Old domain name in mixed mode

[avigdor]

Hi,

I am having a problem after the big blackout here.
I have a mixed mode domain (Windows 2000 and NT 4.0) and I got myself
into a problem I can't see the solution for.
We had some network problems here with our switches but before I
figured it out I did some changes I can't really recall to our DNS and
maybe some other configurations.
Now I can't login with windows 9x clients to the domain and with the
windows XP/2k clients I can login but can't browse the NT machine (the
BDC).
I can't add a XP/2k computer to the old domain name (domain) only to
the new domain name (domain.organization)
An intersting thing is that with the administrator account I can login
to the domain on these machines.
Any help will be so appreciated (I had to sleepless nights and i don't
want to think of the third one)
Avigdor
(e-mail address removed)

 

[D.C.]

hello,

Trying to help you, but as the problem seems to be quite *vague* let's do
some check (the problem could be with the configuration changes that you
don't really recall...).

- Check connectivity, seems something strange but cuting electricity or
shutting down machines who runs 24/7 could makes some strange things
happens. So check cables, nic's, and the switches. Everything could have
been bad, a cable that was "almost dead" a nic that didn't supported the
switch off and so on.
- Check if everything is ok with the protocols you use (I suppose mostly
tcp/ip) this can be acheived through pingin the local loop (127.0.0.1) and
the IP's attributed, do the ping test to the servers from every server to
everyother one (if they you don't have that much servers). A very useful
command is "pathping" (pathping 192.168.1.24 for example) it gives you
statistics with all the losts packets ideally you have a 0% loss. If you
have 5% or less loss maybe it's some machine who is overcharged and has some
difficulties to answer you, more than 5% you should check, things goes bad
when you reach 33% loss.
- Check if everything is ok using some network analyzer (using Ethereal
network analyzer (www.ethereal.com) nice as it's free of charge and works
under any environment (java based).
- Check trusts relationships between the two servers and the domains maybe
the blackout happenned while they were replicating some informations ...
- Anyway If you can logon as an admin (sure that you get the token from the
server and he's not using a precedent login information who is stored
locally ? (it's a policy that you can modify!). means that you can access
the servers.
-The fact that "old style" (98 clients ...) cannot loggin into it's because
they doesn't find a server who is accredited for this role (with the new
domain).
-Try to find what's happens really under event log and the log files you
should trace deeply the login process (for an user) and identify the
problem.

This is just the begining in this checklist there is nothing that could
really directly answers you question but only a few paths to check (always
do that after some unexpected failure anyway...) checking back the
hardware/software is always a nice thing, it's not 6 month after the
blackout that you want to discover that a few important (they would, trust
me) are corrupted (and you need badly to recover them...)).

Anyway I've got the feeling that you should check the local security
policies and the domain policies as well, the fact that so many things went
bad could be because your securitiy policies were screwed, I had this
interesting case (still on it in fact...) who our main server crashed (the
raid went nut...among other things) and this had the consequences of
screwing a little bit (ok more than that) my Active Directory Schema, roles
and...policies ! (I couldn't use the dcpromo feature anymore but I could put
machines into the domains, among other funny things like our exchange 2000
first intallation that was ghosted into the AD schema...).

Good luck !
Daniel C.