Koozali.org: home of the SME Server

"Windows cannot connect to domain . . . "

Offline janet

  • ****
  • 4,812
  • +0/-0
Re: "Windows cannot connect to domain . . . "
« Reply #15 on: September 22, 2009, 02:07:44 AM »
RF_Guy

You could run a CD install but select upgrade, and you will be stepped through the Configure this server process and NIC drivers should be auto determined or manually requested
Please search before asking, an answer may already exist.
The Search & other links to useful information are at top of Forum.

Offline RF_Guy

  • 14
  • +0/-0
Re: "Windows cannot connect to domain . . . "
« Reply #16 on: September 22, 2009, 02:32:22 AM »
Mary, Stefano,

I've got the new server hardware live with all the transfered data and user accounts.
I was able to stop the error messages scrolling on the console by stopping httpd-e-smith.  Once the messages stopped scrolling on the console I was able to login as admin and configure the network interfaces, set the local network to use DHCP, and check all the other settings.  I also ran the "Cleaning up" instructions for cleaning up after affa.
Now all the networked PCs can login, share files, print to network printers etc.
I still have one big issue though.  The two desktop PC's I used for testing with the new server still get the . . .


 "Windows cannot connect to the domain, either because the domain controller is down or otherwise unavailable, or because your computer account was not found.  Please try again later.  If this message continues to appear, conact your System Adminstrator for assistance."

The strange thing is that if I disconnect the network connection on either of those two PCs wait a couple of minutes, then login, it will login okay, then connect the network cable, wait a couple more minutes, then the PC sees all the network drives, can print, browse the web, send recieve email all looks normal, just is a bizare that have to login with the Network cable disconnected.  All the other desktops (that I didn't use for testing) don't exihibit this issue.

I've looked at the registry entries for "RequireSignOrSeal" and they all appear to be correct (disabled).
I've run the .reg file at Server-resouces for windowsxp boxes (which I believe just sets the RequiresSignOrSeal parameter.

I'm concerned that I some how got the SID from the server before I did the affa transfer intertwined on these two PC accounts.

I'll be doing more research to see if I can figure out how to fix this, but in the mean time the new server is live and folks coming in tomorrow on tuesday will be using the new SME-server 7.4.

If you have any ideas about this last issue I'd appreciate your comments or ideas.

Thanks for helping me get this far, you help has been indespensible.

John Purdy
RF_Guy

Offline janet

  • ****
  • 4,812
  • +0/-0
Re: "Windows cannot connect to domain . . . "
« Reply #17 on: September 22, 2009, 03:00:09 AM »
RF_Guy

Quote
The two desktop PC's I used for testing with the new server still get the . . .
 "Windows cannot connect to the domain, either because the domain controller is down or otherwise unavailable, or because your computer account was not found.....
I'm concerned that I some how got the SID from the server before I did the affa transfer intertwined on these two PC accounts.

If these machines joined the domain on the "new" server you initially built (before restore), then the machine accounts will be different.
A domain is "trusted", you cannot connect a workstation from one domain to another domain even if it has the same "name".
Machine accounts are unique to an iteration of a workstation & domain controller, that's why you needed to restore all those machine accounts.

I'm guessing you have to unjoin those 2 workstations, and then rejoin them to the current "real" domain.

Quote
The strange thing is that if I disconnect the network connection on either of those two PCs wait a couple of minutes, then login, it will login okay...

In that case it seems that you are not logging in to the domain, but you are logging in to the workstation.

Quote
....then connect the network cable, wait a couple more minutes, then the PC sees all the network drives, can print, browse the web, send recieve email all looks normal, just is a bizare that have to login with the Network cable disconnected.

Bizarre maybe to you, but not necessarily a sign that you are part of the "trusted" domain.
Seeing them is one thing, but can you actually access & open & save files on those shares, and are those shares on the domain controller ?
Also are the workstations configured to allow access to only "authenticated domain users", or not ?
 
As I understand it, access to other services is to be expected, whether you are a member of the domain or not. They depend on your gateway & DNS & mail server settings on your workstation browser & email clients.
Please search before asking, an answer may already exist.
The Search & other links to useful information are at top of Forum.

Offline RF_Guy

  • 14
  • +0/-0
Re: "Windows cannot connect to domain . . . "
« Reply #18 on: September 25, 2009, 03:44:49 AM »
I'm trying to fix the 2 PC's that still won't login and give the "Windows cannot connect to the domain either because the domain controller is down or unavailable. . ."

I've tried to unjoin the domain from the PC by logging into the PC as adminstrator, going into the Control Panel:System:Computer Name Tab and clicking "Change" and changing from "Domain" to "Workgroup", then rebooting the PC.  Now my user account on the PC that connects to the domain is gone.  I can still log into the PC as administrator and go into Control Panel:Users and look at the users.  The users that use the domain are not listed, though all their files are still in C:\documents and settings.

I've logged into the PC as adminstrator, and tried to join the domain but did not work.  So then I logged into the SME server as admin, using Server-Manager and I deleted the user for the PC I was working on.  The Server-Manager warned there was an error deleting the user. I've put a copy of the log file from SME Server at:
 http://www.ztechnology.com/download/SME/SME_Log_delete_johnp.txt

When I tried to add the user back it said there was already an undeleted user by that name, however the user does not show up in Server-Manager:User page.

I did back up the PC before I started all this, but I'm afraid I've really goofed things up.

Is there way to try to un-do the Delete user on the the SME Server?

What do I have to do to get the PC to be able to join a domain again?

Thanks again for any pointers

John Purdy
RF_Guy

Offline janet

  • ****
  • 4,812
  • +0/-0
Re: "Windows cannot connect to domain . . . "
« Reply #19 on: September 25, 2009, 04:28:24 AM »
RF_Guy

Quote
Is there way to try to un-do the Delete user on the the SME Server?
What do I have to do to get the PC to be able to join a domain again?

You need to fully delete the user.
See the FAQ re forcing user deletion when things go wrong.
By the look of your log file, you should delete the user johnp first).
http://wiki.contribs.org/SME_Server:Documentation:FAQ#Deletion_of_Users_Ibays_Groups

To be sure (due to Windows issues) you should also temporarily change the Windows workgroup name to some other arbitrary name ie not the same as the domain name (if not already done), then reboot, and then rejoin the domain.

Note the old profiles (on the workstation) will not be accessible once you rejoin the domain. New ones will be automatically created.
Please search before asking, an answer may already exist.
The Search & other links to useful information are at top of Forum.

Offline axessit

  • ****
  • 211
  • +0/-0
Re: "Windows cannot connect to domain . . . "
« Reply #20 on: September 25, 2009, 01:24:04 PM »
Hi RF_Guy

The profiles stored on the XP machine are local to that PC - just delete all the user folders under C:\Documents and Settings\userxxx (assuming you don't need to save any of their data). DONT create any users on the XP machine using the control panel User Accounts. Delete any created there except the local machine's administrator (the Domain is the name of the PC).

I'm not sure how "new" the install of XP is on the machine, but you need to install the registry patch by opening a webbrowser and going to http://server/server-resources/regedit and click on the winxplogon reg patch.

Then add your computer to the domain - when it asks for the username to add to the domain, use "root" and put in your SME admin password. That should then join the PC to the domain. After a reboot, you can log on using your SME user/pass and it will download any stored profile from the server or create a new one if it didn't exist.

You don't need to add a user to the XP machine when using domain logins. The machine will however keep a local copy of the users profile under C:\Documents and settings if they've logged on on that machine. And it is possible to salvage a users information from there.

Offline RF_Guy

  • 14
  • +0/-0
Re: "Windows cannot connect to domain . . . "
« Reply #21 on: October 08, 2009, 02:40:37 AM »
Here's a followup to my problem of not being able to successfully login to a domain from a couple of WinXPpro PCs that were connected to a new SME Server then re-connected to the same new SME Server after it has successfully been updated with data and settings from an existing SME Server that has now been retired (migrated from SME 6.0.1 to SME 7.4). 

I read that inorder to be able to connect to the updated new server, those PC's had to un-join the domain, then re-join the domain.  Directions on that were unclear.  Just join a workgroup to un-join the domain, then re-join the domain.

I also got an additional hints from Axessit, 1st login as administrator on the local PC, then go to Start:Control Panel:System:Computer Name tab. Click on the Change button.  Click Workgroup.  When it asks for a user and password to join the workgroup use the root user and password for the SME server.
So I did that and was able to un-join the domain and join a workgroup. The PC re-boots, again login on the local PC as Adminstrator. 

When I tried to re-join the domain I Clicked Start:Control Panel:System:Computer Name tab, then clicked the Change button, the Domain button, entered in the domain name.  When it asked for a user and password, I entered the root user and password for the SME server again, I was not allowed to join the domain.  I tried the admin user and password for the SME server and was successful.  Then the local PC rebooted.

When I logged in at the local PC into the domain using the former profile name, in this case /ZTECHNOLOGY/johnp the computer created a new profile, C:\docs&settings\johnp.ztechnology.000

I wanted to use the old profile C:\docs&settings\johnp.ztechnology which I could see was still on the PC's drive.

Thinking that I would have to start all over, I did a system restore on the PC to a time before I un-joined the domain.  The local PC re-booted, then just for grins I tried loging into the domain as the user johnp, and voila the system let me in, and all my previous profile files and settings were present.

I did the same procedure on the other PC and successfully un-joined, re-joined the domain, logged in as the old user got a new profile, then did a system restore to a time before the un-join/re-join, then was able to login to the old profile.

So I'm all operational now.  Thanks to those who offered guidence Sefano, Mary, and Axessit.

John Purdy
RF_Guy

Re: "Windows cannot connect to domain . . . "
« Reply #22 on: February 23, 2013, 08:15:57 AM »
Sometimes, after extended periods of time when a computer which is a member of an Active Directory domain was taken offline and then brought online, or when some sort of cloning or imaging method or even a virtualization software snapshot mechanism was used on a domain member, you may get an error similar to this
http://www.techyv.com/questions/domain-computers