Before I begin, this server has bee working since September 8th and we only noticed this problem today. The only thing I know that changed since then and now was that I added a Fedora 9 linux machine to the domain (Blue1.jcot) yesterday. We never noticed the problem until we found we couldn't add a client XP Pro computer to the domain today.



Under the event logs, it seems our windows 2003 server has developed a problem with it's DNS and we can no longer add users to our Domain. The error we recieve with each attempt is

"Logon Failure : The targeted account is incorrect"

With the DNS event ID of : 4015
4013
4000

The Setting:

- Networking class.

Windows 2003 server roles

-- File

-- Print

-- Application

-- Domain controller (Active Directory)

-- DNS

-- DHCP

-- WINS

-- Exchange

Server Name and IP:

Name = Serm306

IP = 192.168.1.3

Primary DNS = 192.168.1.3

Seconday DNS = N/A

Client Computers:

12 XP Pro

1 2003 Server (SQL)

1 Fedora 9

NSLOOKUP Response:

DNS request timed out.
timeout was 2 seconds.
*** Can't find server name for address 192.168.1.3: Timed out
*** Default servers are not available
Default Server: UnKnown
Address: 192.168.1.3

>



Again, we think it got blown away when I added the Fedora 9 computer to the domain with "Net Join -S Blue1 -U Admin".

In our attempt to fix the thing, we've tried DCDIAG /fix,

We've tried starting and stopping the services,

deleting and re-adding the client computer to the active directory,

reseting the Domain Admin passwords,

creating new Domain Admin accounts,

adding the Domain admin, scheme admin, enterprise admin, local admin, groups to an account.

We're stuck and my classmate is on the verge of just re-installing the entire server.

Before he takes that extreme... is there anything that we haven't tried yet, or are we stuck with what having to reinstall everything?

Hi. I can more than likely help you, but first help me help you. What version of Server 2003? Enterprise, Standard, or Small-Business?

Ah, I new I forgot something in all that.

It's Enterprise,

Though I think my classmate has probably reinstalled the DNS server role, I'll give what ever suggestion you have a shot if he hasn't by tomorrow.

I would first suggest getting dns server working and making sure the dc is pointing to it as its dns server and has registered all the correct record in dns. IPCONFIG /registerdns or a reboot should do it.

After that, check that all the FSMO roles are assigned, has anyone been playing with those?. one of the most important roles in a AD domain for creating new accounts is the RID master, as this allocates new SID's. Without this you won't get new accounts. In a one server setup all roles will be on that box.

Although I still think the most likely problem is DNS not functioning. get that going, make sure it has registered all the SRV records a domain needs and try again.

We're installing a new server, on december 3rd, the kerberos started having trouble and it seems everything just went downhill from there.