Wierd login problem

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Hi there,

A wierd problem that I have never come across before, has suddenly just appeared in my small network.
The network is a collection of 3 desktops and 1 Laptop acting as clients and a Desktop with win2k server installed acting as the only DC. DHCP,DNS server in the network.

The problem is this :
I can log into any of the desktops with the admin account, but cant when using new created users.
network connectivity is not an issue as I have checked using TCP/IP usual utilities : all computers on the same subnet, belong to the same Domain,can renew /release IPS.the whole lot.

I am puzzled by this .. could it be a corrupted AD ? or a GP in place thats preventing me from logging ?would appreciate your help.


Peace and Groove armada !

 

Are you getting any error messages in event viewer on the DC or on the workstations. You might want to turn on auditing for successful and unsuccessful logons and see what events are being generated.

Pete

 

I will set up auditing to on to see.

 

Is that the local or domain admin account?

 

@sandy it's the domain admin account.

just a little update ;

after an ipconfig I have noticed that apipa has kicked in, which lead me to think that the dhcp server was playing up. I then restarted the service, renewed the desktop ips and it works now.
still dont really understand what happened tho, would be grateful if someone could shade some light on this wierd problem

 

APIPA kicked in, well that would explain things Offside

So what happened? Well, for some reason you lost connectivity with the network and your clients were unable to renew thier IP address leases. As you know in this case they will assign themselves a basic IP config using the 169.254.x.x range.

Because you had logged in previously as the domain admin on your clients, you were able to log in again using cached credentials. You do not need to have the DC up and running to be able to log into a client as long as cached credentials exist.

Because the new user accounts had not logged in on the clients before there were no *cached credentials* and so the logon process failed.

What you should learn from this, is the FIRST thing to check is your IP configuration and connectivity using PING. Every other fault finding step should follow these!

Glad it is now resolved,

Pete

 

now it makes sense . thanks bluerinse like your style (:

 

this is untrue
the first thing you want to check is the CABLE!
i have spent many an hour at a lan party running trace routes, pings, and other troubleshooting devices to ahve a friend hold up a cable end and go 'err. lets not mention this to anyone'
hehe
glad you got it fixed Offside, and good explanation by bluerinse

i think APIPA is a bad thing, id rather have the network icon flash as 'disconnected' or something due ot having no ip address, than getting an automatic one that gives just as little connectivity, but hides all the obvious warning signs!

 

@phoenix I have read somewhere that APIPA can be turned off but changing a registry entry.

 

Here's how.

 

thanks tripwire appreciate the link

 

No worries, m8