General discussion

Locked

No authority for authentication

By Blackcurrant ·
Hi

We have suddenly lost the ability to choose account information. When My Computer is right clicked and 'manage' selected, the Local Users and Groups folder has an X through it. When selected a message in the right hand pane says This computer is a domain controller, use the AD Users and Computers snap-in.

When this is accessed, an error message appears saying Naming information cannot be located because: No authority could be contacted for authentification.

The machine is a DELL 2400 poweredge, running Windows 2K + SBS, with GB's of free space and 528MB RAM. Active Directory has not been enabled, and both the DNS and DHCP services have been disabled for some time.

This error first occurred this morning, and we noticed thatduring boot-up no message saying that security policies were being applied was displayed.

According to Microsoft's Knowledge Base, and other sites detailing solutions to this, it is nearly alweays a DNS configuration error, however, DNS is not enabled.

Am I missing something? Any help will be gratefully received.

Thanks

This conversation is currently closed to new comments.

7 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

No authority for authentication

by timwalsh In reply to No authority for authenti ...

Were you previously running a Win2K AD domain and just recently installed SBS?

Or were you previously running an NT4 domain and installed SBS on a stand-alone Win2K server in this domain?

If either of these are the case, you may have more problems than you realize.

Because of the licensing limitations of SBS (no more than 50 users, cannot be part of a larger AD domain, cannot create Trust relationships between an SBS domain and other domains, etc), SBS server is required to be installed as the Forest Root for the AD domain in which SBS is installed. (From Microsoft SBS Technical FAQs: Small Business Server must be set up as the root domain controller of a Microsoft Active Directory™ forest, which prevents Small Business Server from serving as a corporate branch office or divisional server of a larger organization with an existing Active Directory or Microsoft Windows NT? 4.0–based domain infrastructure. Moreover, trusts with other Active Directory forests are notallowed, which means that a user will not be able to set up an explicit trust (for example, in the style of Windows NT 4.0) with another domain. And Microsoft Exchange Server in Small Business Server is restricted from being part of a larger Exchange Server organization.)

If you presently have an NT4 domain, you won't be able to use SBS unless you migrate the domain to AD. Luckily, you probably didn't mess up the NT4 domain. However, if your domain is part of a larger organization, you won't be able to use SBS.

If you previously had a Win2K AD domain (especially if you were part of a larger AD organization, you could have created problems that will be felt across the entire organization.
You may have no recourse except to rebuild the entire AD structure. Again if you are part of a larger organization, you won't be able to use SBS.

Good luck!

Collapse -

No authority for authentication

by Blackcurrant In reply to No authority for authenti ...

Hi Tim, thanks for answering. We set up the server about a year ago, and installed W2K Server and SBS at the same time. This is the only server we use. All other client machines run W98/W2k, no security or user policies have been set up, and each machine simply logs onto the network with access to all shares, Share security is provided by passwords where needed, file security has not been implemented.

We were prompted about whether to set up Active Directory at the time by the installation program, but, as we are a small company, decided that AD would not be needed. Therefore, no 'migration' has occurred on this machine, and no other AD forest exists. The server is part of a domain, though as AD is not installed, I don't know what effect this can have. I should add that as AD is not used, I have not learned much about it, and find the whole thing a little confusing.

The configuration of this machine has not changed since it was setup. I don't understand why the server can no longer provide account information. Although a client machine can access the server, the server cannot access a share on a client machine. Access to this information is quite important as a security account is required for our backup software to function properly.

Collapse -

No authority for authentication

by timwalsh In reply to No authority for authenti ...

Here are my reasons for thinking this:

1. There can only be one SBS server in an organization.
2. SBS must be installed as the first Domain Controller (DC) in a Win2K domain.
3. A Win2K domain CANNOT exist without Active Directory (AD).
4.A Win2K server CANNOT become a DC without AD.

Essentially what you have been operating is a peer-to-peer network with 1 extremely hi-powered workstation (your ?server?).

In a peer-to-peer network, security is exercised over shared resources bythe computer on which the shared resources are hosted vs. a true domain-based network where a DC centrally manages all security. In your present situation, if you are attempting to back up files on various shared resources across your network, you essentially need a ?security account? set up on each computer that hosts shared files.

Was the backup software operating properly before or is this a new addition?

As to what would cause your server to all of a sudden realize it wasn?t configured properly, I don?t have a clue, unless the backup software is in fact a new addition. If the software tried to look for security accounts on a DC, this may have kick-started a service that wasn?t started before. I?m assuming you haven?t been using Exchange as AD is REQUIRED for Exchange to operate properly. Are using other major components of SBS such as SQL Server or ISA Server? BTW, if you look back through your Application and System logs in Event Viewer, I would be willing to bet that they are filled with error messages dating back to when you installed the server.
(continued)

Collapse -

No authority for authentication

by timwalsh In reply to No authority for authenti ...

Now, by this point I?m sure you?re asking how do you extricate yourself from this predicament?
You really only have 3 choices:

1. Uninstall SBS completely. Install a Desktop OS like Win2K or WinXP professional and continue using your peer-to-peer architecture. You really haven?t been using SBS to anywhere near its potential to this point. But that would be kind of pointless and waste your investment in SBS.
2. This choice will be slightly painful. Uninstall SBS completely. Install NT4 Server. This will let you set up a domain-based network without having to learn AD. But again, you are wasting your investment in SBS.
2. This choice will be a even a little more painful and time consuming, but I think you will be happier in the long run. Learn AD. Uninstall SBS completely and reinstall properly with AD enabled. You will also have to set up a DNS server as AD heavily relies on DNS. Your point that a small business doesn?t need AD is really more a matter of a small business doesn?t take advantage of all of AD?s capabilities. The bottom line though is this: if you want a domain-based network with Win2K as your network operating system, you need AD.

What issues will you encounter by picking choice 3?

1. Since you don?t have a properly functioning domain, you don?t have to worry about migrating user accounts, etc.
2. If I were doing this, I would either backup all critical data existing on the server or move it to a second drive (if multiple drives exist on your server).
3. Since you don?t have a properly functioning domain, you don?t have anything to lose by just wiping the partition hosting SBS and starting with a fresh installation.
(continued)

Collapse -

No authority for authentication

by timwalsh In reply to No authority for authenti ...

4. In a small business, single AD domain environment, you don?t have the issues you would have if you were trying to integrate into a larger AD organization. This is really where the majority of the problems with AD can creep in.

I hope this points you in the right direction.

Good Luck!

Collapse -

No authority for authentication

by Blackcurrant In reply to No authority for authenti ...

Hi Tim, thanks.

Collapse -

No authority for authentication

by Blackcurrant In reply to No authority for authenti ...

This question was closed by the author

Back to Windows Forum
7 total posts (Page 1 of 1)  

Related Discussions

Related Forums