Windows 7 Cant join a Win 2K domain

crisp duck

New Member
Please be gentle with me - I'm new to this!
I'm trying to introduce two Win 7 Pro HP Probooks to our Win 2K domain. All XP models work fine.
These two will allow themselves to be "introduced" to the domain but then, after rebooting, wont recognise the admin username and password I JUST used!
If I log on locally I can browse the network and the admin credentials are accepted then. I can ping the server. The Probook is assigned an internal IP, given from the network.
I've Googled everything but am still unsuccessful.
Any help at all would be greatly appreciated.
 
have you tried including the domain name as part of the logon prompt
either
[email protected]
or yourdomain.local\Administrator
in the username box
and then of course the assoicated password with that account on the domain.
Are you receiving any type of error?
Is the event viewer on the Domain Controller logging any failed logon attempts as a security event?
Is the W2k DC also the DNS server? Make sure that the ip information on the windows 7 machine points to your domain DNS server as the primary DNS resolver.
 
Hi
I had tried yourdomain.local\Administrator but not [email protected]. Neither work.
It presents a Windows Security warning stating "logon failure: unknown username or bad password". Suffice to say I check, double and triple check to make sure the credentials are going in correctly.
No failed logon attempts logged in the event viewer.
Yes, they are the same and the IP information matches exactly to the XP unit I am presently using (except from specific IP of course)
HP says its Microsoft because its software (justified by the fact that, as a stand alone machine all is fine) and Microsoft say its HP because its OEM. The two who actually might know and neither will speak to me, OR to each other! Sorry, .... ranting now :-(
 
Try this on the Win7 machine and see if it helps, type
secpol.msc into the search box and hit enter and make adjustments as shown in the attachment
keep us posted.
 
PS: I've just downgraded one of them to XP, at HP's request, and it works fine.....
I think I always did expect it to, but I suppose this reinforces the fact that it has to be something in Win 7.
 
Did you try making the adjustments to NTLMv2 and security/encryption levels as I suggested above?
 
No joy I'm afraid.
I had seen something similar to this posted elsewhere yesterday. It said to change to "Send LM & TLM response". It hadnt mentioned the "no minimums".
Before I made the change yesterday the laptop behaved completely different. It would allow me to log on but then wouldnt do anything - well very nearly anything. I could play with the background but that was about it.
No app would launch: MS Office, IE, Paint even! The timer would appear (as if it was thinking about it) but then nothing. No messages either. I couldnt even get into system properties to remove it from the domain - had to restore.
 
The new windows 7 machines aren't running any type of third party firewall or internet security suite that may be causing this issue are they?
 
The machines are , quite literally, out of the box!
Other than joining (?) the domain, nothings changed.
HP installed credential manager and protect tools - neither of which have been played with.
 
Sorry, I just know that a lot of new machines often come with a free trial of Norton's or McAfee's pre-installed and I just wanted to make sure that there wasn't something like that causing the problem.
 
I lied - sorry! Didn't even think until I read your last comment.
It DID come with McAfee but, When HP delivered the replacement hard drives ( one of their early attempts to rectify) I re-installed all drivers, software, apps etc EXCEPT McAfee! We use Sophos anyway, but that's not on yet.
 
The only other thing I can think of is that the W2k server has similar settings regarding NTLMv2 you might try checking them on the server
Open gpedit.msc
computer confirguration
windows settings
security settings
local policies
security options
Look for LanMan Authentication Level and make sure it's set to the same as you previously set the Win7 machine
Send LM & NTLM - use NTLMv2 session security if negotiated
Unfortunately I don't have a W2k server running so I can't test or duplicate your problem and since this is a Domain Controller there may be additional similar settings Domain Controller Polices as well as Domain Polices but they should definitely exist under Local Security Polices.
Good luck
EDIT: You will need to do a global policy update after you make any changes by either rebooting the server or by using the secedit command.
 
Last edited:
Back
Top