# Windows Server 2008 users unable to login



## JBlandford (Apr 18, 2011)

Before the weekend I deactivated 2 Windows 2000 server from our network. We have 2 new Windows 2008 servers that have been in place for over a year and I thought all authentications were going to them now. 

Now the next day my users can't login to their computers, but I can login to the machines with the admin account.

Could someone please give me any pointers on how to fix this?


----------



## Rockn (Jul 29, 2001)

What roles did the previous servers you decommissioned have in your network? Were they Domain coltrollers with some FSMO roles? Sounds like the issue to me.


----------



## JBlandford (Apr 18, 2011)

No, the FSMO roles were all moved to the new servers. Just before I demoted the old ones I made sure they were not global catalog servers and restarted them.


----------



## Rockn (Jul 29, 2001)

Do all of your DNS tests run and is replication happening correctly between DC's?


----------



## JBlandford (Apr 18, 2011)

All DNS seems to working fine. What I think I am going to do is just wipe one server, make a new domain then move everyone over to that. Then once everyone has been moved, switch the rest of the 2008 servers to the new domain.

Does that sounds feasable?


----------



## Rockn (Jul 29, 2001)

It sounds like a lot of work for something that should be a simple fix. Are the old servers still around and can be put on the network just to see if people can authenticate? It really sounds like something was not moved over when the old servers were taken out. Did you do a dcpromo on either of those servers if they were domain controllers?


----------



## JBlandford (Apr 18, 2011)

When I look at the logs on client machines it says that a logon server was not available. But there are.

Is there a way to force a client to use a certain server for logins?


----------



## Rockn (Jul 29, 2001)

Delete the computer account on the server and rejoin it to the domain. Are you sure DNS and AD are working correctgly on these new servers? Was one of the roles of the old decommissioned servers a DHCP server? Are the clients picking up the correct DNS info and IP address? Try an ipconfig /release & ipconfig /renew on one of your workstations. You can also try flushing the local DNS cache on these workstations.


----------



## JBlandford (Apr 18, 2011)

I think they are working properly. Honestly I'm not that proficient with DNS. The workstations have static IP's and they are pointing to the correct servers. I have tried flushing the dns and re-registering it on the workstations but to no avail.

The event viewer shows audit failures and also that no logon server was available. But when I do a echo %logonserver% it shows the correct server. This has me baffled.


----------



## Rockn (Jul 29, 2001)

You by chance didn't use the same names for the old servers and the new ones did you? Run DCDIAG /test:dns from each domain controller.


----------

