Microsoft KB Archive/62363

= Troubleshooting Netlogon Service Problems =

Article ID: 62363

Article Last Modified on 9/30/2003

-

APPLIES TO


 * Microsoft LAN Manager 2.0 Standard Edition
 * Microsoft LAN Manager 2.1 Standard Edition
 * Microsoft LAN Manager 2.1a
 * Microsoft LAN Manager 2.2 Standard Edition

-



This article was previously published under Q62363



SUMMARY
This article lists some common items to check if the Netlogon service is not working properly.



MORE INFORMATION
 What is the accounts security setting in NET ADMIN?

Netlogon does not operate on servers that declare themselves as STANDALONE. Is there a group called SERVERS?

The group must be called SERVERS; there is no choice. If this is the primary domain controller, is there already a domain controller for this domain?

Check this by doing a NET WHO, which searches for a domain controller. A domain can have only ONE domain controller. If this is not the primary, be careful. On the primary, the group SERVERS must contain every server that participates in the domain That means adding an account for each server with the server's name and password (not required). Also, each member and backup machine must add the primary's name and its own name to the group SERVERS.

IMPORTANT NOTE: The password that was used at the primary for the primary's account and each member account must be the SAME password used on each member and backup machine. Even though Netlogon works within OS/2 LAN Manager, it uses passwords for its validation schemes. In fact, Netlogon changes the passwords for the backup, member, and primary about once a week for an extra layer of security. Therefore, it is NOT recommended that you use your machine account as your own personal account because the password is frequently changed.

Example

On the primary, enter these commands:

net user Primary_machine password /add

net user Member_machine newpass /add

net user Backup_machine raquelpass /add

net group servers /add

net group servers Primary_machine Member_machine Backup_machine /add

On the backup, enter these commands:

net user Primary_machine password /add

net user Backup_machine raquelpass /add

net group servers /add

net group servers Primary_machine Backup_machine /add

On the member, enter these commands:

net user Primary_machine password /add

net user Member_machine newpass /add

net group servers /add

net group servers Primary_machine Member_machine /add

 Check the times between the primary and the rest of the domain. Netlogon does not propagate the NET.ACC file if the machines have a time difference of more than 10 minutes.

This item is not necessary under LAN Manager 2.1A and later. If none of these solutions works, rename the NET.ACC file and use the MAKEACC utility to create new user accounts. The syntax for MAKEACC is:

MAKEACC

where is the maximum number of users for which you are able to create accounts, and is the path where your OS/2 LAN Manager software resides (for example, C:\LANMAN).

Please note that MAKEACC is available only to OEMs, so it is not included on packaged product disks. Another way to create a new NET.ACC file is to install OS/2 LAN Manager from scratch. Please note that it is dangerous to simply copy a new NET.ACC file onto a server, since security information also resides in local ACLs. You need to use the BACKACC and RESTACC utilities to periodically back up and restore the NET.ACC file, since these utilities also handle ACLs that exist on files. See the &quot;Microsoft Operating System /2 LAN Manager Administrator's Guide&quot; for more information on how to use these utilities.

You can also look n the \LANMAN\ACCOUNTS directory for the NETACC.BAK file---an older copy of your NET.ACC file. You can rename this file to NET.ACC and use it for the NETLOGON service.

It is more convenient than the original NET.ACC on the diskette as it probably contains most of your UAS.</li></ol>

Additional query words: 2.00 2.10 2.10a 2.20

Keywords: KB62363

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.