Question

  • Creator
    Topic
  • #2198655

    Domain not available (Win XP)

    Locked

    by lfruchter ·

    Hey Sages,

    I run a fun little network at a public school with Dell XP workstations and a Dell Win Server 2003. I’ve added new Dell laptops and used Dell workstations to our domain with no problem for about a year now. Recently, I thought I’d save some money and get some 8 HP laptops instead of 6 Dells. I’m now trying to integrate an HP 6535b to our network and it’s driving me nuts!

    I configured its Windows Wireless Network Connection to work with our DNS server — no problem.

    I loaded all our wireless LAN settings into its Broadcom Wireless Utility — no problem; all VLANs are visible and I can surf the WWW.

    As the computer’s Administrator, I joined the computer to our domain — no problem; going through Network Places I can get to my server documents and the machine shows up on the server’s list of workstations.

    When I try to log in on the laptop as a network user, however, I get the “System cannot log you in because the domain [our school domain] is not available” message.

    I plugged an ethernet cable into the laptop and could log in that way. Once the laptop had the network user settings stored from that wired log in, I unplugged the cable and tried to log in wirelessly. The machine let me in as an offline network user and I saw that the Broadcom Wireless Utility showed none of the wireless VLANs that I had loaded as the laptop’s local Administrator.

    What gives? On all the Dell laptops I’ve worked with, loading the wireless settings as the Administrator allows access to them for all other users. How do I make this work?

    Thanks so much for any help,
    Lev in Brooklyn

All Answers

  • Author
    Replies
    • #3021830

      Clarifications

      by lfruchter ·

      In reply to Domain not available (Win XP)

      Clarifications

    • #3021817

      not enough information

      by cg it ·

      In reply to Domain not available (Win XP)

      Bottom line is, the wireless clients can’t contact the domain controller and that usually means the client isn’t on the same subnet or doesn’t have the correct DNS server settings.

      • #3021706

        Symantec blocks network?

        by lfruchter ·

        In reply to not enough information

        Unfortunately, the DNS settings are correct. Remember, the machine joined the network and can connect to the server when I work as the lcoal administrator. Those settings are not carrying over to the wireless login after startup.

        One problem MIGHT be Symantec’s new Symantec Endpoint Protection which these laptops have instead of the older version on all my other workstations . This SEP has a feature called “Network Threat Protection” which comes installed in the “On” position. Does anyone know if this blocks automatic network settings?

        Thanks again, Lev

        • #3021703

          local machine admin account isn’t logging on to domain

          by cg it ·

          In reply to Symantec blocks network?

          that’s logging on to the local machine.

          To log on to the domain with a domain account, admin or otherwise, you have to authenticate with the AD domain controller. If that isn’t available, you either use cached credentials or you get the message windows can’t log you in no domain controller available.

          Usually, getting that error on a workstation means that the workstation can’t find a domain controller [DNS issue] or the workstation doesn’t get an address on the correct subnet. Wrong subnet, no communications.

          note: Typically, firewalls operate on the principle that outbound traffic and it’s return traffic is allowed. Inbound traffic is denied.

        • #2836682

          Uh Huh

          by lfruchter ·

          In reply to local machine admin account isn’t logging on to domain

          Yes, that’s the situation, but given that the DNS settings are correct, why isn’t the laptop using those network settings to locate the domain controller? That’s the problem…

        • #2836540

          Still not enough information.

          by cg it ·

          In reply to Uh Huh

          wired works, wireless doesn’t.

          given that wireless has security options like encryption type, SSID, user name and password, channel, and even type, you don’t mention anything about this.

          What about addressing?

          Some people think they are connected to a wireless network when in fact they are not. Seen this many times especially with saved profiles.

    • #3021701

      AHA!

      by kenone ·

      In reply to Domain not available (Win XP)

      Make sure that “Network Threat Protection” is turned off on the server. Otherwise it will “Protect” the server from the clients. Nice, huh?

      • #2836684

        NTP on Laptop, not Server

        by lfruchter ·

        In reply to AHA!

        Dear Kenone,

        Thanks for taking an interest in my woes. Unfortunately, my server runs good old Symantec AV, not this new Symantec Endpoint Protection that’s on these laptops. The SAV on the server doesn’t have any Network Threat Protection features or settings. There’s no reference to that phrase in the Help files and, of course, it still logs in all the older laptops which use the old SAV.

        The historically fumble-prone central tech bureaucracy here configures these laptops and locks down certain applications, even if I log in as the local Administrator. I can’t change the NTP settings or remove the SEP through the Add/Remove Programs control panel. Is there a way that I, as the local Administrator, can get into the registry and deactivate the Network Threat Protection settings? I could at least then test whether it’s the SEP that’s causing this problem. Does anyone know how to do that?

        Thanks as ever, Lev

        • #2836672

          Try asking here

          by kenone ·

          In reply to NTP on Laptop, not Server

          http://www.symantec.com/connect/security/forums

          These folks can be a big help. I used to spend half my life there before we got rid of SEP.

        • #2836568

          The Motherlode!

          by lfruchter ·

          In reply to Try asking here

          Thanks Kenone. That’s a ton of info. Now, if only the bureacratic higher ups will divulge the password, then I can do something about all this.

        • #2836447

          ping gateway, server…

          by bapster ·

          In reply to The Motherlode!

          I may have missed this, but can you ping the server, and gateway from the laptop (that is connected through the WAP?)

          What IP address and gateway are you pulling on the Laptop? Compare these settings to one of the machines that is hard-wired to the network to assure you are on the same subnet/ip range.

    • #3020758

      I think it’s Symantec.

      by lfruchter ·

      In reply to Domain not available (Win XP)

      Thanks so much for all your interest, everyone. Again, the problem seems to be the laptop’s internal security (Thank you Symantec NTP! Thank you NYC Dept. of Ed.!) preventing the wireless network user from accessing the pre-loaded network settings. There is quite a lot about this on Symantec’s forums. The laptop functions just perfectly when one logs in another way and then accesses the wireless networks. (IP addresses and everything are perfect.)

      So unless anyone has some clues for getting around Symantec’s NTP, I’ll let you know how it turns out.

      Thanks again,
      Lev

Viewing 3 reply threads