User May Be Authenticated by Wrong Domain

ID: Q227904

The information in this article applies to:
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Datacenter Server
  • Microsoft Windows 2000 Professional
  • Microsoft Windows 2000 Server

SYMPTOMS

When you log on to a Windows 2000 domain, you may receive either or both of the following error messages:

  • Logon Denied--The password is incorrect. Please retype your password. Letters in passwords must be typed using the correct case. Make sure that Caps Lock key is not accidentally on.


  • The Local policy of this system does not permit you to log on interactively.



CAUSE

This behavior can occur if two domain controllers are promoted using Dcpromo.exe with identical domain names, and both domain controllers are installed as the first domain controller for the specified domain.

You cannot reliably configure two separate domains with the same name. Because both domains register with DNS, there is no way to control which name is resolved to the client.


RESOLUTION

Two resolve this issue, use either of the following methods:

  • Remove one of the domains with the identical name.


  • Using Dcpromo.exe, demote all the domain controllers in the second domain, then use Dcpromo.exe to promote these computers to be domain controllers in the original domain.



STATUS

Microsoft has confirmed this to be a problem in the Microsoft products listed at the beginning of this article.

Additional query words:

Keywords : kbenv kberrmsg ntdomain
Version : WINDOWS:2000
Platform : WINDOWS
Issue type : kbprb


Last Reviewed: December 29, 1999
© 2000 Microsoft Corporation. All rights reserved. Terms of Use.