No Logon Servers Available

[oneworld]

We have a couple of machines in our domain that when we try to access them through server manager or a domain logon account we get a message No Logon Server Available to Process Logon Request. These machine are domain members utilizing WINS which has been checked and cleaned. They also have been removed and re-added to the domain with the same results. It is not a trusted/trusting cross doamin issue as assumed in TECHNET.<br>
<br>
Any ideas?

 

[DougP]

Can you find the computer(s) using Ping or in the desktop using Start, find, computers

 

[billtiv]

Are the machines Grayed out in the Server Manager? With personal experience, I have removed a box from a domain, then had to wait for up to an hour until Server cleared it from the Server Manager. Then re-entered it into the Domain. Also, is it a pure TCP/IP network?

 

[BruceP]

The servers can be seen with a ping, Start Find, Computers and they can be connected to via PC Anywhere, map drives to them, etc. The problem is that to connect to these machines you need to login using a local account on the machine. A domain account will not be authenticated to access the machine even though the domain account is a member of the local administrators group.<br>
<br>
The Servers in question act a though they cannot &quot;see&quot; the Domain controllers (of which there are three). You can map drives and connect from the server that cannot authenticate the domain account to a Domain Controller.<br>
<br>
Also, the machines in question are not grayed out in server manager. However when you try to view the services.. &quot;There are currently no logon servers available to service the logon request&quot; We have tried to remove the machine from the domain at the machine itself. Reboot the box. Delete the machine account from server manager and synchronize the entire domain. Go into the WINS servers, delete the entries from the database referring to the machine that was removed. Then, at the machine, re join the domain, reboot the box. When the machine comes to the login screen, click on the drop down domain list, and the domain is listed there. However, trying to login using a domain admin account gives us the same error message.<br>
<br>
The network is a combination of protocols. TCP/IP is the predominant protocol, however there is also some IPX/SPX Netware servers on the LAN / WAN as well. The NT Servers are set up to use IPX and TCP/IP. We also use a manual frame type of Ethernet II.<br>
<br>
There are two of us working on the same issue. Myself and the person who posted the original question.

 

[Zelandakh]

Have they all got TCPIP as the first protocol? Move that to the top of the list.<br>
<br>
Are they all in the same domain and therefore you have a PDC and 2BDCs? Common service packs? Machines that cannot attach to the domain, are they NT WS, 95/98 or Servers?

 

[BruceP]

These are both NT servers. They all have common service packs (SP4), common application software (E-Mail) (they are two of approximately 67 machines running the same application). They are all in the same domain, with 1 PDC and 2 BDC's. The machines are in the domain, they show up as domain member servers however, they just do not process domain logon authentication. They all use both TCP/IP as well as IPX/SPX. They are servers so binding order of the protocols to the NIC cards is irrelevant.

 

[Zelandakh]

Check the services of the problem machines against the services of the working machines.<br>
<br>
You may find a service is not started...<br>
<br>
When you log on, can you use the domain drop down list box and see the domain proper? i.e. can you log on as domain administrator or only local machine admin?

 

[BruceP]

All of the services on the machines having this problem are running fine. They run the same services that our &quot;working&quot; machines are running. When logging on, you can access the domain drop down box, however if you attempt to use a domain account to login to the server, you immediately receive the error message &quot;No Logon servers are available to process the logon request&quot;. You can only logon using a local machine account. You cannot logon as a domain administrator. If you go into User manager for domains, you can only access local account info. There is an entry for the Global Domain Admins group in the local machine administrators group, but the account is listed as account unknown. It cannot be added either due to the same situation where you cannot authenticate through the domain logon process.<br>
<br>
Pretty cool, huh?

 

[Zelandakh]

Is reinstall an option?

 

[oneworld]

Upon working with BruceP, reinstalling is an absolute last resort. Any other ideas? <p> <br><a href=mailto: oneworld@goes.com> oneworld@goes.com</a><br><a href= > </a><br>

 

[raysinclair]

Is there anything listed in the event viewer on either machine or any of the three DC's? Do you have a lab server that you can use as a test DC for a test domain & logon to the test domain/DC?<br>
<br>
Can you remotely logon to the two sick servers via the cmd line? Or run a timesync remotely?<br>
<br>
try removing all networking references to the netware server & IPX - remove any distractions - that is assuming that you CAN logon to the netware server? [which would make this a TCP issue rather then a NT issue]

 

[Red]

try stopping/starting browser service on affected machines; then try moving a machine to the same network as one of the domain controllers. if you syill can't log on, you probably need to rebuild. last thot - try a different brand of network card (to force driver/protocol reload); you may have to remove the existing card, remove networking, power-off, reboot (clean w/no network), then shutdown and install the different card.

 

[Zelandakh]

on a sick machine try running command line net accounts /sync and see if that cures it.

 

[BruceP]

Ok, In the event viewer there are messages about not domain controller available.... but that is related to the same issue...I can only logon remotely... if I use a local machine account. There are no references to a NetWare Server, but IPX is necessary because of the client machines that connect. Clients run IPX and TCP/IP, and it is a mixed bag. removing IPX is not an option.<br>
<br>
Next... the browser has been started and stopped because the machines have been rebooted several times. The NIC is a Compaq integrated NIC. We use the same type on all other servers running this software with no issues. We also run the same version of SSD's on all of these machines.<br>
<br>
Lastly... i tried the net accounts /sync No good... system error.. command is not supported...<br>
<br>
any more ideas before i reapply SP4, hot fixes, etc..

 

[Zelandakh]

If net accounts fails then its a local networking issue. If you can down the server for a while, remove the card in network (i.e. not physically), after unbinding all protocols. Then reload the card and replace the drivers (get them from the internet if you can to get the latest versions).<br>
<br>
Once the card is there and happy, reload the protocols and check the binding order.<br>
<br>
Once you have done all that, load SP5 (it works fine) or SP6 if you think its stable enough. Only load SP4 if you use Notes cos there were some problems after that...

 

[BruceP]

But I have confirmed that it is not a local networking issue.. All local accounts on the machines work fine. It is only domain account authentication. The card is there... the card is happy... and like I mentioned once before.. binding order on a server is irrelevant... binding order only matters when it comes to a workstation, not a server. SP4 is on the machine because it is a Lotus Notes server. The network card drivers are the latest direct from Compaq, the MFG of the machine, in both cases. This machine can connect to any other machine within the domain across North and South America.. I can map drives from it, mao drives to it, yadda yadda yadda... I just cannot login using a domain account. I have to use a local account but the machine believes that it is participating in a domain, and it is a domain member.

 

[Zelandakh]

My only thought for doing the rubbish listed above was that is net accounts fails then it is a networking issue (could be a comms issue or similar) or a cached setting. For instance, if you were unable to participate in a domain due to protocol reasons or physical reasons at one time, this setting is cached and now you have your problems. All the bits that work do not access the cached setting.<br>
<br>

 

[microsoftmis]

You don't have a cisco catalyst switch do you. I had to enable fast boot on the switch, cause all my NT workstations we getting the no logon server available, but when they finished booting, everything network wise was fine

 

[MasterRacker]

Here's a tip from <A HREF="

http://www.jsiinc.com"

TARGET="_new">

http://www.jsiinc.com</A>

It's a long shot, but it might be worth screwing around with:<br>
<br>
0989 » No Domain Controller available to validate your logon, after applying SP4?<br>
If you receive the subject message and the Event log contains:<br>
<br>
Event ID: 5719<br>
Source: Net Logon Type error<br>
Description: No Windows NT domain controller is available for domain<br>
&lt;domain name&gt;. The following error occurred:<br>
<br>
There are currently no logon servers available to service<br>
the logon request.<br>
verify that the following registry entries exist:<br>
Windows NT 4.0 Workstation<br>
<br>
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser\Parameters<br>
<br>
MaintainServerList with a value of No<br>
<br>
IsDomainMaster with a value of False<br>
<br>
<br>
Windows NT 4.0 Server<br>
<br>
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser\Parameters<br>
<br>
MaintainServerList with a value of Yes<br>
<br>
IsDomainMaster with a value of True<br>
<br>
<br>
If after restarting, you don't receive the error message, you could set MaintainServerList to Auto.<br>
<br>
Note: Event Id 5719 is normal if you boot with a no network card hardware profile. <br>
<p> Jeff<br><a href=mailto: masterracker@hotmail.com> masterracker@hotmail.com</a><br><a href= > </a><br>