Hey Laura... Two things come to mind here. First, do the NT4 clients have the DSClient installed, and if so, does it make a difference?
Second, are you still running WINS in the environment? What it sounds like is that you're having a LOT of NetBIOS name resolution issues. Remember pre-Win2k, you pretty much had to have WINS, and its an absolute requirenment for multisegment LANs and WANs. When the clients stop being able to log in, have you run NLTest or NetDom to verify the secure channel? I'd be interested in seeing the output of that. -------------------------------------------------------------- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. > -----Original Message----- > From: Hunter, Laura E. [mailto:[EMAIL PROTECTED] > Sent: Monday, May 03, 2004 3:36 PM > To: '[EMAIL PROTECTED]' > Subject: [ActiveDir] Active Directory/DNS weirdness > > Okay, this is something that I've filed in the "I'll live > with it" column > for awhile: > > > Windows 2000 Active Directory domain. > > Still supporting NT4 clients. > > Using BIND DNS that does -not- have dynamic updates enabled: > whenever I > create a DC, I am required to manually upload the > netlogon.dns into the zone > file. (This is usually a one-time upload, since it's done manually.) > > Whenever I reboot the PDC Emulator, my NT4 clients start throwing the > following error: > > "System can not log you on to the domain because the systems computer > account in its primary domain is missing or the password on > that account is > incorrect"... > > Or, > > "System Error 1789 has occurred. The trust relationship between this > workstation and the primary domain failed." > > 2000/XP boxen keep chugging merrily along, this behaviour > only happens on > NT. > > The MS KB answer is to drop the machine from the domain and re-add it. > (Every NT workstation? Every time I reboot the server? Are > you serious? > Besides...I tried that and it doesn't work.) > > The workaround that I've found is to compact the AD database > after I reboot > the controller. It's a workaround only, and doesn't solve > the underlying > problem that it just plain shouldn't be happening. > > Another piece to the anecdote: I had formerly housed the PDC > Emulator on a > remote subnet, in a different building from my clients. When > this was the > case, said error would start throwing itself every few days > even -without- > me rebooting the PDC Emulator. I had to build a DC, install > it locally and > transfer the PDC FSMO role to get any sleep at all! > > Laura > > *waves at Roger & Tony* > > *********************************** > Laura E. Hunter > MCSE, MCT, MVP - Windows Networking > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
