Troubleshooting Internet Service Provider Login Problems
Microsoft Knowledge Base Article: 161986 - This article describes how to troubleshoot Internet service provider (ISP) logon problems. This article discusses only logon problems, not modem or dialing problems. For information about modem or dialing problems, see the following
Troubleshooting Netlogon Event 5774, 5775, and 5781
Microsoft Knowledge Base Article: 259277 - One or more error messages may be logged in the System event log if the Netlogon service registration or deregistration process does not succeed. This article describes these error messages and offers some troubleshooting
A User May Experience a Slow Logoff Process Because of an Open Registry Handle in the Classes Hive
Microsoft Knowledge Base Article: 319909 - The first user who logs on to a workstation after the computer is restarted may experience slow logoff times (more than 60 seconds). When this problem occurs, the Userenv.log file contains entries that are similar to: USERENV(76c.818) 13:06:00:133...
A Windows 2000 Client Authenticates with the Primary Domain Controller Operations Master After a Password Change
Microsoft Knowledge Base Article: 268518 - In typical operations, a Windows 2000-based domain user should be authenticated by the "closest" domain controller in the domain. This is usually a domain controller that is located in the same site as the client. The mechanism that controls
behavior is described in the Windows 2000 Distributed System
Guide. However, in some cases, the authentication takes place
with the primary domain controller operations master (also known
as flexible single-master operations or FSMO) for the domain, even
if it is in a site that is physically remote from the client.
Access Violation When Running the Network Identification Wizard
Microsoft Knowledge Base Article: 255569 - When you run the Network Identification Wizard prior to logon, your computer may silently restart or you may receive an "access violation" error message in
Account Lockout Because BadPasswordCount Not Reset to 0
Microsoft Knowledge Base Article: 263821 - User accounts may get locked out in a mixed environment with Windows 2000-based domains and Microsoft Windows NT 4.0-based domains.
Cannot Log Off Current User in Windows
Microsoft Knowledge Base Article: 228801 - When you click Start, click Shut
Down, and then click Log Off User, you may be logged on
again without a password prompt.
Cannot Logon After Changing Keyboard Settings
Microsoft Knowledge Base Article: 138354 - You have configured your U.S. version of Windows NT with a foreign language keyboard layout and you have extended characters in your password. After changing your password, you cannot log on.
Citrix ICA Client Automatic Logon Domain Name Not Filled In
Microsoft Knowledge Base Article: 291528 - Windows 2000 does not place the domain name in the logon dialog box for a remote Citrix ICA session if the user name is
to Log On to Domain in the Absence of Domain Controllers
Microsoft Knowledge Base Article 263108 - Using a Microsoft
Windows 2000 client, you may be unable to log on to a domain with
Microsoft Windows NT 4.0 domain controllers after the demotion of
the last remaining Windows 2000 Active Directory domain
Domain Logon Script Fails to Run
Microsoft Knowledge Base Article: 142672 - When you log on to a Windows NT domain from a computer running Windows 95, your logon script may not run, you may get no indication of the error, and none of the logon script gets processed.
Domain Users Cannot Join Workstation or Server to a Domain
Microsoft Knowledge Base Article: 251335 - When you attempt to join a Windows 2000, or a Window XP domain, from a computer running Windows NT 4.0 Workstation or Windows NT 4.0 Server, the following error message may be displayed:
Error Messages About User Profile Appear in Several Logon Situations
Microsoft Knowledge Base Article: 289158 - Under the following circumstances, a user may encounter several error messages that concern profiles:
Error Message: The Local Policy of This System Does Not Permit You to Log on Interactively
Microsoft Knowledge Base Article: 276590 - When you add a group, such as, Domain Users, Everyone, or Authenticated Users, to the "Deny Logon Locally" user right, users that are members of those groups can no longer log on to certain computers. When a user tries to log on to the computer
the user may receive the following error message: The
Local policy of this system does not permit you to log on
interactively. The administrator of your system may find
this behavior to be unexpected.
Error Message: The Account Is Not Authorized to Login from This Station
Microsoft Knowledge Base Article: 281648 - When you attempt to join a Windows 2000-based computer to a Microsoft Windows NT 4.0-based domain, you may receive the following error
message: The following error occurred
attempting to join the domain "domainname": The account
is not authorized to login from this station.
Error Message When You Log On to Windows 2000 Using IPX
Microsoft Knowledge Base Article: 260399 - When you attempt to log on to a Windows 2000 domain or a mixed Windows 2000\Microsoft Windows NT 4.0 domain, you may receive the following error message:
The domain password you supplied is not
correct, or access to your logon server has been denied.
This problem may be intermittent in a mixed environment (Windows
2000/Windows NT 4.0), because Windows NT 4.0 does not exhibit this
Interactive Logon Allows Unauthorized Actions in Desktop Process
Microsoft Knowledge Base Article: 260197 - If you interactively log on to a computer running Windows 2000, you may be able to perform unauthorized actions because of a security
Home Folder Mappings to Down-Level Servers May Not Work During Logon
Microsoft Knowledge Base Article: 308580 - If a user's home folder is mapped to a network drive on a downlevel Server Message Block (SMB - server, the drive may not connect during the logon process.
Kerberos Authentication May Not Work If User Is a Member of Many Groups
Microsoft Knowledge Base Article: 280830 - If a user is a member of many groups either directly or because of group nesting, Kerberos authentication may not work. The Group Policy object (GPO) may not be applied to the user and the user may not be validated to use network
Local Security Policy Does Not Enable a User to Locally Log on to System
Microsoft Knowledge Base Article: 285548 -
When you attempt to locally log on to a Microsoft Windows 2000-based computer, you may receive the following error
message: The local policy of this system
does not permit you to logon interactively. Network access,
however, to the computer is still available, and the Domain
security policy that disables the log on to the local computer is
Logged-On Users May Not Be Authenticated to Services After KRBTGT Password Change
Microsoft Knowledge Base ArticleQ295083 - After a change in the password for the KRBTGT account (the account that is used for Kerberos authentication), users who are currently logged on may begin to experience unsuccessful authentication to some
Logging on to a Domain Does Not Work From a Windows 2000-Based RAS Client
Microsoft Knowledge Base Article: 269119 - When you try to log on to a domain from a Windows 2000-based Remote Access Services (RAS) client by using Dial-Up Networking, you are logged on with cached credentials. This problem may result in logon scripts that do not run, and also may
prevent access to group policies, roaming profiles, and home
Logon Banner Can Be Dismissed Without User Action
Microsoft Knowledge Base Article: 274190 - In Windows 2000, you can configure a logon banner to be displayed before the prompt for logon credentials. If a user presses CTRL+ALT+DELETE, the logon banner is displayed in a message box with
an OK button at the bottom. If a user does not click the OK
button, the logon box is automatically dismissed after two minutes
and the prompt for logon credentials is displayed.
Logon Behavior of a User Account with an Appended Dollar Sign
Microsoft Knowledge Base Article: 314898 - When a user account
name with a dollar sign ($) appended to it exists in the Active
Directory (such as "testuser$"), a logon attempt with the account
succeeds even if the dollar sign is not appended ("testuser"). The
exception to this rule is the case where two user accounts exist
as "testuser" and "testuser$". In that case, the logon attempt
without the dollar sign appended only succeed for the actual "testuser"
Logon Error Message Reports, 'No Domain Controller Found or Domain Does Not Exist'
Microsoft Knowledge Base Article: 290129 - When you attempt to log on to a Microsoft Windows 2000-based domain from a non-Windows 2000-based client computer, you may receive the following error
message: No Domain controller found or
domain does not exist. This behavior can occur when use of
NetBIOS over TCP/IP is not enabled on the client computer.
Logon Process Hangs After Encrypting Files on Windows 2000
Microsoft Knowledge Base Article: 269397 - After you encrypt files on your Windows 2000-based computer, the computer may stop responding (hang) during the logon process. When this occurs, no users can log on to the
Logon Time Restrictions Prevent Users on Windows NT 4.0 from Remotely Accessing Windows 2000
Microsoft Knowledge Base Article: 263006 - In an environment with a Microsoft Windows NT 4.0-based primary domain controller (PDC) and Windows 2000-based computers, non-administrative users who are logged on to Windows NT 4.0-based computers may not be able to gain access to
Windows 2000 resources remotely.
Logon Time Restrictions Prevent Users on Windows 95/98 or Windows NT 4.0 from Remotely Accessing Windows 2000 Resources
Microsoft Knowledge Base Article: 263006 - In an environment with a Microsoft Windows NT 4.0-based primary domain controller (PDC) and Microsoft Windows 2000-based computers, non-administrative users who are logged on to Windows NT 4.0-based computers may not be able to gain access
Members of an Extremely Large Number of Groups Cannot Log On to the Domain
Microsoft Knowledge Base Article: 306259
- When a Windows 2000 account belongs to a large number (over 1,000) of groups, the Security Account Manager (SAM) requires a large amount of time to do the group evaluation during account logon.
During this time, the administrator cannot recover the domain
controller because the administrator will have a token that has
more than 1,024 security identifiers (SIDs), and Local Security
Authority (LSA) will ultimately fail the logon because of too many
SIDs. Also, the failure will take a long time to appear because of
the increased SAM activity.
Netlogon Service Does Not Start, Event Viewer Records Event IDs 2114 and 7024
Microsoft Knowledge Base Article: 269375 - When you start your Windows 2000 Server-based computer, the Netlogon service does not start, even though the "Startup type" is set to "automatic". Event Viewer logs the following errors:
No Username on Initial Logon to Windows NT
Microsoft Knowledge Base Article: 106523 - If you install Windows NT and do not create any local user accounts, the Username field on the Welcome screen will be blank when you start Windows NT the first time. To log on, you must log on as either a guest or the administrator, using the
Policy Restrictions on Drives Cause Unnecessary Error Message at Logon and in File Dialog Box
Microsoft Knowledge Base Article: 270037 - When the "Prevent access to drives from My Computer" policy is applied, you receive the following error message during the logon
process: This operation has been cancelled
due to restrictions in effect on this computer. Please contact
your system administrator Also, when this policy is
applied, you see the same error message twice if you click a drive
in My Computer.
Registry Handles Leaked in Winlogon When Canceling Drive Reconnect Dialog Box
Microsoft Knowledge Base Article: 266655 - When Windows 2000 is attempting to reconnect user-mapped drives during the logon process, a dialog box that you can use to cancel the operation is displayed. If, during this process, a drive is not available and you click
Cancel, Windows 2000 may leak registry event handles
The Administrator Profile Takes Longer to Load Than a Power User Profile
Microsoft Knowledge Base Article: 259787 - When you log on as an administrator, you may experience the following
"The Net Logon Service Hung on Starting" Is Recorded in the System Even Log After You Run Dcpromo.exe
Microsoft Knowledge Base Article: 315951 - After you run the Dcpromo.exe tool and restart the computer, the following information may be logged in the System event log on the new domain
Trusted Domains Do Not Appear in the Available List for Domain Logon or Setting Security Permissions
Microsoft Knowledge Base Article: 310611 - When logging on to a Windows 2000 domain, other trusted domains (for both Windows 2000 and Windows NT 4.0 domains - are not displayed in the drop-down list of available logon options, and the only domain logon option that is available is
for is the one to which you, the currently-logged on user,
belongs. Also, when trying to add or change security permissions
by clicking Add on the Security tab, the current
domain is the only domain choice that is displayed in the Look in
Unable to Log on if the Boot Partition Drive Letter Has Changed
Microsoft Knowledge Base Article: 249321 - After you try to log on to your Windows 2000-based computer by using a valid user name and password,
Loading your personal settings dialog box is displayed,
followed by the Saving your settings dialog box. However,
the desktop does not appear, and the Welcome to Windows
logon screen is displayed again.
Users Cannot Log On to the Domain After Password Changes on a Remote Domain Controller
Microsoft Knowledge Base Article: 318364 - After you change a user
account password on a remote domain controller that holds the
primary domain controller (PDC) Flexible Single Master Operation (FSMO)
role, the user may not be able to log on to a local domain
controller by entering the new password. However, the user may
still be able to log on to the domain by using their previous
User Is Not Alerted When Logging On with Cached Credentials
Microsoft Knowledge Base Article: 242536 - When you attempt to log on to a domain from a Windows 2000-based workstation or member server and a domain controller (DC) cannot be located, no error message is displayed. Instead, the you are logged on to the local computer using cached
Windows 2000 Member Computers Always Authenticate with PDC in NT 4.0 Domain
Microsoft Knowledge Base Article: 272348 - Windows 2000-based host computers that are joined to a Microsoft Windows NT 4.0-based domain may always establish a secure channel with the primary domain controller
Windows 2000 Does Not Support Windows NT 4.0 Directory Replication
Microsoft Knowledge Base Article: 248358 - You can configure Microsoft Windows NT 4.0 and earlier to synchronize the contents of the Netlogon shares on each of the domain controllers (DCs - in a domain. This functionality is called LanMan Directory Replication (LMRepl).
Windows 2000 is not backwards compatible with this functionality.
It has been replaced with the File Replicator service (FRS). FRS
and LanMan Directory Replication cannot be configured to replicate
or synchronize with each other. In a Mixed-mode environment, you
may need to keep data synchronized between new Windows 2000-based
DCs and the remaining down-level DCs. A Microsoft Windows 2000
Resource Kit utility named Lbridge.cmd is available to perform
Windows 98 Clients Are Unable to Log On to Windows 2000 Domain: 'This Device Does Not Exist on the Network'
Microsoft Knowledge Base Article: 285951 - After you upgrade a Microsoft Windows NT 4.0-based primary domain controller (PDC) to be a Microsoft Windows 2000-based Active Directory domain controller, clients running Microsoft Windows 98 clients may not be able to log on to the Window
2000-based domain. They may receive the following error messages: This
device does not exist on the network. The domain password you
supplied is incorrect or access to your logon server has been
You May Experience Logon Delay After Installing Directory Services Client on Windows 95 or Windows 98
Microsoft Knowledge Base Article After you install the Windows 2000 Directory Services client for Windows 95 or Windows 98, you may experience a 15 seconds delay when you log on to the domain.