I've removed all Windows 2000 domain controllers from my domain. Now, why won't Windows NT 4.0 domain controllers authenticate Win2K Professional clients?

A. By default, when you install a Win2K client into a domain with Win2K DCs, the secure channel that the system uses for communication with the DCs is configured to use Kerberos. NT 4.0 doesn't support Kerberos; it supports only NT LAN Manager (NTLM). Thus, when a Win2K client tries to authenticate through an NT 4.0 DC, the client receives the following error message:

The system cannot log you on to this domain because the system's machine account in its primary domain is missing or the password on that account is incorrect.<br><br>

To solve this problem, remove the client from the domain and then add the client back to the domain, which forces the client to use NTLM when its attempts to use Kerberos fail. You should remove the computer account using the Server Manager NT 4.0 tool and then recreate a new computer account. To use the client GUI, perform the following steps:

  1. Right-click My Computer and select Properties.
  2. Select the Network Identification tab.
  3. Click Properties.
  4. Under Member Of, click Workgroup and type the name of a work group to join (e.g., Workgroup).
  5. Click OK twice.
  6. Restart the computer.
  7. Right-click My Computer and select Properties.
  8. Select the Network Identification tab.
  9. Click Properties.
  10. Under Member Of, click Domain and type the name of the domain to join.
  11. When the system prompts you for a domain administrator's credentials, enter the appropriate information.
  12. Restart the computer.

You can also remove the client computer and add it back using the NETDOM tool:

NETDOM REMOVE /Domain:\[domain name\] \[workstation name\] /UserD:\[domain name\]\\[administrator account\] /PassworD:\[password\]<br>
NETDOM ADD/Domain:\[domain name\] \[workstation name\] /UserD:\[domain name\]\\[administrator account\] /PassworD:\[password\]<br><br><br>
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.