none
can't log into domain controller username password error

    Question

  • I can log into the Windows 2003 DC's but not the 2008   2 - Windows Server 2003 DC's and
    1 - Windows Server 2008 DC. The 2008 server is the one I cannot log into. I'm Getting:
    DNS Events: 4000, 4007, 4013, 4015, 407, 408, 404.
    System Events: 4 Security-Kerberos, 10154 Windows RM, 1055 GroupPolicy, 14550 DfsSvc, 1067 TerminalServices, 50 & 56 TermDD.
    Application Events:  1003 SceSrv, 10 WMI, 8006 SophosMessageRouter,
    DFS Replication Events: 1202
    Directory Service Events: 1126 ActiveDirectory, 2092, 2886, 2087
    FRS Events: 13565 NtFrs
    85 SAVOnAccess, 1055 GroupPolicy, 7023 Service Control Mgr, 14550 DfsSvc, 134 Time-Service
     The only change that was made was I demoted and unjoined domain on an existing Windows 2003 Server DC so I could rebuild it. Then re-installed Windows server 2003 and promoted to DC with different name than wasoriginally used. That was about 3 weeks ago. The only trace i can find of the old name is in ADSS where it is listed but has no properties. Can I delete it?
    Any more info needed?

    Thanks!

    Jerry


    Jerry

    Friday, December 7, 2012 10:57 AM

Answers

All replies

  • Hi,

    Which server is your root domain and Which server have all the fsmo role?

    Regards

    PRaveen


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Friday, December 7, 2012 11:11 AM
  • Hi Jerry,

    It looks like there is a Replication and Time Server issue on the domain. I suggest you to provide dcdiag /v /s:server 2008 and ipconfig /all of rest of DCs. However who else are unable to login, is it only you or anyone else as well? To fix Time Server issue I suggest you to check the following link for better understanding.

    http://support.microsoft.com/kb/816042

    Friday, December 7, 2012 11:57 AM
  • Hi,

    One domain and unfortunately the one I can't log into has the FSMO role. I can't log in with any user.

    Thanks,

    Jerry


    Jerry

    Friday, December 7, 2012 1:30 PM
  • Hi,

    Where can I post these? I don't really want to post raw data.

    Thanks,

    Jerry


    Jerry

    Friday, December 7, 2012 1:52 PM
  • Hi,

    What's alert are u getting When you trying to log on on windows 2008 server with administrator credential?

    You can post the test result on the forum.

    Regards

    Praveen


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Saturday, December 8, 2012 5:03 AM
  • Hi,

    One domain and unfortunately the one I can't log into has the FSMO role. I can't log in with any user.

    Thanks,


    Hi,

    It seems you are not using the correct domain to login to DC.Since it is win2008 server try using domainname\userid followed by Password.

    Once you are login you can remove the instances of old server from DNS,Ad database and Ad sites and services and DC OU see this

    Complete Step by Step Guideline to Remove an Orphaned Domain controller (including seizing FSMOs, running a metadata cleanup, and more):http://msmvps.com/blogs/acefekay/archive/2010/10/05/complete-step-by-step-to-remove-an-orphaned-domain-controller.aspx

    Ensure the correct dns seeting on all DC as http://abhijitw.wordpress.com/2012/03/03/best-practices-for-dns-client-settings-on-domain-controller/

    Also, disable local windows firewall service, by default it is enabled in vista/windows 2008 and above. Check the network connectivity and latency.
    Disable Windows Firewall: http://technet.microsoft.com/en-us/library/cc766337(WS.10).aspx

    Active Directory Firewall Ports - 
    http://msmvps.com/blogs/acefekay/archive/2011/11/01/active-directory-firewall-ports-let-s-try-to-make-this-simple.aspx

    Configuring the time service on the PDC Emulator FSMO role holder
    http://msmvps.com/blogs/acefekay/archive/2009/09/18/configuring-the-windows-time-service-for-windows-server.aspx

    Also ensure that DNS/GC role is configured on all DC's.

    If still the issue persist as venkat suggested please post the ipconfig /all,dcdiag /q and repadmin /replsum output of DC.

    Hope this helps


    Best Regards,

    Sandesh Dubey.

    MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator | My Blog

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    • Marked as answer by Jerryn3 Monday, December 10, 2012 9:39 PM
    Saturday, December 8, 2012 5:16 AM
  • I already experienced similar issues when DCs were pointing to internal DNS servers which no longer exists for DNS resolution. In this case, the DCs were not able to properly do the DNS resolution and administrators were not able to logon.

    I would recommend proceeding like that (You can use DSRM mode to logon on your DCs. Of course, you should know its password):

    • Make sure that DCs you have have a single NIC card enabled (Other NICs should be disabled) and only one IP address in use
    • Make sure that public DNS servers are set as forwarders and not in IP settings of DCs
    • Choose a healthy DC / DNS server and make all DCs point to it as primary DNS server
    • Make DC / DNS servers point to their private IP address as secondary DNS server and 127.0.0.1 as third one
    • Make sure that needed ports for AD replication are not blocked or filtered between DCs. You can use PortQryUI for checks: http://social.technet.microsoft.com/wiki/contents/articles/584.active-directory-replication-over-firewalls-en-us.aspx

    Once done, run ipconfig /registerdns and restart netlogon on each DC you have. Better if you restart the DCs one by one.

    If this does not help then you can proceed like that if the remaining DC is in a healthy state:

    Of course, it is highly recommended to take a system state backup before proceeding.


    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    • Marked as answer by Jerryn3 Monday, December 10, 2012 9:39 PM
    Sunday, December 9, 2012 4:54 PM
  • Hi Praveen,

    When I try to log on I get invalid username or password.

    Thanks,

    Jerry


    Jerry

    Monday, December 10, 2012 12:19 PM
  • Hi Praveen,

    When I try to log on I get invalid username or password.

    Thanks,

    Jerry


    Jerry


    Have you tried what I mentioned?

    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Monday, December 10, 2012 12:24 PM
  • It was windows firewall causing all the problems. I didn't know it was on by default. It is weird that there wern't any problems because it was running for 1.5 weeks

    Thank you all for your input, it is greatly appreciated!

    Jerry


    Jerry

    Monday, December 10, 2012 9:42 PM
  • Well it lasted one day and now the problem is back. I was able to log in with DSRM and log out then I can access the server normally one time. 

    Jerry

    Tuesday, December 11, 2012 10:56 PM