Networks

Question

Gravatar
Locked

Domain not available (Win XP)

By lfruchter ·
Hey Sages,

I run a fun little network at a public school with Dell XP workstations and a Dell Win Server 2003. I've added new Dell laptops and used Dell workstations to our domain with no problem for about a year now. Recently, I thought I'd save some money and get some 8 HP laptops instead of 6 Dells. I'm now trying to integrate an HP 6535b to our network and it's driving me nuts!

I configured its Windows Wireless Network Connection to work with our DNS server -- no problem.

I loaded all our wireless LAN settings into its Broadcom Wireless Utility -- no problem; all VLANs are visible and I can surf the WWW.

As the computer's Administrator, I joined the computer to our domain -- no problem; going through Network Places I can get to my server documents and the machine shows up on the server's list of workstations.

When I try to log in on the laptop as a network user, however, I get the "System cannot log you in because the domain [our school domain] is not available" message.

I plugged an ethernet cable into the laptop and could log in that way. Once the laptop had the network user settings stored from that wired log in, I unplugged the cable and tried to log in wirelessly. The machine let me in as an offline network user and I saw that the Broadcom Wireless Utility showed none of the wireless VLANs that I had loaded as the laptop's local Administrator.

What gives? On all the Dell laptops I've worked with, loading the wireless settings as the Administrator allows access to them for all other users. How do I make this work?

Thanks so much for any help,
Lev in Brooklyn

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

gravatar
Collapse -

not enough information

by CG IT In reply to Domain not available (Win ...

Bottom line is, the wireless clients can't contact the domain controller and that usually means the client isn't on the same subnet or doesn't have the correct DNS server settings.

gravatar
Collapse -

Symantec blocks network?

by lfruchter In reply to not enough information

Unfortunately, the DNS settings are correct. Remember, the machine joined the network and can connect to the server when I work as the lcoal administrator. Those settings are not carrying over to the wireless login after startup.

One problem MIGHT be Symantec's new Symantec Endpoint Protection which these laptops have instead of the older version on all my other workstations . This SEP has a feature called "Network Threat Protection" which comes installed in the "On" position. Does anyone know if this blocks automatic network settings?

Thanks again, Lev

gravatar
Collapse -

local machine admin account isn't logging on to domain

by CG IT In reply to Symantec blocks network?

that's logging on to the local machine.

To log on to the domain with a domain account, admin or otherwise, you have to authenticate with the AD domain controller. If that isn't available, you either use cached credentials or you get the message windows can't log you in no domain controller available.

Usually, getting that error on a workstation means that the workstation can't find a domain controller [DNS issue] or the workstation doesn't get an address on the correct subnet. Wrong subnet, no communications.

note: Typically, firewalls operate on the principle that outbound traffic and it's return traffic is allowed. Inbound traffic is denied.

gravatar
Collapse -

Uh Huh

by lfruchter In reply to local machine admin accou ...

Yes, that's the situation, but given that the DNS settings are correct, why isn't the laptop using those network settings to locate the domain controller? That's the problem...

gravatar
Collapse -

Still not enough information.

by CG IT In reply to Uh Huh

wired works, wireless doesn't.

given that wireless has security options like encryption type, SSID, user name and password, channel, and even type, you don't mention anything about this.

What about addressing?

Some people think they are connected to a wireless network when in fact they are not. Seen this many times especially with saved profiles.

gravatar
Collapse -

AHA!

by Kenone In reply to Domain not available (Win ...

Make sure that "Network Threat Protection" is turned off on the server. Otherwise it will "Protect" the server from the clients. Nice, huh?

gravatar
Collapse -

NTP on Laptop, not Server

by lfruchter In reply to AHA!

Dear Kenone,

Thanks for taking an interest in my woes. Unfortunately, my server runs good old Symantec AV, not this new Symantec Endpoint Protection that's on these laptops. The SAV on the server doesn't have any Network Threat Protection features or settings. There's no reference to that phrase in the Help files and, of course, it still logs in all the older laptops which use the old SAV.

The historically fumble-prone central tech bureaucracy here configures these laptops and locks down certain applications, even if I log in as the local Administrator. I can't change the NTP settings or remove the SEP through the Add/Remove Programs control panel. Is there a way that I, as the local Administrator, can get into the registry and deactivate the Network Threat Protection settings? I could at least then test whether it's the SEP that's causing this problem. Does anyone know how to do that?

Thanks as ever, Lev

gravatar
Collapse -

Try asking here

by Kenone In reply to NTP on Laptop, not Server

http://www.symantec.com/connect/security/forums

These folks can be a big help. I used to spend half my life there before we got rid of SEP.

gravatar
Collapse -

The Motherlode!

by lfruchter In reply to Try asking here

Thanks Kenone. That's a ton of info. Now, if only the bureacratic higher ups will divulge the password, then I can do something about all this.

gravatar
Collapse -

ping gateway, server...

by Bapster In reply to The Motherlode!

I may have missed this, but can you ping the server, and gateway from the laptop (that is connected through the WAP?)

What IP address and gateway are you pulling on the Laptop? Compare these settings to one of the machines that is hard-wired to the network to assure you are on the same subnet/ip range.

Back to Networks Forum

Start or search

Related Discussions

Related Forums