| Troubleshooting Internet
Service Provider Login Problems
Microsoft Knowledge Base Article: 161986 - This
article describes how to troubleshoot Internet
service provider (ISP) logon problems. This article
discusses only logon problems, not modem or dialing
problems. For information about modem or dialing
problems, see the following article:
Troubleshooting Netlogon
Event 5774, 5775, and 5781
Microsoft Knowledge Base Article: 259277 - One
or more error messages may be logged in the System
event log if the Netlogon service registration
or deregistration process does not succeed. This
article describes these error messages and offers
some troubleshooting techniques.
A User May Experience
a Slow Logoff Process Because of an Open Registry
Handle in the Classes Hive
Microsoft Knowledge Base Article: 319909 - The
first user who logs on to a workstation after
the computer is restarted may experience slow
logoff times (more than 60 seconds). When this
problem occurs, the Userenv.log file contains
entries that are similar to: USERENV(76c.818)
13:06:00:133...
A Windows 2000 Client
Authenticates with the Primary Domain Controller
Operations Master After a Password Change
Microsoft Knowledge Base Article: 268518 - In
typical operations, a Windows 2000-based domain
user should be authenticated by the "closest"
domain controller in the domain. This is usually
a domain controller that is located in the same
site as the client. The mechanism that controls
behavior is described in the Windows 2000 Distributed
System Guide. However, in some cases, the
authentication takes place with the primary domain
controller operations master (also known as flexible
single-master operations or FSMO) for the domain,
even if it is in a site that is physically remote
from the client.
Access Violation
When Running the Network Identification Wizard
Microsoft Knowledge Base Article: 255569 - When
you run the Network Identification Wizard prior
to logon, your computer may silently restart or
you may receive an "access violation" error message
in Svchost.exe.
Account Lockout Because
BadPasswordCount Not Reset to 0
Microsoft Knowledge Base Article: 263821 - User
accounts may get locked out in a mixed environment
with Windows 2000-based domains and Microsoft
Windows NT 4.0-based domains.
Cannot Log Off Current
User in Windows
Microsoft Knowledge Base Article: 228801 - When
you click Start, click Shut Down,
and then click Log Off User, you may be
logged on again without a password prompt.
Cannot Logon After
Changing Keyboard Settings
Microsoft Knowledge Base Article: 138354 - You
have configured your U.S. version of Windows NT
with a foreign language keyboard layout and you
have extended characters in your password. After
changing your password, you cannot log on.
Citrix ICA Client
Automatic Logon Domain Name Not Filled In
Microsoft Knowledge Base Article: 291528 - Windows
2000 does not place the domain name in the logon
dialog box for a remote Citrix ICA session if
the user name is blank.
Clients Unable to
Log On to Domain in the Absence of Domain Controllers
Microsoft Knowledge Base Article 263108 - Using
a Microsoft Windows 2000 client, you may be unable
to log on to a domain with Microsoft Windows NT
4.0 domain controllers after the demotion of the
last remaining Windows 2000 Active Directory domain
controller.
Domain Logon Script
Fails to Run
Microsoft Knowledge Base Article: 142672 - When
you log on to a Windows NT domain from a computer
running Windows 95, your logon script may not
run, you may get no indication of the error, and
none of the logon script gets processed.
Domain Users Cannot
Join Workstation or Server to a Domain
Microsoft Knowledge Base Article: 251335 - When
you attempt to join a Windows 2000, or a Window
XP domain, from a computer running Windows NT
4.0 Workstation or Windows NT 4.0 Server, the
following error message may be displayed:
Error Messages About
User Profile Appear in Several Logon Situations
Microsoft Knowledge Base Article: 289158 - Under
the following circumstances, a user may encounter
several error messages that concern profiles:
Error Message: The
Local Policy of This System Does Not Permit You
to Log on Interactively
Microsoft Knowledge Base Article: 276590 - When
you add a group, such as, Domain Users, Everyone,
or Authenticated Users, to the "Deny Logon Locally"
user right, users that are members of those groups
can no longer log on to certain computers. When
a user tries to log on to the computer the user
may receive the following error message: The
Local policy of this system does not permit you
to log on interactively. The administrator
of your system may find this behavior to be unexpected.
Error Message: The
Account Is Not Authorized to Login from This Station
Microsoft Knowledge Base Article: 281648 - When
you attempt to join a Windows 2000-based computer
to a Microsoft Windows NT 4.0-based domain, you
may receive the following error message: The
following error occurred attempting to join the
domain "domainname": The account is not authorized
to login from this station.
Error Message When
You Log On to Windows 2000 Using IPX
Microsoft Knowledge Base Article: 260399 - When
you attempt to log on to a Windows 2000 domain
or a mixed Windows 2000\Microsoft Windows NT 4.0
domain, you may receive the following error message:
The domain password you supplied
is not correct, or access to your logon server
has been denied. This problem may be intermittent
in a mixed environment (Windows 2000/Windows NT
4.0), because Windows NT 4.0 does not exhibit
this problem
Interactive Logon
Allows Unauthorized Actions in Desktop Process
Microsoft Knowledge Base Article: 260197 - If
you interactively log on to a computer running
Windows 2000, you may be able to perform unauthorized
actions because of a security vulnerability.
Home Folder Mappings
to Down-Level Servers May Not Work During Logon
Microsoft Knowledge Base Article: 308580 - If
a user's home folder is mapped to a network drive
on a downlevel Server Message Block (SMB - server,
the drive may not connect during the logon process.
Kerberos Authentication
May Not Work If User Is a Member of Many Groups
Microsoft Knowledge Base Article: 280830 - If
a user is a member of many groups either directly
or because of group nesting, Kerberos authentication
may not work. The Group Policy object (GPO) may
not be applied to the user and the user may not
be validated to use network resources.
Local Security Policy
Does Not Enable a User to Locally Log on to System
Microsoft Knowledge Base Article: 285548 - When
you attempt to locally log on to a Microsoft Windows
2000-based computer, you may receive the following
error message: The local policy of this system does not permit you
to logon interactively. Network access,
however, to the computer is still available, and
the Domain security policy that disables the log
on to the local computer is not set.
Logged-On Users May
Not Be Authenticated to Services After KRBTGT
Password Change
Microsoft Knowledge Base ArticleQ295083 -
After a change in the password for the KRBTGT
account (the account that is used for Kerberos
authentication), users who are currently logged
on may begin to experience unsuccessful authentication
to some services.
Logging on to a Domain
Does Not Work From a Windows 2000-Based RAS Client
Microsoft Knowledge Base Article: 269119 - When
you try to log on to a domain from a Windows 2000-based
Remote Access Services (RAS) client by using Dial-Up
Networking, you are logged on with cached credentials.
This problem may result in logon scripts that
do not run, and also may prevent access to group
policies, roaming profiles, and home folders.
Logon Banner Can
Be Dismissed Without User Action
Microsoft Knowledge Base Article: 274190 - In
Windows 2000, you can configure a logon banner
to be displayed before the prompt for logon credentials.
If a user presses CTRL+ALT+DELETE, the logon banner
is displayed in a message box with an OK
button at the bottom. If a user does not click
the OK button, the logon box is automatically
dismissed after two minutes and the prompt for
logon credentials is displayed.
Logon
Behavior of a User Account with an Appended Dollar
Sign
Microsoft Knowledge Base Article: 314898 - When
a user account name with a dollar sign ($) appended
to it exists in the Active Directory (such as
"testuser$"), a logon attempt with the account
succeeds even if the dollar sign is not appended
("testuser"). The exception to this rule is the
case where two user accounts exist as "testuser"
and "testuser$". In that case, the logon attempt
without the dollar sign appended only succeed
for the actual "testuser" account.
Logon Error Message
Reports, 'No Domain Controller Found or Domain
Does Not Exist'
Microsoft Knowledge Base Article: 290129 - When
you attempt to log on to a Microsoft Windows 2000-based
domain from a non-Windows 2000-based client computer,
you may receive the following error message: No
Domain controller found or domain does not exist.
This behavior can occur when use of NetBIOS
over TCP/IP is not enabled on the client computer.
Logon Process Hangs
After Encrypting Files on Windows 2000
Microsoft Knowledge Base Article: 269397 - After
you encrypt files on your Windows 2000-based computer,
the computer may stop responding (hang) during
the logon process. When this occurs, no users
can log on to the computer.
Logon Time Restrictions
Prevent Users on Windows NT 4.0 from Remotely
Accessing Windows 2000 Resources
Microsoft Knowledge Base Article: 263006 - In
an environment with a Microsoft Windows NT 4.0-based
primary domain controller (PDC) and Windows 2000-based
computers, non-administrative users who are logged
on to Windows NT 4.0-based computers may not be
able to gain access to Windows 2000 resources
remotely.
Logon Time Restrictions
Prevent Users on Windows 95/98 or Windows NT 4.0
from Remotely Accessing Windows 2000 Resources
Microsoft Knowledge Base Article: 263006 - In
an environment with a Microsoft Windows NT 4.0-based
primary domain controller (PDC) and Microsoft
Windows 2000-based computers, non-administrative
users who are logged on to Windows NT 4.0-based
computers may not be able to gain access
Members of an Extremely
Large Number of Groups Cannot Log On to the Domain
Microsoft Knowledge Base Article: 306259 - When
a Windows 2000 account belongs to a large number
(over 1,000) of groups, the Security Account Manager
(SAM) requires a large amount of time to do the
group evaluation during account logon. During
this time, the administrator cannot recover the
domain controller because the administrator will
have a token that has more than 1,024 security
identifiers (SIDs), and Local Security Authority
(LSA) will ultimately fail the logon because of
too many SIDs. Also, the failure will take a long
time to appear because of the increased SAM activity.
Netlogon Service
Does Not Start, Event Viewer Records Event IDs
2114 and 7024
Microsoft Knowledge Base Article: 269375 - When
you start your Windows 2000 Server-based computer,
the Netlogon service does not start, even though
the "Startup type" is set to "automatic". Event
Viewer logs the following errors:
No Username on Initial
Logon to Windows NT
Microsoft Knowledge Base Article: 106523 - If
you install Windows NT and do not create any local
user accounts, the Username field on the Welcome
screen will be blank when you start Windows NT
the first time. To log on, you must log on as
either a guest or the administrator, using the
appropriate password.
Policy Restrictions
on Drives Cause Unnecessary Error Message at Logon
and in File Dialog Box
Microsoft Knowledge Base Article: 270037 - When
the "Prevent access to drives from My Computer"
policy is applied, you receive the following error
message during the logon process: This
operation has been cancelled due to restrictions
in effect on this computer. Please contact your
system administrator Also, when this policy
is applied, you see the same error message twice
if you click a drive in My Computer.
Registry Handles
Leaked in Winlogon When Canceling Drive Reconnect
Dialog Box
Microsoft Knowledge Base Article: 266655 - When
Windows 2000 is attempting to reconnect user-mapped
drives during the logon process, a dialog box
that you can use to cancel the operation is displayed.
If, during this process, a drive is not available
and you click Cancel, Windows 2000 may
leak registry event handles
The Administrator
Profile Takes Longer to Load Than a Power User
Profile
Microsoft Knowledge Base Article: 259787 - When
you log on as an administrator, you may experience
the following symptoms:
"The Net Logon Service
Hung on Starting" Is Recorded in the System Even
Log After You Run Dcpromo.exe
Microsoft Knowledge Base Article: 315951 - After
you run the Dcpromo.exe tool and restart the computer,
the following information may be logged in the
System event log on the new domain controller:
Trusted Domains Do
Not Appear in the Available List for Domain Logon
or Setting Security Permissions
Microsoft Knowledge Base Article: 310611 - When
logging on to a Windows 2000 domain, other trusted
domains (for both Windows 2000 and Windows NT
4.0 domains - are not displayed in the drop-down
list of available logon options, and the only
domain logon option that is available is for is
the one to which you, the currently-logged on
user, belongs. Also, when trying to add or change
security permissions by clicking Add on
the Security tab, the current domain is
the only domain choice that is displayed in the
Look in window.
Unable to Log on
if the Boot Partition Drive Letter Has Changed
Microsoft Knowledge Base Article: 249321 - After
you try to log on to your Windows 2000-based computer
by using a valid user name and password, Loading
your personal settings dialog box is displayed,
followed by the Saving your settings dialog
box. However, the desktop does not appear, and
the Welcome to Windows logon screen is
displayed again.
Users Cannot Log
On to the Domain After Password Changes on a Remote
Domain Controller
Microsoft Knowledge Base Article: 318364 - After
you change a user account password on a remote
domain controller that holds the primary domain
controller (PDC) Flexible Single Master Operation
(FSMO) role, the user may not be able to log on
to a local domain controller by entering the new
password. However, the user may still be able
to log on to the domain by using their previous
password
User Is Not Alerted
When Logging On with Cached Credentials
Microsoft Knowledge Base Article: 242536 - When
you attempt to log on to a domain from a Windows
2000-based workstation or member server and a
domain controller (DC) cannot be located, no error
message is displayed. Instead, the you are logged
on to the local computer using cached credentials
Windows 2000 Member
Computers Always Authenticate with PDC in NT 4.0
Domain
Microsoft Knowledge Base Article: 272348 - Windows
2000-based host computers that are joined to a
Microsoft Windows NT 4.0-based domain may always
establish a secure channel with the primary domain
controller (PDC).
Windows 2000 Does
Not Support Windows NT 4.0 Directory Replication
(LMRepl)
Microsoft Knowledge Base Article: 248358 - You
can configure Microsoft Windows NT 4.0 and earlier
to synchronize the contents of the Netlogon shares
on each of the domain controllers (DCs - in a
domain. This functionality is called LanMan Directory
Replication (LMRepl). Windows 2000 is not backwards
compatible with this functionality. It has been
replaced with the File Replicator service (FRS).
FRS and LanMan Directory Replication cannot be
configured to replicate or synchronize with each
other. In a Mixed-mode environment, you may need
to keep data synchronized between new Windows
2000-based DCs and the remaining down-level DCs.
A Microsoft Windows 2000 Resource Kit utility
named Lbridge.cmd is available to perform this
function.
Windows 98 Clients
Are Unable to Log On to Windows 2000 Domain: 'This
Device Does Not Exist on the Network'
Microsoft Knowledge Base Article: 285951 - After
you upgrade a Microsoft Windows NT 4.0-based primary
domain controller (PDC) to be a Microsoft Windows
2000-based Active Directory domain controller,
clients running Microsoft Windows 98 clients may
not be able to log on to the Window 2000-based
domain. They may receive the following error messages:
This device does not exist on the network.
The domain password you supplied is incorrect
or access to your logon server has been denied.
You May Experience
Logon Delay After Installing Directory Services
Client on Windows 95 or Windows 98
Microsoft Knowledge Base Article After you install
the Windows 2000 Directory Services client for
Windows 95 or Windows 98, you may experience a
15 seconds delay when you log on to the domain.
|
