Cant join a Win 2K domain

Discussion in 'Windows 7 Networking' started by crisp duck, Apr 1, 2010.

  1. crisp duck

    crisp duck New Member

    Joined:
    Apr 1, 2010
    Messages:
    12
    Likes Received:
    0
    Please be gentle with me - I'm new to this!
    I'm trying to introduce two Win 7 Pro HP Probooks to our Win 2K domain. All XP models work fine.
    These two will allow themselves to be "introduced" to the domain but then, after rebooting, wont recognise the admin username and password I JUST used!
    If I log on locally I can browse the network and the admin credentials are accepted then. I can ping the server. The Probook is assigned an internal IP, given from the network.
    I've Googled everything but am still unsuccessful.
    Any help at all would be greatly appreciated.
     
  2. Trouble

    Trouble Noob Whisperer

    Joined:
    Nov 30, 2009
    Messages:
    13,845
    Likes Received:
    833
    have you tried including the domain name as part of the logon prompt
    either
    Administrator@yourdomain.local
    or yourdomain.local\Administrator
    in the username box
    and then of course the assoicated password with that account on the domain.
    Are you receiving any type of error?
    Is the event viewer on the Domain Controller logging any failed logon attempts as a security event?
    Is the W2k DC also the DNS server? Make sure that the ip information on the windows 7 machine points to your domain DNS server as the primary DNS resolver.
     
  3. crisp duck

    crisp duck New Member

    Joined:
    Apr 1, 2010
    Messages:
    12
    Likes Received:
    0
    Hi
    I had tried yourdomain.local\Administrator but not Administrator@yourdomain.local. Neither work.
    It presents a Windows Security warning stating "logon failure: unknown username or bad password". Suffice to say I check, double and triple check to make sure the credentials are going in correctly.
    No failed logon attempts logged in the event viewer.
    Yes, they are the same and the IP information matches exactly to the XP unit I am presently using (except from specific IP of course)
    HP says its Microsoft because its software (justified by the fact that, as a stand alone machine all is fine) and Microsoft say its HP because its OEM. The two who actually might know and neither will speak to me, OR to each other! Sorry, .... ranting now :-(
     
  4. Trouble

    Trouble Noob Whisperer

    Joined:
    Nov 30, 2009
    Messages:
    13,845
    Likes Received:
    833
    Try this on the Win7 machine and see if it helps, type
    secpol.msc into the search box and hit enter and make adjustments as shown in the attachment
    keep us posted.
     
  5. crisp duck

    crisp duck New Member

    Joined:
    Apr 1, 2010
    Messages:
    12
    Likes Received:
    0
    PS: I've just downgraded one of them to XP, at HP's request, and it works fine.....
    I think I always did expect it to, but I suppose this reinforces the fact that it has to be something in Win 7.
     
  6. Trouble

    Trouble Noob Whisperer

    Joined:
    Nov 30, 2009
    Messages:
    13,845
    Likes Received:
    833
    Did you try making the adjustments to NTLMv2 and security/encryption levels as I suggested above?
     
  7. crisp duck

    crisp duck New Member

    Joined:
    Apr 1, 2010
    Messages:
    12
    Likes Received:
    0
    No joy I'm afraid.
    I had seen something similar to this posted elsewhere yesterday. It said to change to "Send LM & TLM response". It hadnt mentioned the "no minimums".
    Before I made the change yesterday the laptop behaved completely different. It would allow me to log on but then wouldnt do anything - well very nearly anything. I could play with the background but that was about it.
    No app would launch: MS Office, IE, Paint even! The timer would appear (as if it was thinking about it) but then nothing. No messages either. I couldnt even get into system properties to remove it from the domain - had to restore.
     
  8. Trouble

    Trouble Noob Whisperer

    Joined:
    Nov 30, 2009
    Messages:
    13,845
    Likes Received:
    833
    The new windows 7 machines aren't running any type of third party firewall or internet security suite that may be causing this issue are they?
     
  9. crisp duck

    crisp duck New Member

    Joined:
    Apr 1, 2010
    Messages:
    12
    Likes Received:
    0
    The machines are , quite literally, out of the box!
    Other than joining (?) the domain, nothings changed.
    HP installed credential manager and protect tools - neither of which have been played with.
     
  10. Trouble

    Trouble Noob Whisperer

    Joined:
    Nov 30, 2009
    Messages:
    13,845
    Likes Received:
    833
    Sorry, I just know that a lot of new machines often come with a free trial of Norton's or McAfee's pre-installed and I just wanted to make sure that there wasn't something like that causing the problem.
     
  11. crisp duck

    crisp duck New Member

    Joined:
    Apr 1, 2010
    Messages:
    12
    Likes Received:
    0
    I lied - sorry! Didn't even think until I read your last comment.
    It DID come with McAfee but, When HP delivered the replacement hard drives ( one of their early attempts to rectify) I re-installed all drivers, software, apps etc EXCEPT McAfee! We use Sophos anyway, but that's not on yet.
     
  12. Trouble

    Trouble Noob Whisperer

    Joined:
    Nov 30, 2009
    Messages:
    13,845
    Likes Received:
    833
    The only other thing I can think of is that the W2k server has similar settings regarding NTLMv2 you might try checking them on the server
    Open gpedit.msc
    computer confirguration
    windows settings
    security settings
    local policies
    security options
    Look for LanMan Authentication Level and make sure it's set to the same as you previously set the Win7 machine
    Send LM & NTLM - use NTLMv2 session security if negotiated
    Unfortunately I don't have a W2k server running so I can't test or duplicate your problem and since this is a Domain Controller there may be additional similar settings Domain Controller Polices as well as Domain Polices but they should definitely exist under Local Security Polices.
    Good luck
    EDIT: You will need to do a global policy update after you make any changes by either rebooting the server or by using the secedit command.
     
    #12 Trouble, Apr 1, 2010
    Last edited: Apr 1, 2010

Share This Page

Loading...