Windows 2000 Professional on Microsoft Networks

After joining a Windows 2000 Professional–based computer to a workgroup or domain, the computer running Windows 2000 Professional should be able to communicate with other clients in the network environment. This section describes the techniques and procedures that you can use to determine and resolve problems encountered when attempting to log on to a Windows NT or Windows 2000 domain, or to a workgroup consisting of other Microsoft networking clients.

Cant log on at a local workstation

After creating a computer account at the domain, you attempt to log on locally by using a nonadministrative account. The following message is displayed:

The system could not log you on. Make sure your user name and Domain are correct, then type your password again.

Creation of a domain computer account does not migrate domain user accounts to the local computer. The local accounts must be created manually (by hand or through scripting).

Cant log on to a domain

After joining a Windows 2000 domain, you attempt to log on to the domain. The following message is displayed:

The system cannot log you on due to the following error: There is a time difference between the Client and Server. Please try again or consult your system administrator.

Kerberos security inspects the time stamp of the authentication request sent by the client that is logged on. The time stamp is compared to the current time of the domain controller. If there is a significant difference between the two times (the default is five minutes), authentication fails. Log on locally to an administrative account, and synchronize the time between the Windows 2000 Professional client and the domain controller.

You attempt to log on to a Windows 2000 domain and the following message is displayed:

Your account has been disabled. Please see your system administrator.

The user account has been configured for logging on by using a smart card. Each user account object in Active Directory contains a User must log on using a smart card option. If this option is selected and you attempt to log on without using a smart card, you receive the preceding message even though your account is not actually disabled. Contact your network administrator to disable the User must log on using smart card option.

Look for these common causes of logon failure:

  • Incorrectly typed passwords or user names.

  • Caps Lock is inadvertently turned on when you enter a password.

  • Lack of a common protocol between a Windows 2000 Professional–based client and a domain controller.

If TCP/IP is the protocol that you used in the network, the client configuration might have changed since initial installation. Look for these causes:

  • Incorrect static addresses or subnet masks.

  • DHCP enabled in an environment where no DHCP server is available.

  • Improperly configured default gateways.

  • Incorrect addresses for DNS and/or WINS servers.

  • Incorrectly configured Hosts/Lmhosts files.

Cant log on to a domain after renaming the computer

To rename a Windows 2000 Professional computer that is a member of a Windows NT domain, perform the following steps:

  1. Create a new computer account (or have one created for you) by using the new computer name.

  2. Leave the domain by temporarily joining a workgroup.

  3. Restart the computer when prompted.

  4. Join the domain by using the new computer name.

  5. Restart the computer when prompted.