Windows cannot connect to domain (2003)...computer account not found

Status
Not open for further replies.

lemri

Posts: 9   +0
Here is the back story:

I am at a school with a NT4.0 domain server. We bought a new 2003 SP1 server. We have two IP ranges. Our old configuration had static IP address with 2 DNS servers located at the district that was referenced in the TCP/IP properties.

I set up the new server with 4 roles. It has an Active Directory. It is a DHCP server (I have 98 machines). The DHCP has a superscope with 2 scopes within the superscope. Each scope has a range of IP address and the exceptions for the server, printers, et cetera. It also is a DNS server that "listens to all IP addresses" instead of listen to the "following IP addresses."

However, on the listen to the following IP addresses I put in it's own IP address. The DNS server also has 2 forwarders to the district DNS servers.

The last role is as a File Share.

I have connected about 400 computers just fine. Everything is working good...however I am now getting sporadic computers that can't log on. I get this message:
Windows cannot connect to the domain, either because the domain controller is down or otherwise unavailable, or because your computer account was not found. Please try again later.

The computers are still on the server.

If I re-add the client machine to the domain, everything is fine--for now. This has been happening to xp machines. It has happened 5 times now, and I am worried about a continual problem or a major problem around the corner.

Are there any ideas on what is causing this? I have read up a little bit about SID problems, but I am not that literate yet. I am wondering if I set something up wrong, failed to set something up, or if there is an entirely different reason.

Could it be because the computers are still on the NT4.0 directory. I have not taken off the NT4.0 active directory yet or added the NT server to the 2003 server. I also have an independent 2000 server for the library and a 2003 server for a special ed room and program.

No one at the district can help. I am out of ideas. I am getting really worried that I did something wrong I can't fix. I am not an expert. I am in the very beginning stages of my MCSA training.
 
I would look at the network before you look at the OS, when it happens see if you can ping the server by name and IP, also look in the event viewer of the machine and see if there is anything showing up in there.

Regards
 
Are you saying your still using Windows NT Server 4.0? If I was like you I would better off just migrating over that old server to Windows 2003 Enterprise Server. You'll have better results with Active Directory and those scopes or roles.
 
tipstir said:
Are you saying your still using Windows NT Server 4.0? If I was like you I would better off just migrating over that old server to Windows 2003 Enterprise Server. You'll have better results with Active Directory and those scopes or roles.

We are currently using a NT4.0 server. We want to migrate to the 2003 server. However, our NT server is so old and had so many people messing with it without credentials that migrating would be a bad idea in my opinion. It was never set up correctly, lots of people changed settings, roles, and properties.

When we got our new server, I decided to start from scratch. I could not just unplug the old server--secretaries and teachers needed it. So, I recreated all of our student ids in active directory and their network shares on the new 2003 server. I then transferred our clients in our library and labs onto the new server from system properties.

Our old server is still running. It still has the library and lab computers on it, but I added the computers onto the new server. I am wondering if having both servers up and running is causing the problem.

As soon as I figure out why random computers are saying they are not on the new domain, I will turn off the old server (and probably junk it) and add the secretary, teacher, and administrator's computers onto our 2003 server.
 
When I say migrate I didn't mean to use the same old server. But you already have a new server so start there. This takes time to do. Not easy but it can be done. Don't do this during school hours, you'll most likely have to do this after hours.

Have fun!
 
tipstir said:
When I say migrate I didn't mean to use the same old server. But you already have a new server so start there. This takes time to do. Not easy but it can be done. Don't do this during school hours, you'll most likely have to do this after hours.

Have fun!


I guess I am not understanding you. I have already migrated! I have set up my server with 4 roles. I have, with the combination of command lines and vb scripts, added in over 1400 students. I have already created thier network shares. I have transferred their homework on the new server.

It is running and functional. The problem I am having is not in getting migrated. That is done (with the exception of faculty and administration). The problem is the computers I have added onto the new server are randomly taking themselves of the connection to the server.

If I look on the server it says the computer is added. I have even logged on to the local machine several times. But now, for no reason I can think of, when I try to log on to about 5 machines, it says it is not connected to the domain.

I can re-add them to the domain and everything works. I am worried that more machines will, without warning, stop being able to log on to the domain. I am trying to figure out why I keep getting this message on just a few machines:

Windows cannot connect to the domain, either because the domain controller is down or otherwise unavailable, or because your computer account was not found. Please try again later.


Like I said, the new server is up and running. A couple hundred computers have been added to it. I am randomly getting computers that are saying they can't connect to the domain. If I log on locally, I can reconnect them to the domain, but I don't want to have to keep doing that.

Any ideas?
 
how about user time outs or log off settings
maybe someone changed the way the log ons where connected
if you just pulled the info off the NT look at the user ID's see if the logon is set to expire.
try shutting dwn the NT see if you still get the error

a reconnection sounds like security setting
 
hey lemri, try disjoining those computers from the domain and re-join them..that seems to help me out at my job..i get the same error sometimes.
 
lemri said:
I guess I am not understanding you. I have already migrated! I have set up my server with 4 roles. I have, with the combination of command lines and vb scripts, added in over 1400 students. I have already created thier network shares. I have transferred their homework on the new server.

It is running and functional. The problem I am having is not in getting migrated. That is done (with the exception of faculty and administration). The problem is the computers I have added onto the new server are randomly taking themselves of the connection to the server.

If I look on the server it says the computer is added. I have even logged on to the local machine several times. But now, for no reason I can think of, when I try to log on to about 5 machines, it says it is not connected to the domain.

I can re-add them to the domain and everything works. I am worried that more machines will, without warning, stop being able to log on to the domain. I am trying to figure out why I keep getting this message on just a few machines:




Like I said, the new server is up and running. A couple hundred computers have been added to it. I am randomly getting computers that are saying they can't connect to the domain. If I log on locally, I can reconnect them to the domain, but I don't want to have to keep doing that.

Any ideas?


How many licenses for active connections did you set the Windows 2003 Server too?
 
chrispudge said:
hey lemri, try disjoining those computers from the domain and re-join them..that seems to help me out at my job..i get the same error sometimes.

That does work, thanks, but I want to get to the root of the problem and fix it. I tried the advice of pinging the server, and I can ping it just fine.

Moving on I checked the event viewer. There were no security events, but I had lots of application and system events. The event I am zeroing in on is this.
Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40961
Date: 11/27/2006
Time: 8:12:42 AM
User: N/A
Computer: STUDYSKILLS2
Description:
The Security System could not establish a secured connection with the server LDAP/servename.domainname.edu. No authentication protocol was available.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
and
Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 3210
Date: 11/27/2006
Time: 12:46:45 AM
User: N/A
Computer: STUDYSKILLS2
Description:
This computer could not authenticate with \\servename.domainname.edu., a Windows domain controller for domain 2003PVMS, and therefore this computer might deny logon requests. This inability to authenticate might be caused by another computer on the same network using the same name or the password for this computer account is not recognized. If this message appears again, contact your system administrator.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 22 00 00 c0 "..À
and
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1053
Date: 11/27/2006
Time: 8:12:45 AM
User: NT AUTHORITY\SYSTEM
Computer: STUDYSKILLS2
Description:
Windows cannot determine the user or computer name. (Access is denied. ). Group Policy processing aborted.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
and
Event Type: Error
Event Source: AutoEnrollment
Event Category: None
Event ID: 15
Date: 11/21/2006
Time: 6:03:42 PM
User: N/A
Computer: STUDYSKILLS2
Description:
Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

It looks like I am off to read that link that has been referenced in every error message.
 
This is more Active Directory problem with assigned names and active/none active names on your enterprise. Does Active Directory see these PCs on your domain?
 
yes.

From reading the articles, I think the problem is that my NT4.0 is acting as a DHCP and the 2003 is a DHCP server. The NT4.0 is not connected to my 2003 domain, so I have to DHCP servers assigning ip addresses.

Most of my NT4.computers that are not added to the 2003 server have static ip addresses, but some of them don't. The ones that are relying on dynamic ip addresses are causing a problem with authentication--this is what I am thinking.

Once I convert the teacher computers over, I can take the NT4.0 server offline. I think and hope that will resolve the issue.
 
chrispudge said:
lemri, once you disjoin & rejoin the pc - does the problem still occur?


It doesn't re-occur on that particular machine. At least not yet. It has only happened a few times, so I am not sure if rejoining permanently fixes it or if it could occur in the future.

I really want to take my old NT40 offline, however our administration accesses a database on the old server for student school, money, and grade, accounts. Until the district gets me an updated database file to put on the 2003 server, I can not take it off line.

They have a process I have to go through. I have emailed and called them and hope I can get it today.

I have deleted the old computers off of the server. I am going around today and changing the DNS server on the machines that are still connected to the NT server to my 2003 server.

Once I get done, I am going to take off the DHCP and DNS server functions on the old server and hope that helps.

By the way, thank you for all of your feedback and advice. It has helped me narrow the problem and focus my thoughts.
 
Status
Not open for further replies.
Back