General discussion

Locked

Domain not available

By Lynn.Powell ·
I have a school network with 2 domains, both running win2003 server and connected via cisco router and Cisco switches. Two VLANs have been set up on the switches and ports assigned to respective VLAN. My question is; some of the PCs in VLAN 1 will log on to both domains (ie student can logon to VLAN 1 and teacher can log on to VLAN 2) with the PC connected to a port assigned to VLAN 1, but 2 of the computers will only allow log on to VLAN 1 by a student. Teacher cannot log on to VLAN 2 from that PC - error message says domain is not available. Any ideas on what I can do to rectify this?

This conversation is currently closed to new comments.

6 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by sgt_shultz In reply to Domain not available

anything in the event log on the problem pc's? the exact error message is important...

Collapse -

by CG IT In reply to Domain not available

which switch model and router model are you using? important because 1900's suport ISL routing, 2900s support 802.1Q routing and 3550s support ISL and IEEE802.1Q

for a 2950:

2950#config t
2950(config)#int fO/12
2950(config-if)#switchport mode trunk
2950(config-if)#int FO/2
2950(config-if)@switchport access VLAN 1

and you have to configure the VLAN networks for each VLAN designating the subnets

Troubleshooting:

the router is connected to the switch using subinterfaces. Switch port is a trunk port. clients are connected to switch ports not trunk ports.

Collapse -

by CG IT In reply to

last command should read 2950(config-if)#switchport access VLAN 1

and for each VLAN you specify the command example:

2950(config-if)#switchport access VLAN 1
2950(config-if)#switchport access VLAN 2

blah blah

Collapse -

by Lynn.Powell In reply to Domain not available

I haven't checked the event log yet - I will do so. The switches are both 2950 and the router 3550. clients are definitely connected to access ports, not trunk ports. i will check the event log to see what error messages there are and get back.

thanks

Collapse -

by Greybeard770 In reply to Domain not available

I have more questions than answers so let me give you some things to think about.

Why should it work? Can the client PING the domain controller they are trying to authenticate with? Can they PING their default gateway? Can they PING their next hop to the other network? Are client addresses DHCP or static? Is all that really configured properly?

A VLAN is frequently associated with an IP subnet more than with a domain. How do the clients route between VLANs?

A VLAN connects a client to a domain controller. Clients login to a domain, not a VLAN.

It sounds like some are working as intended and some are not. That implies there is a difference in the switch port configuration. If you are running multiple VLANs on a port (I don't know if you really want to) you will probably need to tag the packets.

Collapse -

by Lynn.Powell In reply to Domain not available

Firstly, thanks for the help you guys have given me so far. Sorry for the delay in responding - have been back to the school & checked event viewer and switches. Firstly, computers are definiely connected to ports that are access not trunk. The following error messages appear in the Event Viewer:

Event ID 15: Automatic certificate enrolment for local system failed to contact the Active Directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Event ID 1054: Windows cannot obtain the Domain Control name for your computer network. the specified domai does not exist or canot be ocntacted. Group Policy processing aborted.
Error ID 5719; no Domain Control available for WPSDomain

Error ID 5783: the session setup to the WIN NT or Win 2000 Domain controller \\domainname for the domain WPSDomain is not responsive. The current RPC domainname has been cancelled.

User/s can logon with cached credentials but logon script does not run. However, I am able to manually map network drives and have done this as a temporary measure. They must have been able to log on from that PC previously. Have been told that there may be a false entry in the LMHOSTS file on the Admin server so I will check this as well.

The computer itself is running WinXp PRo with only 64Mb RAM (verrry slow). I know this is probably a silly question - but could that be an issue?

Back to Networks Forum
6 total posts (Page 1 of 1)  

Related Discussions

Related Forums