Loss of security credentials after installing software on workstation in Win2003 domain

I have a domain controller (also DNS and DHCP server) running Win2003
server. I recently installed a new workstation running XP Pro - SP 2 -
firewall disabled. At certain times, I cannot access file shares on the
domain controller - there is a long delay and then a login prompt appears -
after entering username and pword, nothing happens and the
connection appears to have been dropped. The domain controller is also
running SQLServer 2000 SP 3a, and when the above occurs I cannot access the
SQL server instance either using Enterprise Manager, and I receive an error
message 'cannot create SSP1'. However I can get on to the server console
using remote desktop. As far as I can determine, this seems to occur after
installing new software on the workstation - assumedly because the new
software has modified the registry or done something else to invalidate the
workstation security credentials. What is causing this behavior, and how do
I fix it??

"Mikey_N" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> I have a domain controller (also DNS and DHCP server) running Win2003
> server. I recently installed a new workstation running XP Pro - SP 2 -
> firewall disabled. At certain times, I cannot access file shares on the
> domain controller - there is a long delay and then a login prompt
appears -
> after entering username and pword, nothing happens and the
> connection appears to have been dropped. The domain controller is also
> running SQLServer 2000 SP 3a, and when the above occurs I cannot access
the
> SQL server instance either using Enterprise Manager, and I receive an
error
> message 'cannot create SSP1'. However I can get on to the server console
> using remote desktop. As far as I can determine, this seems to occur after
> installing new software on the workstation - assumedly because the new
> software has modified the registry or done something else to invalidate
the
> workstation security credentials. What is causing this behavior, and how
do
> I fix it??

Assuming you really haven't turned on some third
part firewall etc. chances are it is a DNS issue.

That you can TS is likely due to broadcasting for the
DC-server name resolution since the authentication
for TS is performed at the SERVER which is also
your DC.

DNS for AD
1) Dynamic for the zone supporting AD
2) All internal DNS clients NIC\IP properties must specify SOLELY
that internal, dynamic DNS server (set.)
3) DCs and even DNS servers are DNS clients too -- see #2

Restart NetLogon on any DC if you change any of the above that
affects a DC and/or use:

nltest /dsregdns /serverC-ServerNameGoesHere

Ensure that DNS zones/domains are fully replicated to all DNS
servers for that (internal) zone/domain.

--
Herb Martin


>
>

Thanks - I will make sure that everything is configured properly and see if
that relieves the problem.


"Herb Martin" <(E-Mail Removed)> wrote in message
news:%232q$(E-Mail Removed)...
> "Mikey_N" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> > I have a domain controller (also DNS and DHCP server) running Win2003
> > server. I recently installed a new workstation running XP Pro - SP 2 -
> > firewall disabled. At certain times, I cannot access file shares on the
> > domain controller - there is a long delay and then a login prompt
> appears -
> > after entering username and pword, nothing happens and the
> > connection appears to have been dropped. The domain controller is also
> > running SQLServer 2000 SP 3a, and when the above occurs I cannot access
> the
> > SQL server instance either using Enterprise Manager, and I receive an
> error
> > message 'cannot create SSP1'. However I can get on to the server console
> > using remote desktop. As far as I can determine, this seems to occur
after
> > installing new software on the workstation - assumedly because the new
> > software has modified the registry or done something else to invalidate
> the
> > workstation security credentials. What is causing this behavior, and how
> do
> > I fix it??
>
> Assuming you really haven't turned on some third
> part firewall etc. chances are it is a DNS issue.
>
> That you can TS is likely due to broadcasting for the
> DC-server name resolution since the authentication
> for TS is performed at the SERVER which is also
> your DC.
>
> DNS for AD
> 1) Dynamic for the zone supporting AD
> 2) All internal DNS clients NIC\IP properties must specify SOLELY
> that internal, dynamic DNS server (set.)
> 3) DCs and even DNS servers are DNS clients too -- see #2
>
> Restart NetLogon on any DC if you change any of the above that
> affects a DC and/or use:
>
> nltest /dsregdns /serverC-ServerNameGoesHere
>
> Ensure that DNS zones/domains are fully replicated to all DNS
> servers for that (internal) zone/domain.
>
> --
> Herb Martin
>
>
> >
> >
>
>