none
Cannot log on to XP machine will domain administrator after password change

    Question

  • We recently had to change the domain administrator password on our domain controller which is Windows Server 2008 64BIT.  Most of the machines are Windows 7 but some of them are Windows XP.  I am finding that I cannot log in to the windows XP machines with the new domain admin password. I need urgently to get on to one of the XP machines as it has software that I was running under domain admin which is not available anywhere else. We are not using roaming profiles. I have tried deleting the dhf\administrator profile on the machine and an unknown user profile on the machine too.  I also now have the problem that I cannot log in to the machine using Local administrator!  After I changed the password to the same password as the new domain administrator password!  I have a user with domain admin rights myself and can log in with that I can also map drives etc with the domain administrator user and password once I am logged onto the machine.

    This is really urgent!

    Wednesday, May 16, 2012 10:34 AM

Answers

  • ok all. Now I feel really stupid.

    I have just wasted most of the day on this and now realise what the problem is!!! The new administrator password had a character in it that is not on the standard US keyboard. Some, indeed most of our XP Pro PCs boot with US keyboard settings and then when a user logs in a group policy runs to force the regional settings and keyboard to UK settings. So on some of the machines the password will never be accepted. I could kick myself because I had something similar in the past!!! I must also have misread what I typed in to the username box earlier as a test!   I will be changing the administrator password again tonight! 

    Wednesday, May 16, 2012 3:16 PM

All replies

  • What happens when you try with old domain administrator password? WIll it work?

    Are you able to login in windows 7 machines?

    Regards,

    _Prashant_


    MCSA|MCITP SA|Microsoft Exchange 2003 Blog - http://prashant1987.wordpress.com Disclaimer: This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    Wednesday, May 16, 2012 10:40 AM
  • Hello, Thanks for posting!
    This is a generic logon failure error when the user account or password or domain is incorrect.
    Make sure your user ID/password/domain is correct. Can you login with old password?
    How many DCs do you have in the domain?  Domain administrator password change is an instant replication trigger there for password change must have replicated to all the DCs immediately unless the replication is broken. If windows Xp box tried to authenticate against a broken DC then login may fail.
    I didn't understand why you cannot login as local administrator. That way you could check if the machines is correctly communicating with the domain controller.


    Sachin Gadhave
    MCP, MCSA, MCTS

    Wednesday, May 16, 2012 10:43 AM
  • The old domain administrator password allowed me to log on once but then complained about credentials once inside and then after log off will not log on again.  This isn't the only XP machine where this has happened and windows 7 machines and 2008 /2003 servers do not have this problem. 
    Wednesday, May 16, 2012 11:05 AM
  • You might be using the wrong password or check CAPS lock/Num lock etc. Can you use same domain admin credentials to login to the other domain joined machine or can you use some other domain user account to try and login to this XP machine?

    I think this machine has been disjoint from the domain may be due to broken secure channel or the password change has not been replicated to the DC where this system is trying to authenticate.

    Just try to above methods and make sure you remember the password and typing it correctly w/o Caps/Num locks.

    Also, just disconnect the XP machine from the network and login with the domain admin credentials(old credentials) or any other which you used in the past.


    Awinish Vishwakarma - MVP - Directory Services

    My Blog: awinish.wordpress.com

    Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    Wednesday, May 16, 2012 11:08 AM
  • As above

    The old domain administrator password allowed me to log on once but then complained about credentials once inside and then after log off will not log on again.  This isn't the only XP machine where this has happened and windows 7 machines and 2008 /2003 servers do not have this problem.

    I changed the local adminstrator password on the box and as I had already joined the domain it said that the password I wanted wasn't complex enough. I changed the password to the same password as the domain administrator has and it won't take that.  It is not the keyboard as I typed the password in the username box to check.

    Not sure whether there is a way to force logon to a certain DC if there is please enlighten me.

    Wednesday, May 16, 2012 11:10 AM
  • Do you really think after the details that I have given you I would be getting the password wrong! I don't think that you bothered to read the whole post.

    After I successfully log in to the same PC with my user with domain admin rights I can then map a drive using the credentials that so say "failed" when I was at login.

    Wednesday, May 16, 2012 11:21 AM
  • Can you please try forcing the replication between DC?

    http://ivan.dretvich.com/2012/01/how-to-force-replication-of-domain-controllers/

    http://www.windowstricks.in/2010/03/sync-active-directory-replication_07.html

    Though password , account unlock comes under urgent replication , You can give a try and check

    Regards,

    _Prashant_


    MCSA|MCITP SA|Microsoft Exchange 2003 Blog - http://prashant1987.wordpress.com Disclaimer: This posting is provided AS-IS with no warranties/guarantees and confers no rights.


    Wednesday, May 16, 2012 11:22 AM
  • As above

    The old domain administrator password allowed me to log on once but then complained about credentials once inside and then after log off will not log on again.  This isn't the only XP machine where this has happened and windows 7 machines and 2008 /2003 servers do not have this problem.

    I changed the local adminstrator password on the box and as I had already joined the domain it said that the password I wanted wasn't complex enough. I changed the password to the same password as the domain administrator has and it won't take that.  It is not the keyboard as I typed the password in the username box to check.

    Not sure whether there is a way to force logon to a certain DC if there is please enlighten me.


    If the XP machines were looking at a particular DC who’s replication is broken then the old password should be accepted. Can you try to disconnect machine from network and login with cached credentials. Also try domain\usar_name. If this doesn’t work then reset computer account of a particular problem machine from AD users and computers and see if that helps.


    Sachin Gadhave
    MCP, MCSA, MCTS

    Wednesday, May 16, 2012 11:32 AM
  • As above

    The old domain administrator password allowed me to log on once but then complained about credentials once inside and then after log off will not log on again.  This isn't the only XP machine where this has happened and windows 7 machines and 2008 /2003 servers do not have this problem.

    I changed the local adminstrator password on the box and as I had already joined the domain it said that the password I wanted wasn't complex enough. I changed the password to the same password as the domain administrator has and it won't take that.  It is not the keyboard as I typed the password in the username box to check.

    Not sure whether there is a way to force logon to a certain DC if there is please enlighten me.

    You can do that but that is not a recommended practice nor it is worth to force client to use one of the DC for the authentication by modifying ldap srv/weight records. Is it possible to dis-join and rejoin the system back to the domain. Can you see any error event log in the problem machine?



    Awinish Vishwakarma - MVP - Directory Services

    My Blog: awinish.wordpress.com

    Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    Wednesday, May 16, 2012 11:41 AM
  • Run the following from a command prompt on an xp machine while logged onto the domain.

    nltest /query
    nltest /sc_query:domain_name

    Post the results

    --
    Paul Bergson
    MVP - Directory Services
    MCITP: Enterprise Administrator
    MCTS, MCT, MCSE, MCSA, Security+, BS CSci
    2008, Vista, 2003, 2000 (Early Achiever), NT4
    http://blogs.dirteam.com/blogs/paulbergson  Twitter @pbbergs
    Please no e-mails, any questions should be posted in the NewsGroup. This posting is provided "AS IS" with no warranties, and confers no rights.

    Wednesday, May 16, 2012 12:02 PM
  • ok all. Now I feel really stupid.

    I have just wasted most of the day on this and now realise what the problem is!!! The new administrator password had a character in it that is not on the standard US keyboard. Some, indeed most of our XP Pro PCs boot with US keyboard settings and then when a user logs in a group policy runs to force the regional settings and keyboard to UK settings. So on some of the machines the password will never be accepted. I could kick myself because I had something similar in the past!!! I must also have misread what I typed in to the username box earlier as a test!   I will be changing the administrator password again tonight! 

    Wednesday, May 16, 2012 3:16 PM
  • Do you really think after the details that I have given you I would be getting the password wrong! I don't think that you bothered to read the whole post.

    After I successfully log in to the same PC with my user with domain admin rights I can then map a drive using the credentials that so say "failed" when I was at login.

    I can imagine how you feel after all this. Believe me this has happened to each one of us trying to get Windows working. That's what Awinish was trying to convey. I had this keyboard thing in mind but reading that you tried typing the password in the user name box, I gave up that thought. Nevertheless glad that you figured out the cause of the problem!





    Sachin Gadhave
    MCP, MCSA, MCTS

    Wednesday, May 16, 2012 4:58 PM