Go Back  DVD Talk Forum > General Discussions > Tech Talk
Reload this Page >

Windows 2003 Server password issue

Tech Talk Discuss PC Hardware, Software, Internet and Other Technology

Windows 2003 Server password issue

Old 10-08-07, 11:39 AM
  #1  
DVD Talk Special Edition
Thread Starter
 
Join Date: Aug 2000
Location: 2nd City
Posts: 1,269
Likes: 0
Received 0 Likes on 0 Posts
Windows 2003 Server password issue

I'm out of Google search strings and can't find an answer!

A little over a year ago, I installed Windows 2003 Server at work to replace a badly aging Netware server. At the time, I installed it as a stand-alone server and did not install it as a domain controller because we really weren't using the security and installing it as a stand-alone seemed easier.

Recently, we've decided to beef up computer security. I assigned everyone passwords that were required to be changed every 30 days. The first time the password change came up for people, they were able to successfully change the password on their local machines, but the password used to log in to network shares on the server didn't change at the same time -- after login, they would be asked for a second password for the network shares which turned out to be their previous password. After trying to find information about this problem -- and pretty much coming up empty handed -- it seemed as though the problem would be solved by changing the server's role to a domain controller.

This past weekend, I promoted the server to a domain controller and changed all of the workstations from a workgroup environment to a domain. Now, it seems as though the Windows XP workstations change the password fine, both on the local machine and the server.

The problem is the Windows 2000 workstations. They are still acting like they were when they were part of the workgroup -- passwords change on the local machine but not on the server, unless I physically change them. I've read a lot about "Single Sign-On", but can't seem to find an answer to this specific problem. I'm not even sure if SSO applies.

In another little snag, there is one Windows 2000 workstation that will in NO way connect to the new domain. I can ping the domain from the workstation, but every time I try to attach to it, instead of the "Welcome to the domain" message, I get that the domain "can't be reached". Seems very weird....
Old 10-08-07, 12:07 PM
  #2  
DVD Talk Hero
 
Join Date: Aug 2001
Location: in da cloud
Posts: 26,196
Likes: 0
Received 0 Likes on 0 Posts
answer to the last question is probably DNS
Old 10-08-07, 12:32 PM
  #3  
DVD Talk Special Edition
Thread Starter
 
Join Date: Aug 2000
Location: 2nd City
Posts: 1,269
Likes: 0
Received 0 Likes on 0 Posts
That's what's so weird about that last question -- EVERYTHING is set up exactly the same as any other W2K workstation -- I double and tripled checked it, DNS is the same, default gateway, all that stuff. Of course, this IS a user that frequently has "cosmic ray" problems with her computer (and any computer I put in her office), so maybe that's it. Her computer acts like it's spent some time in room 1408....
Old 10-08-07, 01:17 PM
  #4  
DVD Talk Hero
 
Join Date: Aug 2001
Location: in da cloud
Posts: 26,196
Likes: 0
Received 0 Likes on 0 Posts
unless you can resolve the service records in DNS, a Windows 2000 and later PC won't find the domain. can you resolve the service records?

could be spyware. i've heard there is some nasty stuff that does DNS redirects
Old 10-08-07, 01:34 PM
  #5  
DVD Talk Legend
 
Dr Mabuse's Avatar
 
Join Date: Jun 2007
Location: 75 clicks above the Do Lung bridge...
Posts: 18,950
Likes: 0
Received 0 Likes on 0 Posts
you don't mention if you are running active directory... are you?...

some things to consider...

Link...

Link...

Link...

check your events to see if there is any pertinent info...
Old 10-08-07, 06:48 PM
  #6  
DVD Talk Special Edition
Thread Starter
 
Join Date: Aug 2000
Location: 2nd City
Posts: 1,269
Likes: 0
Received 0 Likes on 0 Posts
I am running Active Directory and I'll check out the articles and go back to the offensive workstation -- if need be, I can re-install the OS from scratch and see if that takes care of it; there isn't that much information on the actual workstation anyway.

What I'm still mystified about is the password issue with the Windows 2K machines that DO attach to the domain -- I played around with that for most of the day and still can't get anywhere with it....

When this is over, I plan to do a little research and find out WHY security became such a bowl of spaghetti -- nothing is easy or very intuitive anymore!

Thanks to all for your help!!
Old 10-08-07, 08:53 PM
  #7  
DVD Talk Hero
 
Join Date: Aug 2001
Location: in da cloud
Posts: 26,196
Likes: 0
Received 0 Likes on 0 Posts
are the people logging on to the domain or their local PC's?
Old 10-08-07, 09:10 PM
  #8  
DVD Talk Legend
 
Join Date: Jan 2000
Location: Region 1
Posts: 16,291
Likes: 0
Received 0 Likes on 0 Posts
Are you using static or DHCP? In either cases, make sure DHCP Client and DNS Client services are started. Also, make sure in the TCP/IP properties, Register this connection's addresses in DNS is checked.
Old 10-08-07, 09:25 PM
  #9  
DVD Talk Hero
 
Join Date: Aug 2001
Location: in da cloud
Posts: 26,196
Likes: 0
Received 0 Likes on 0 Posts
and your IP isn't 169.xxx.xxx.xxx
Old 10-09-07, 11:53 AM
  #10  
DVD Talk Special Edition
Thread Starter
 
Join Date: Aug 2000
Location: 2nd City
Posts: 1,269
Likes: 0
Received 0 Likes on 0 Posts
I changed the computer that wouldn't attach to the domain to DHCP Enabled and it connected -- all of the other workstations attach with a static IP, so I still don't know why this one wouldn't attach.

zuffy: DHCP and static IPs are being used and all workstations have the "Rigister this connection's..." checked.

al_bundy: Now my real ignorance comes out.... I'm not sure I know how to answer the question about whether people are logging into the domain or their local PCs. I thought that when you set up a local PC to attach to a domain rather than a workgroup, that the PC was logging into both the local PC and the domain. My server's IP is 10.1.10.xxx -- I have that address set up on each workstation as the primary DNS server and an internet IP as the secondary. Everyone is logging in OK (I assume to both the domain and local?), the problem is when you are on a Win2K machine and you change your password. It's only changing the password on the local machine and the server then asks for another password to re-attach the network shares.
Old 10-09-07, 12:45 PM
  #11  
DVD Talk Hero
 
Join Date: Aug 2001
Location: in da cloud
Posts: 26,196
Likes: 0
Received 0 Likes on 0 Posts
when you add a PC to a domain i will give you a choice to log on to the domain, or log on locally to the PC

there was a bug in windows 2000 and NT where if a local account and a domain account had the same name and password you could open up resources of both. not sure if it's still in W2k3. so if your new domain accounts are the same username and password as the old local accounts, it could be causing some weird issues.

you did change permissions on all the shares for the new domain accounts?

and i would also change every PC to DHCP. if someone needs the same IP all the time, just create a static lease. much easier to manage.

and for DNS i would set it up where your DC forwards to your ISP's DNS servers.so your clients should only have your local DNS server in their settings and your DNS server should forward any data it doesn't have cached to your ISP.
Old 10-09-07, 11:09 PM
  #12  
DVD Talk Legend
 
Join Date: Jan 2000
Location: Region 1
Posts: 16,291
Likes: 0
Received 0 Likes on 0 Posts
The whole point of a domain structure is to centralize the accounts so a person can use his/her ID to login to any workstations within the domain. Then, you create groups in the domain and add users into it. Next, you assign network resources with those groups. There is really no point in the users logging in locally with local accounts.

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Thread Tools
Search this Thread

Archive - Advertising - Cookie Policy - Privacy Statement - Terms of Service - Do Not Sell My Personal Information

Copyright 2018 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.