The system cannot log you on now because <domain> is not available

I am trying to login to a Windows 2003 server and am getting the message
listed in the Subject above. I have DNS, DHCP and WINS running on the server
and all appears to be working correctly. The machine is acquiring an IP
address from the DHCP server and I am able to ping the ip address. However,
I cannot login to the domain. What could be wrong?

This server is not a global catalog server. The global catalog server is in
another location. However the user I am trying to login to on the server is
defined locally on the domain I am trying to login into.

This server was setup as a new tree in an existing forest.

Any ideas on why I can't login?
Thank you.

 

Will all DCs pass DCDiag with no errors? (That is
much more definitive than "all appears to be working...")

Pinging by name would be better since it would imply DNS
is working but again DCDiag is best.

Is your domain in Native mode or Win2003 Server Native mode?

A GC is required for logon in that case -- generally a GC should
be in EVERY Site.

Were you to have only a single domain forest then every DC could
trivially be made a GC.

How large is your forest? Large multi-domain forests should
NOT make all DCs into GC but you should put a GC in each
forest or use Win2003 (DC) Universal Group Caching if
replication must be kept down.

DNS or GC are the most likely. DCDiag will discover the
DNS problem if you run it on each DC, especially the local
one to that site.

 

See replies below.

YES, all DCs pass DCDiag with no errors.

I can successfully PING the name of the server.

No, my domain is not Native mode. I am running mixes mode due to NT servers
on my network.

Currently, we have two domain controllers in the forest. One of my domains
contains 5 other servers but none of those have active directory running.

 

Rachel,

Like Herb stated, you really need to take a look at running dcdiag /c /v.
However, in order to do this you need to have the Support Tools installed.
You can download them from the Microsoft web site or you can get them off of
the CD-Media (from the Server CD-Media if you are running only Windows
Server 2003 or from the Service Pack 1 CD-Media if you are at the SP Level).

I would ask you if there is a Global Catalog Server in that Site? Or, in
that new Domain Tree? A Global Catalog Server can only be on a Domain
Controller! You really need one. However, please note that there is a way
to make the existence of a GC not necessary in order to be able to log on.
But I would bet that this is not configured in your environment.

Additionally, what is the system OS on the client? You stated that you have
DNS, DHCP and WINS running on the Server. Is this client maybe running an
older version of Windows (like Windows 98, Windows 98SE or Windows ME). I
actually ran into two Windows 95B systems today! Yep! I was really
astonished. But, it all came back so quickly.

I think that a brief description of your environment might help, also.
Please do not misunderstand me but you do not appear to be all that clear on
what is going on. I am not trying to criticize you. We have all been in
your shoes! ;-)

It is a good thing that you found this news group and that you posted this
question. Keep the questions coming. That is how I learned. There are a
lot of really smart and nice people in here who will gladly help....

 

Cary -
Thank you for the post. I did run dcdiag on both DCs I have in my forest.
All tests passed. I am in the process of running dcdiag /c /v right now.

No, there is not a GC at this site. I wasn't certain whether or not I
needed a GC on each DC.

The O/S of the client is XP.

Currently, at this location I have one server which is a DC. There is
another 2003 server setup as a DC in another location. This domain (in the
other location) is currently setup as a GC and has 5 other servers in the
domain. Is there any other information that might be helpful?

Thank you !

 

I would make the DC in that Site also a Global Catalog Server. In fact, I
might consider making all of the Domain Controllers also DNS Servers as well
as Global Catalog Servers!

How many Sites are there?

And, there are two domain tree correct? The 'Forest Root' and then this
second one? So, you have something like mycompany.com (Forest Root) and
othercompany.com (second one). How is DNS set up?

 

OK, I will make this DC a GC also.

Right now, there are 2 sites but more is on the way.

Yes, two domain trees in one forest.

Currently, DNS is setup as follows:
* Type: AD integrated
* Replication: all DC in the AD domain
* Zone transfers are turned on, only to the servers listed in the name
servers tab. The servers listed in the name servers tab is the server at
this site.

The server at this site is lited in the forward lookup zone, not the other
2003 DC. Should it be?

 

Do you have STRICTLY the internal DNS server set
(the one(s) used by the DCs) set on the NIC of the XP
machines?

You must NOT try to mix "internal and external" DNS
on the NICs of internal AD domain machines.

Run NetDiag on the XP machines (in additional to the
DCDiag you already ran on the DCs.)

If this doesn't resolve or uncover the problem then
try RESETTING the XP accounts in AD (e.g., right
click on the account in AD Users/Computers.)

 

The server is now setup as a GC. Dcdiag /c /v is run on this server and all
tests pass. Name of this server can be resolved.

I am still getting the error when I try to login to the domain. Is there
another service that needs to be running, other than netlogon, that allows
the domain to be available? Other suggestions?

 

Other than the suggestions I offered above have you
checked FIREWALL settings?

From my other message:

Do you have STRICTLY the internal DNS server set
(the one(s) used by the DCs) set on the NIC of the XP
machines?

You must NOT try to mix "internal and external" DNS
on the NICs of internal AD domain machines.

Run NetDiag on the XP machines (in additional to the
DCDiag you already ran on the DCs.)

If this doesn't resolve or uncover the problem then
try RESETTING the XP accounts in AD (e.g., right
click on the account in AD Users/Computers.)