Logon errors

[Bill]

Help!

Earlier this week my HD for my domain server crashed...on
startup BIOS refused to recognize it so I installed
another HD and loaded W2kAS from scratch. For some
reason this is the error message I get when trying to
log onto the server from my client.

"The system cannot log you on now because the domain is
not available."

This is strange as I have an account on the domain and am
also in the "Administrator" group and joined the client
to the domain just prior to trying to logon under the
domain account.

Ideas as to why the "...Domain is not available?"

Am running SP4. DC is also GC, Schema, and DNS SOA.

The logon process doesn't even show up on my Security
Event Log.

Bill

 

[Kevin D. Goodknecht [MVP]]

In Bill <[email protected]> posted a question
Then Kevin replied below:
: Help!
:
: Earlier this week my HD for my domain server crashed...on
: startup BIOS refused to recognize it so I installed
: another HD and loaded W2kAS from scratch. For some
: reason this is the error message I get when trying to
: log onto the server from my client.
:
: "The system cannot log you on now because the domain is
: not available."
:
: This is strange as I have an account on the domain and am
: also in the "Administrator" group and joined the client
: to the domain just prior to trying to logon under the
: domain account.
:
: Ideas as to why the "...Domain is not available?"
:
: Am running SP4. DC is also GC, Schema, and DNS SOA.
:
: The logon process doesn't even show up on my Security
: Event Log.
:
: Bill
Usually if you get "Domain is not available" it is because you are not using
the DC only for DNS.

Was the server that crashed also a DC?

And did you give it the same name?

Does the current DC hold all the five FSMO roles?

 

[Bill]

-----Original Message-----
In Bill <[email protected]> posted a question
Then Kevin replied below:
: Help!
:
: Earlier this week my HD for my domain server crashed...on
: startup BIOS refused to recognize it so I installed
: another HD and loaded W2kAS from scratch. For some
: reason this is the error message I get when trying to
: log onto the server from my client.
:
: "The system cannot log you on now because the domain is
: not available."
:
: This is strange as I have an account on the domain and am
: also in the "Administrator" group and joined the client
: to the domain just prior to trying to logon under the
: domain account.
:
: Ideas as to why the "...Domain is not available?"
:
: Am running SP4. DC is also GC, Schema, and DNS SOA.
:
: The logon process doesn't even show up on my Security
: Event Log.
:
: Bill
Usually if you get "Domain is not available" it is because you are not using
the DC only for DNS.

Was the server that crashed also a DC?

And did you give it the same name?

Does the current DC hold all the five FSMO roles?


--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
============================

Kevin,

Yes to all three questions. My server was a DC,
Schema, GC, DNS and has the same name. I even
reinstalled w2k with AD again. I am beginning to believe
it's a DNS thing so am changing my SOA to point back to
Register.com. Perhaps I'll just make my DNS server a
cache server instead.

Bill

 

[Ace Fekay [MVP]]

In

Kevin,

Yes to all three questions. My server was a DC,
Schema, GC, DNS and has the same name. I even
reinstalled w2k with AD again. I am beginning to believe
it's a DNS thing so am changing my SOA to point back to
Register.com. Perhaps I'll just make my DNS server a
cache server instead.

Bill

If you installed AD fresh on the new machine, no matter if the name is the
same, the domain is a totally new domain. You would hav to disjoin and
rejoin the machines to the domain and create new uesr accounts.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Bill]

-----Original Message-----
In Bill <[email protected]> posted their thoughts, then I
offered mine

If you installed AD fresh on the new machine, no matter if the name is the
same, the domain is a totally new domain. You would hav to disjoin and
rejoin the machines to the domain and create new uesr accounts.

Ace,
I agree....the reinstall of w2kAS creates another
unique SID for the machine. All new user accounts also
have new SIDs. I had already unjoined the client from
the server and after that remade the computer account on
the domain. Funny thing is that the client joined the
domain fine and had no problem finding the account to do
so but that same user can't logon to the domain without
that error message. I realize the two processes, joining
a domain and user logon, are different but am stumped at
the moment....AD,DNS??? Ahhhh!!!

 

[Kevin D. Goodknecht [MVP]]

In Bill <[email protected]> posted a question
Then Kevin replied below:
: Yes to all three questions. My server was a DC,
: Schema, GC, DNS and has the same name. I even
: reinstalled w2k with AD again. I am beginning to believe
: it's a DNS thing so am changing my SOA to point back to
: Register.com. Perhaps I'll just make my DNS server a
: cache server instead.

What SOA? I hope certainly you're not talking about the local domain SOA.
Your local AD DNS must be SOA for your local domain.

You really shouldn't be using your local AD DNS as SOA for your public
domain.

::
:: If you installed AD fresh on the new machine, no matter if the name
:: is the same, the domain is a totally new domain. You would hav to
:: disjoin and rejoin the machines to the domain and create new uesr
:: accounts.
::
:: --
:: Regards,
:: Ace
::
:
: Ace,
: I agree....the reinstall of w2kAS creates another
: unique SID for the machine. All new user accounts also
: have new SIDs. I had already unjoined the client from
: the server and after that remade the computer account on
: the domain. Funny thing is that the client joined the
: domain fine and had no problem finding the account to do
: so but that same user can't logon to the domain without
: that error message. I realize the two processes, joining
: a domain and user logon, are different but am stumped at
: the moment....AD,DNS??? Ahhhh!!!

So you only had one DC and your reinstalled it using the same domain name?
Sure makes you think twice about only having one DC doesn't it

I think you're going to have to remove the clients from the domain, then
delete the computer's account and rejoin the client and let it create the
computer account.
It sounds to me like it is trying to logon using cached credentials from the
old domain, and that domain does not exist anymore.

 

[Ace Fekay [MVP]]

In

Ace,
I agree....the reinstall of w2kAS creates another
unique SID for the machine.

Not just for the machine Bill, but the WHOLE domain has a new SID. It's a
completely NEW entitiy.

All new user accounts also
have new SIDs.

That's correct.

I had already unjoined the client from
the server and after that remade the computer account on
the domain.

Unjoined and re-joined the machine or did you just create the computer
account and then join it to the domain? I would rather see you do what Kevin
suggested, disjoin the machine, delete the computer account, restart the
client, then join the domain WITHOUT creating the computer account first.

Funny thing is that the client joined the
domain fine and had no problem finding the account to do
so but that same user can't logon to the domain without
that error message.


I realize the two processes, joining
a domain and user logon, are different but am stumped at
the moment....

Yes, totally different.

AD,DNS??? Ahhhh!!!

Just make sure you are only using the internal DNS server.



--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory