side but I can from their side when remoted in. That makes no sense either.
Is this a router , Cisco PIX, setup issue??

What could cause the inablity to logon to the domain but still allow me to
remote into these workstations as local users.?????????

 

[Steven L Umbach]

I would start by double checking the tcp/ip settings of those computers
making sure that they only specify the IP addresses of domain controllers
as preferred/secondary DNS servers with NO ISP DNS server listed. When
remoted into them see if they can ping the listed DNS servers/domain
controllers by name and fully qualified domain name and access the sysvol
share on those domain controllers [enter \\dcname\sysvol in the run box for
example]. Check the logs via Event Viewer to see if any warnings/errors show
such as for userenv that would indicate a problem contacting domain
controllers. It would also be helpful to run the support tool netdiag on
them to see what shows for dc DNS, dc discovery, trust/secure channel, etc.
Possibly you have a poor network connection at that location to the domain
controllers used for authentication.

Steve