Logon May Not Succeed After Rejoining a Windows 2000 Domain Using Netdom and an Explicit Organizational Unit (257986)



The information in this article applies to:

  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server

This article was previously published under Q257986

SYMPTOMS

You may not be able to log on to a Windows 2000-based domain after you join the domain by using the Netdom tool from the Microsoft Windows 2000 Resource Kit and specifying an explicit organizational unit, remove yourself from the domain, and then join the domain again by specifying the same organizational unit.

CAUSE

This problem occurs because the new machine account password that is generated the second time you join the domain is not set on the domain controller. You cannot log on because the machine account password from the initial join is still stored on the domain controller and does not match the password from the second join. Therefore, the workstation cannot set up a secure channel for authentication.

RESOLUTION

To resolve this problem, obtain the latest service pack for Windows 2000. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

260910 How to Obtain the Latest Windows 2000 Service Pack



STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.

This problem was first corrected in Windows 2000 Service Pack 1.

Modification Type:MinorLast Reviewed:6/1/2006
Keywords:kbbug kbfix kbWin2000SP1Fix kbHotfixServer kbQFE KB257986