JSI Tip 2573. Your Windows 2000 client can no longer log on to the domain?

If you have demoted all the Windows 2000 Active Directory domain controllers, leaving only Windows NT 4.0 domain controllers, your Windows 2000 clients will be unable to log on to the domain. They will receive:

The system cannot log you on to this domain because the system's computer account in its primary domain is missing or the password on that account is incorrect.

When the Windows 2000 DCs existed, the default secure channel authentication was set to Kerberos. It will not change to NTLM, required for Windows NT 4.0 secure channel authentication, until you remove and re-add the Windows 2000 Professional computer from/to the domain.

01. Control Panel / System / Network Identification / Properties.

02. Press Workgroup: in Member of and type the name of a Workgroup (or WORKGROUP).

03. Press OK and OK.

04. Restart your computer when prompted.

05. Control Panel / System / Network Identification / Properties.

06. Press Domain: in Member of and type the name of the domain.

07. Provide the User name and password authorized to join the computer to the domain, when prompted.

08. Press OK.

09. Restart your computer when prompted.

NOTE: Using NETDOM version 2.0, from the Windows 2000 Support Tools, will allow you to remotely delete and re-add the Windows 2000 computers from the domain.


Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish