Announcement

Collapse
No announcement yet.

After DCPROMO unable to login to DC 2K8

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • After DCPROMO unable to login to DC 2K8

    Hey all,

    I followed the Petri guide to add a 2008 DC to a 2003 functional domain. Everything went through successfully.

    I setup two new 2008 DC's in an existing 2003 functional level domain.
    After installing the AD DS role and subsequently running DCPROMO I am unable to login to the systems.

    DCPROMO completed successfully and when I log in it processes the account, 'Prepares Desktop' but then I just get a blue screen. (not BSOD). I've tried logging in via console and via RDP, same result.

    One suggestion from another forum stated to wait 24 hours for replication to take place. I've used replmon to ensure that replication succeeded successfully. There are no warnings or errors in the event logs that could be related to this either.

    Has anybody experienced or seen this before?

    Thanks

  • #2
    Re: After DCPROMO unable to login to DC 2K8

    Not seen it before, but if in any doubt, blow away the DC and start again
    (format & reinstall OS, do a metadata cleanup, if possible use a different machine name for the rebuilt DC)
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: After DCPROMO unable to login to DC 2K8

      Well that's the thing, I did this on two fresh VM's. When I DCPROMO'd the second VM I did not choose to select DNS and GC as options.

      Comment


      • #4
        Re: After DCPROMO unable to login to DC 2K8

        I was able to solve this by running the following commands on each DC:

        Net localgroup Users Interactive /add
        Net localgroup Users "Authenticated Users" /add

        Interesting that a dcpromo would remove the Users group from Interactive and Authenticated Users.

        Well here it is for future reference, hopefully it helps somebody else down the road.

        Comment


        • #5
          Re: After DCPROMO unable to login to DC 2K8

          jcpro, well done on solving it and Thank You for posting back with the solution to your problem and sharing it with the rest of the Community. It is much appreciated and I hope we see more from you in the future.
          1 1 was a racehorse.
          2 2 was 1 2.
          1 1 1 1 race 1 day,
          2 2 1 1 2

          Comment


          • #6
            Re: After DCPROMO unable to login to DC 2K8

            Were you originally trying to log in as a normal user (not a domain admin)?
            If so, this is expected behaviour -- domain controllers are locked down severely.

            From your solution, you have weakened security badly
            Tom Jones
            MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
            PhD, MSc, FIAP, MIITT
            IT Trainer / Consultant
            Ossian Ltd
            Scotland

            ** Remember to give credit where credit is due and leave reputation points where appropriate **

            Comment


            • #7
              Re: After DCPROMO unable to login to DC 2K8

              Originally posted by Ossian View Post
              Were you originally trying to log in as a normal user (not a domain admin)?
              If so, this is expected behaviour -- domain controllers are locked down severely.

              From your solution, you have weakened security badly
              Originally posted by jcpro
              'Prepares Desktop' but then I just get a blue screen. (not BSOD). I've tried logging in via console and via RDP, same result.
              Considering jcpro was UNABLE to logon with an account due to his problem, he now has a chance to further troubleshoot if it is so desired. Without his security weakening actions then he would still be looking at a pretty blue screen.

              When I have inadvertently tried to use a non Admin account to logon to a DC then it spits me out. I don't get the expected behaviour of a a blue screen.
              1 1 was a racehorse.
              2 2 was 1 2.
              1 1 1 1 race 1 day,
              2 2 1 1 2

              Comment

              Working...
              X