Synopsis: on some workstations no users from the cross forest domain ‘staff’
can login. Error message: “the domain staff is currently not available� (or
similar to). Accounts in the ‘student’ domain can still log into the student
domain. It is not happening on all workstations, workstations in the same
area / on the same switchgear can log into the staff domain just fine. All
machines having the problem have been able to log into the domain before. All
the workstations with the problem are running Windows XP SP2 and have been
running SP2 before the problem.
The network; 2 domains in different forests – student.local and
staff.location.internal on different subnets and separated by a router with
some ACL’s (and also not under my control, I can’t touch it). Staff server
runs windows 2003 server. Student network PDC runs windows 2000 server, and
has had a newly added 2003 server that is planned to phase out the 2000
server. The 2003 server is currently a BDC running DNS, DHCP, RIS, IIS and
little else. There is a one-way trust relationship between the staff and
student domains that has been validated. For no reason I can fathom (note: I
didn’t set the network up initially) the student network uses WINS name
resolution to resolve the server in the staff domain.
Which leads me up to why the day before this new error no-one could log into
the staff domain after I moved the DHCP to the new server as I left out a
WINS server in the DHCP options. This was fixed the day before and reports
where good that it worked fine.
Now the day after this, I found an error on a workstation where it would not
log into the staff domain. I was working with a staff member at the time and
initially they couldn’t remember their password and the error was the
standard invalid username or password one. I couldn’t log into my staff
account though, getting the domain not available error message. I reset the
staff members password (logging into student domain + RDC) and proceeded to
go through the process. As per normal they were prompted to change their
password and – first time, system informed them that new password was too
short or one of their old ones, and second time it then stated it updated
successfully, hit ok and then you get a “domain is not available� error
message.
I had already checked the workstation for connectivity when I logged in to
reset the password, and they could resolve the server just fine. I had
performed an ipconfig /release and /renew and checked it make sure it was all
100% super ok. I left the classroom and went back to where I was working to
sort it out, and found another workstation that had the same issue. I’ll just
list what I did, tried, etc. Also to keep in mind I had no other reports at
the time it wasn’t working and I know that at least at some stage while I was
doing this other staff did log in.
Workstation failed to log in to staff.
Logged in as admin on student and did ipconfig /release /renew. Confirmed
with tracert I could see the server.
Still couldn’t log in to staff.
Looked with nslookup to see if I was getting DNS entries, wasn’t, and RDC’d
to student server and ticked DNS to WINS lookup box to fix that.
Still couldn’t log in to staff.
Added an A name record to student DNS server for staff server, tested,
didn’t work, decided it was a bad idea and removed it.
Instead enabled DNS xfers on the staff server and put it in as a secondary
on the student DNS system – nslookup now worked 100% super ok. Did an
ipconfig /flushdns on the test workstation.
Still couldn’t log on to staff with test workstation. Decided to try a
second workstation that incidentally had been off all this time – worked
first time.
Ran nltest on the test workstation – DCTrust worked ok. SC_Query didn’t. I
tried running SC_Reset but an error occurred from memory.
Going the extremist route, I removed it from the domain, restarted and added
it again. Still didn’t work for the staff domain.
I grabbed a freshly RIS’d workstation and straight away logged into the
staff domain with a crippled account. After enabling cross forest domain
logins it worked 100% super ok – this was on windows 2000 SP4.
So now I’m not at work and won’t be till the 28th, so troubleshooting is a
bit limited. For some unknown reason I’ve been put under extreme amounts of
pressure to solve this problem though and it would be invaluable to have an
answer in hand come the 28th, or at least a fair idea of the direction I
should be going.
Ask me questions if you want but I can’t get to the network till the 28th so
any tests are out of the question. I guess if you have an idea on whats wrong
but it needs to have some tests performed as prerequisites please post the
entire idea so I can test and follow through all at once.
Thanks in advance for all the help
- Michael
|
Similar Threads
Linear Mode
