Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

No logon servers available to service the logon request

Status
Not open for further replies.

Punce

Programmer
Mar 1, 2002
39
GB
Hi, I'm just starting to migrate from NT4 to 2k3 by doing a restructure, and I've hit a hurdle.

We have a few remote offices (2Mb linked WANS) and the way the old domain was set up was: PDC at main office, and a BDC of the same domain in the remote offices.

So I have installed a new 2k3 server at the main office with AD, and have set up trusts between old and new domain and have successfully migrate some test users over. So now here's the problem... At the 2k3 server, whenever I try to access any share on the NT4 BDC's on the WAN, I just get:
"There are currently no logon servers available to service the logon request"

I can ping the servers, and I can't browse the shares by using the BDC's ip addresses either, so I'm ruling out DNS.

The weird thing is that on a couple of other offices (WANs) we have seperate domains (NT4) and I can browse them fine.

Any ideas? tia
 
See if this helps

Modify the default user profile to include the registry value
GroupPolicyMinTransferRate with DWORD value of "0":


A. Under "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System",
create a value named as GroupPolicyMinTransferRate and give the value data
0.


B. Under "HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\System",
create a value named as GroupPolicyMinTransferRate and give the value data
0.


C. Restart the client computer to take effect.

--------------------------

Also, some useful references below:



Note- if slow link detection is not enabled it will default to 500 for its testing.




----------------

Slow link detection:


Forcing Kerberos to use TCP rather than UDP - reliability at the expense of some performance

 
I would not initially rule out DNS. I would make sure that you can get a ping hit when you try to ping the domain name of the NT domain and the AD Domain. If you dont get hits, then your client trying to access shares on NT cannot find an NT DC to authenticate. My first guess would be failure to locate proper DC's to authenticate against.

To fix it, you may have to make sure that your clients are pointing at the AD DNS and then make sure that the AD DNS server knows about the NT DOmain and DC's.
 
These are nasty ones - however they are normally DNS related. (Isn't nearly everything in WinNT5 upwards! :))

First things first - logs. Check the event viewer.

Also, I've had a number of problems like this which was just due to corruption of the computer accounts. Sounds daft, but try rejoining machines back to the domain.

Also - double check that you are running in Windows 2000 Mixed mode or Windows 2003 Interm mode and not Windows Server 2003.




Steve.

"They have the internet on computers now!" - Homer Simpson
 
thanks.

The PDC is on the same network as the 2003 DC in our main office. The BDC's are on the WANs.
I can ping, browse, etc the PDC, so it's authenticating fine for that. But the problem is only when I try to browse the BDC on the WANs. I can ping them fine

??

When you say to 'try to ping the domain name', I didn't think that was possible?
 
For example, if my FQDN AD domain is called domain.net, try to pin domain.net. If your NT Domain is called nike.net, try to ping nike.net, or just nike.
 
I can ping my new AD FQDN. But I can't ping the NT Domain, never have been able to.
 
So if you are at console on the AD DC, if you try a UNC path to a share, ie \\server\share, it should prompt you for login. If you use NTDOMAIN\user as the user and the correct password, what happens?
 
That's the problem, it doesn't prompt for a login. There's a delay, then I get the error box pop up (There are currently no logon servers available to service the logon request).

The trust is working fine because I can browse the NT PDC on the same LAN.
 
This is still proving to be a nightmare!! :(

I have found something strange though that might be linked.
As soon as I create a Trust between the new 2k3 AD domain to one of the old NT domains, I then can't connect to a share on that particular old NT domain. What's going on?
 
have you found a resolution to this problem?

I am having similar issues
 
Hi jtrober

Yeah I found the culprit. Sorry I didn't update this thread!
It was all down to lmhosts files. I looked into how to set them up properly and voila.
Here's how mine are set up now with no problems..

lmhosts on a BDC of the old domain on the WAN:

192.168.1.254 NT4PDC #PRE #DOM:NT4DOMAIN 192.168.0.254 "NT4DOMAIN \0x1b" #PRE
192.168.9.254 2003DC #PRE #DOM:2003DOMAIN 192.168.9.254 "2003DOMAIN \0x1b" #PRE

(obviously replace ip addresses, computer names and domain names to match your network)
(remember that the parts in quotes that ends with \0x1b must have a total of 20 characters, or 15 up to the '\'. So let's say your domain name is only 10 characters long, just add 5 spaces before the backslash)

then on the new 2003 DC (which is also the new DNS server) I created an lmhosts file with an entry for each WAN BDC:

192.168.2.254 NT4BDC1 #pre #dom:NT4DOMAIN
192.168.3.254 NT4BDC2 #pre #dom:NT4DOMAIN
192.168.4.254 NT4BDC3 #pre #dom:NT4DOMAIN



After doing this, I then went to each server and verified that the lmhosts file was working by doing the following:

..in a command prompt do a
nbtstat -R (<--- uppercase)
this command purges and preloads the name table.

Then do a
nbtstat -c

Here you should see a listing of your name table. There should be 2 GROUPS (your NT4 and 2003 domains) and 3 UNIQUE entries for EACH domain controller.

If you do not see a list, then it means that lmhosts is not working. This could be down to the fact that 'TCP over netbios' is not enabled in the WINS tab of your NIC TCP properties.

Hope this helps
Mark
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top