|
|
Question : WinXP Pro Active Directory domain logon
|
|
One WinXP Pro PC on a Win2K3 Active Directory network is unable to authenticate user logons or communicate with the Active Directory. Error: Unable to log you on, make sure that your user name and domain is correct. User name is correct and the account is not locked. User is able to log into other PCs on the domain. Network Administrator (me) is unable to log into the domain on the troubled WinXP Pro PC either. The PC has had access to the domain and authenticated users for over a year now. This issue suddenly arose as stated by the user.
I logged locally into the PC with the local administrator account. The PC receives an IP address from the DHCP server and can access the Internet so connectivity is good. The PC is able to receive successful replies when pinging the AD server by IP address. The PC name is listed in the Active Directory on the server under "AD Users and Computers".
I have attempted the following with no success:
- I reset the PC in the Active Directory server but there is no change in the error message. - I changed the PC name by removing one character and added the new PC name into the Active Directory. The Active Directory accepted the admin credentials to add the PC into the domain so there is some form of authentication going on. The AD server displays the new PC name under "AD Users and Computers". Rebooted the PC and still unable to log into the domain, same error. Any ideas?
|
Answer : WinXP Pro Active Directory domain logon
|
|
I'm not at the point of adding the PC back into the domain. I'm at the point of removing the PC from the domain and setting it as a workgroup. I did logon as requested DOMAIN\DomainAdminID and the Domain Admin account password but the result was the same error: The revision level is unknown.
What I tried that worked is renaming the following Registry key to $MACHINE1 and reboot: Key path: HKEY_LOCAL_MACHINE\SECURITY\Policy\Secrets\$MACHINE.ACC
Note: I had to give myself full control to SECURITY in order to see the full path.
After the reboot I was finally able to remove the PC from the domain without error. I rebooted the PC and re-added the PC into the domain using my domain admin credentials.
I deleted the renamed registry key: HKEY_LOCAL_MACHINE\SECURITY\Policy\Secrets\$MACHINE1.ACC
To test I rebooted the PC again and I was able to log into the PC with the domain user ID and password.
I think this problem may have been caused by a Windows Update. Since the user is the owner of the business I cannot smack him around to get the truth out of him : ). I thank you very much for your assistance as it lead me in the right direction.
NtiseMe
|
|
|
|