Can't connect to the 2003 dc

Discussion in 'Server Networking' started by roshak31, Jan 4, 2006.

  1. roshak31

    roshak31 Guest

    I have 2003 domain controller which until yesterday all the computers on the
    network were able to log on to the network. Today no one can authenticate
    onto the network I can log onto the server remotely via terminal services and
    at the terminal it self. I have restarted the server and the computers still
    are not able to log onto the server. Any thoughts where I should start
    trouble shooting? By the way there have not been any changes to the network
    no adding of new software or reconfiguring of the server.
     
    roshak31, Jan 4, 2006
    #1
    1. Advertisements

  2. Hi,

    What do Event logs say on domain controller? What do Event logs say on
    client PCs? Specially Application and System logs.

    Can clients ping the server by name?
    How is DNS set up on the clients (what server clients use for DNS)?
     
    Miha Pihler [MVP], Jan 4, 2006
    #2
    1. Advertisements

  3. roshak31

    P.Gerardos Guest

    And please tell us what is the error message that the clients receive
    when trying to log on.
     
    P.Gerardos, Jan 4, 2006
    #3
  4. roshak31

    roshak31 Guest

    The computers can log on locally but when they try to access network drive on
    the server they get an error message of “F:\ is not accessible. The network
    BIOS session limit was exceeded.â€

    The event viewer error message for the client is Event ID: 4

    The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server
    host/htserver1.domain.local. This indicates that the password used to encrypt
    the Kerberos service ticket is different than that on the target server.
    Commonly, this is due to identically named machine accounts in the target
    realm (DOMAIN.LOCAL), and the client realm.

    The last few error message in the system event log are print error messages.

    The server is DNS and DHCP server for the network and I am able to ping the
    server using the server name.
     
    roshak31, Jan 4, 2006
    #4
  5. roshak31

    roshak31 Guest

    On the last message where I said "The last few error messages in the system
    event log are print error messages." that was on the domain controller.
     
    roshak31, Jan 4, 2006
    #5
  6. How about on the clients? Any errors? Can clients ping the server by it's
    name?
     
    Miha Pihler [MVP], Jan 4, 2006
    #6
  7. Another question:

    What operating system do your clients run? Windows 2000? Windows XP? What
    service packs?

    What service pack is on your domain controller?
     
    Miha Pihler [MVP], Jan 4, 2006
    #7
  8. roshak31

    roshak31 Guest

    the following is the part from the client. and the clients can ping the
    server by its name.

    ____________________________________________________________


    The computers can log on locally but when they try to access network drive on
    the server they get an error message of “F:\ is not accessible. The network
    BIOS session limit was exceeded.â€

    The event viewer error message for the client is Event ID: 4

    The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server
    host/htserver1.domain.local. This indicates that the password used to encrypt
    the Kerberos service ticket is different than that on the target server.
    Commonly, this is due to identically named machine accounts in the target
    realm (DOMAIN.LOCAL), and the client realm.
     
    roshak31, Jan 4, 2006
    #8
  9. roshak31

    roshak31 Guest

    total of 22 computers 17 have xp pro service pack 2. 5 computers have 2000
    service pack 4 and the 2003 server is service pack 1
     
    roshak31, Jan 4, 2006
    #9
  10. Hi,

    and all clients have the same problem?

    Can you check these values on the Registry of the server? If they are
    different please write down what they are and change them to what these:

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\parameters]
    "MaxCmds"=dword:00000800

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters]
    "MaxMpxCT"=dword:00000800

    Restart the server and try again.
     
    Miha Pihler [MVP], Jan 4, 2006
    #10
  11. Hello Mark,

    Thank you for using newsgroup!

    First of all, I'd like to thank for all kind y input. Mark, have you tried
    our other peers' suggestions?

    From your post, I have performed lots of research on the error. However, I
    found few similar issues reported in our internal knowledge bases. At this
    moment, please help me verify if the server is running Citrix Metaframe. If
    so, please remove it and test the issue again. In addition, it seems that
    all Windows clients cannot log on to the Windows Server 2003 domain. Could
    you help me collect the following information so that I can perform further
    research?

    1. When the users logon to the domain, do you receive any error messages?
    If so, please send me the screen shots of all error messages that you
    received so that I can perform further research.

    To take a screen shot:
    ---------------------
    1) Press the Pr Scrn key once on the keyboard when the error message
    appears.
    2) Click Start, go to Run, enter MSPAINT in the open dialog box, and then
    Click OK.
    3) Use Ctrl + V to paste the screenshot to the canvas.
    4) From the File menu, go to Save and save it as a JPG file.
    5) Send the JPG file to me as an attachment.
    My mailbox:

    Also please send me an event log file on the client computer that is
    experiencing the issue.
    1. Click Start and choose Run. Then input: eventvwr
    2. Right-click Application, select Save Log File As, name the txt file and
    save it.
    3. Right-click Security, select Save Log File As, name the txt file and
    save it.
    4. Right-click System, select Save Log File As, name the txt file and save
    it.
    5. Send it to me.
    My mailbox:

    Regarding the event ID 4 error, I found the following link from the
    internet for your reference. It has contained more solutions when you
    encounter the event error.
    <http://www.eventid.net/display.asp?eventid=4&eventno=1968&source=Kerberos&p
    hase=1>

    Hope that helps!

    Thanks & Regards,

    Ken Zhao

    Microsoft Online Partner Support
    Get Secure! - www.microsoft.com/security

    =====================================================
    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.
    =====================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.





    --------------------
    | Thread-Topic: Can't connect to the 2003 dc
    | thread-index: AcYRZ33SEewrZLcMRPa9I/gCjFT0ZQ==
    | X-WBNR-Posting-Host: 139.76.128.71
    | From: "=?Utf-8?B?cm9zaGFrMzE=?=" <>
    | References: <>
    <#Q86X#>
    <>
    <>
    <>
    <#>
    | Subject: Re: Can't connect to the 2003 dc
    | Date: Wed, 4 Jan 2006 11:46:02 -0800
    | Lines: 81
    | Message-ID: <>
    | MIME-Version: 1.0
    | Content-Type: text/plain;
    | charset="Utf-8"
    | Content-Transfer-Encoding: 7bit
    | X-Newsreader: Microsoft CDO for Windows 2000
    | Content-Class: urn:content-classes:message
    | Importance: normal
    | Priority: normal
    | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
    | Newsgroups: microsoft.public.windows.server.networking
    | NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
    | Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA03.phx.gbl
    | Xref: TK2MSFTNGXA02.phx.gbl
    microsoft.public.windows.server.networking:34017
    | X-Tomcat-NG: microsoft.public.windows.server.networking
    |
    | total of 22 computers 17 have xp pro service pack 2. 5 computers have
    2000
    | service pack 4 and the 2003 server is service pack 1
    | --
    | Mark Roshak
    |
    |
    | "Miha Pihler [MVP]" wrote:
    |
    | > Another question:
    | >
    | > What operating system do your clients run? Windows 2000? Windows XP?
    What
    | > service packs?
    | >
    | > What service pack is on your domain controller?
    | >
    | > --
    | > Mike
    | > Microsoft MVP - Windows Security
    | >
    | > | > > On the last message where I said "The last few error messages in the
    | > > system
    | > > event log are print error messages." that was on the domain
    controller.
    | > > --
    | > > Mark Roshak
    | > >
    | > >
    | > > "roshak31" wrote:
    | > >
    | > >> The computers can log on locally but when they try to access network
    | > >> drive on
    | > >> the server they get an error message of "F:\ is not accessible. The
    | > >> network
    | > >> BIOS session limit was exceeded."
    | > >>
    | > >> The event viewer error message for the client is Event ID: 4
    | > >>
    | > >> The Kerberos client received a KRB_AP_ERR_MODIFIED error from the
    server
    | > >> host/htserver1.domain.local. This indicates that the password used
    to
    | > >> encrypt
    | > >> the Kerberos service ticket is different than that on the target
    server.
    | > >> Commonly, this is due to identically named machine accounts in the
    target
    | > >> realm (DOMAIN.LOCAL), and the client realm.
    | > >>
    | > >> The last few error message in the system event log are print error
    | > >> messages.
    | > >>
    | > >> The server is DNS and DHCP server for the network and I am able to
    ping
    | > >> the
    | > >> server using the server name.
    | > >>
    | > >> --
    | > >> Mark Roshak
    | > >>
    | > >>
    | > >> "P.Gerardos" wrote:
    | > >>
    | > >> > Miha Pihler [MVP] wrote:
    | > >> > > Hi,
    | > >> > >
    | > >> > > What do Event logs say on domain controller? What do Event logs
    say
    | > >> > > on
    | > >> > > client PCs? Specially Application and System logs.
    | > >> > >
    | > >> > > Can clients ping the server by name?
    | > >> > > How is DNS set up on the clients (what server clients use for
    DNS)?
    | > >> > >
    | > >> >
    | > >> > And please tell us what is the error message that the clients
    receive
    | > >> > when trying to log on.
    | > >> >
    | > >> > --
    | > >> > Pavlos Gerardos
    | > >> > MCP Windows XP, 2003 Server
    | > >> > pgerardos<AT>hotmail<DOT>com
    | > >> > Athens, Greece
    | > >> >
    | >
    | >
    | >
    |
     
    Ken Zhao [MSFT], Jan 5, 2006
    #11
  12. roshak31

    DoktorWho Guest

    wow.....
     
    DoktorWho, Jan 5, 2006
    #12
  13. roshak31

    roshak31 Guest

    the Net Logon service had paused. allowed the Net Logon service to resume
    start. all worked after that.

    thanks,
     
    roshak31, Jan 6, 2006
    #13
  14. Hello Mark,

    Thank you for your reply and the additional feedback on how you were
    successful in resolving this issue. I believe this information will benefit
    many other users.

    If you have any other questions or concerns, please do not hesitate to
    contact us. It is always our pleasure to be of assistance.

    Thanks & Regards,

    Ken Zhao

    Microsoft Online Partner Support
    Get Secure! - www.microsoft.com/security

    =====================================================
    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.
    =====================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.




    --------------------
    | Thread-Topic: Can't connect to the 2003 dc
    | thread-index: AcYSYY2AomY4UtYCSoimnjyFJMjKYQ==
    | X-WBNR-Posting-Host: 24.131.38.32
    | From: "=?Utf-8?B?cm9zaGFrMzE=?=" <>
    | References: <>
    <#Q86X#>
    <>
    <>
    <>
    <#>
    <>
    <>
    | Subject: Re: Can't connect to the 2003 dc
    | Date: Thu, 5 Jan 2006 17:36:02 -0800
    | Lines: 203
    | Message-ID: <>
    | MIME-Version: 1.0
    | Content-Type: text/plain;
    | charset="Utf-8"
    | Content-Transfer-Encoding: 7bit
    | X-Newsreader: Microsoft CDO for Windows 2000
    | Content-Class: urn:content-classes:message
    | Importance: normal
    | Priority: normal
    | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
    | Newsgroups: microsoft.public.windows.server.networking
    | NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
    | Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA03.phx.gbl
    | Xref: TK2MSFTNGXA02.phx.gbl
    microsoft.public.windows.server.networking:34093
    | X-Tomcat-NG: microsoft.public.windows.server.networking
    |
    | the Net Logon service had paused. allowed the Net Logon service to resume
    | start. all worked after that.
    |
    | thanks,
    | --
    | Mark Roshak
    |
    |
    | "Ken Zhao [MSFT]" wrote:
    |
    | > Hello Mark,
    | >
    | > Thank you for using newsgroup!
    | >
    | > First of all, I'd like to thank for all kind y input. Mark, have you
    tried
    | > our other peers' suggestions?
    | >
    | > From your post, I have performed lots of research on the error.
    However, I
    | > found few similar issues reported in our internal knowledge bases. At
    this
    | > moment, please help me verify if the server is running Citrix
    Metaframe. If
    | > so, please remove it and test the issue again. In addition, it seems
    that
    | > all Windows clients cannot log on to the Windows Server 2003 domain.
    Could
    | > you help me collect the following information so that I can perform
    further
    | > research?
    | >
    | > 1. When the users logon to the domain, do you receive any error
    messages?
    | > If so, please send me the screen shots of all error messages that you
    | > received so that I can perform further research.
    | >
    | > To take a screen shot:
    | > ---------------------
    | > 1) Press the Pr Scrn key once on the keyboard when the error message
    | > appears.
    | > 2) Click Start, go to Run, enter MSPAINT in the open dialog box, and
    then
    | > Click OK.
    | > 3) Use Ctrl + V to paste the screenshot to the canvas.
    | > 4) From the File menu, go to Save and save it as a JPG file.
    | > 5) Send the JPG file to me as an attachment.
    | > My mailbox:
    | >
    | > Also please send me an event log file on the client computer that is
    | > experiencing the issue.
    | > 1. Click Start and choose Run. Then input: eventvwr
    | > 2. Right-click Application, select Save Log File As, name the txt file
    and
    | > save it.
    | > 3. Right-click Security, select Save Log File As, name the txt file and
    | > save it.
    | > 4. Right-click System, select Save Log File As, name the txt file and
    save
    | > it.
    | > 5. Send it to me.
    | > My mailbox:
    | >
    | > Regarding the event ID 4 error, I found the following link from the
    | > internet for your reference. It has contained more solutions when you
    | > encounter the event error.
    | >
    <http://www.eventid.net/display.asp?eventid=4&eventno=1968&source=Kerberos&p
    | > hase=1>
    | >
    | > Hope that helps!
    | >
    | > Thanks & Regards,
    | >
    | > Ken Zhao
    | >
    | > Microsoft Online Partner Support
    | > Get Secure! - www.microsoft.com/security
    | >
    | > =====================================================
    | > When responding to posts, please "Reply to Group" via your newsreader
    so
    | > that others may learn and benefit from your issue.
    | > =====================================================
    | > This posting is provided "AS IS" with no warranties, and confers no
    rights.
    | >
    | >
    | >
    | >
    | >
    | > --------------------
    | > | Thread-Topic: Can't connect to the 2003 dc
    | > | thread-index: AcYRZ33SEewrZLcMRPa9I/gCjFT0ZQ==
    | > | X-WBNR-Posting-Host: 139.76.128.71
    | > | From: "=?Utf-8?B?cm9zaGFrMzE=?=" <>
    | > | References: <>
    | > <#Q86X#>
    | > <>
    | > <>
    | > <>
    | > <#>
    | > | Subject: Re: Can't connect to the 2003 dc
    | > | Date: Wed, 4 Jan 2006 11:46:02 -0800
    | > | Lines: 81
    | > | Message-ID: <>
    | > | MIME-Version: 1.0
    | > | Content-Type: text/plain;
    | > | charset="Utf-8"
    | > | Content-Transfer-Encoding: 7bit
    | > | X-Newsreader: Microsoft CDO for Windows 2000
    | > | Content-Class: urn:content-classes:message
    | > | Importance: normal
    | > | Priority: normal
    | > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
    | > | Newsgroups: microsoft.public.windows.server.networking
    | > | NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
    | > | Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA03.phx.gbl
    | > | Xref: TK2MSFTNGXA02.phx.gbl
    | > microsoft.public.windows.server.networking:34017
    | > | X-Tomcat-NG: microsoft.public.windows.server.networking
    | > |
    | > | total of 22 computers 17 have xp pro service pack 2. 5 computers have
    | > 2000
    | > | service pack 4 and the 2003 server is service pack 1
    | > | --
    | > | Mark Roshak
    | > |
    | > |
    | > | "Miha Pihler [MVP]" wrote:
    | > |
    | > | > Another question:
    | > | >
    | > | > What operating system do your clients run? Windows 2000? Windows
    XP?
    | > What
    | > | > service packs?
    | > | >
    | > | > What service pack is on your domain controller?
    | > | >
    | > | > --
    | > | > Mike
    | > | > Microsoft MVP - Windows Security
    | > | >
    | > | > | > | > > On the last message where I said "The last few error messages in
    the
    | > | > > system
    | > | > > event log are print error messages." that was on the domain
    | > controller.
    | > | > > --
    | > | > > Mark Roshak
    | > | > >
    | > | > >
    | > | > > "roshak31" wrote:
    | > | > >
    | > | > >> The computers can log on locally but when they try to access
    network
    | > | > >> drive on
    | > | > >> the server they get an error message of "F:\ is not accessible.
    The
    | > | > >> network
    | > | > >> BIOS session limit was exceeded."
    | > | > >>
    | > | > >> The event viewer error message for the client is Event ID: 4
    | > | > >>
    | > | > >> The Kerberos client received a KRB_AP_ERR_MODIFIED error from
    the
    | > server
    | > | > >> host/htserver1.domain.local. This indicates that the password
    used
    | > to
    | > | > >> encrypt
    | > | > >> the Kerberos service ticket is different than that on the target
    | > server.
    | > | > >> Commonly, this is due to identically named machine accounts in
    the
    | > target
    | > | > >> realm (DOMAIN.LOCAL), and the client realm.
    | > | > >>
    | > | > >> The last few error message in the system event log are print
    error
    | > | > >> messages.
    | > | > >>
    | > | > >> The server is DNS and DHCP server for the network and I am able
    to
    | > ping
    | > | > >> the
    | > | > >> server using the server name.
    | > | > >>
    | > | > >> --
    | > | > >> Mark Roshak
    | > | > >>
    | > | > >>
    | > | > >> "P.Gerardos" wrote:
    | > | > >>
    | > | > >> > Miha Pihler [MVP] wrote:
    | > | > >> > > Hi,
    | > | > >> > >
    | > | > >> > > What do Event logs say on domain controller? What do Event
    logs
    | > say
    | > | > >> > > on
    | > | > >> > > client PCs? Specially Application and System logs.
    | > | > >> > >
    | > | > >> > > Can clients ping the server by name?
    | > | > >> > > How is DNS set up on the clients (what server clients use
    for
    | > DNS)?
    | > | > >> > >
    | > | > >> >
    | > | > >> > And please tell us what is the error message that the clients
    | > receive
    | > | > >> > when trying to log on.
    | > | > >> >
    | > | > >> > --
    | > | > >> > Pavlos Gerardos
    | > | > >> > MCP Windows XP, 2003 Server
    | > | > >> > pgerardos<AT>hotmail<DOT>com
    | > | > >> > Athens, Greece
    | > | > >> >
    | > | >
    | > | >
    | > | >
    | > |
    | >
    | >
    |
     
    Ken Zhao [MSFT], Jan 6, 2006
    #14
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.