Article ID: 257346 - View products that this article applies to.
This article was previously published under Q257346
NoticeThis article applies to Windows 2000. Support for Windows 2000 ends on July 13, 2010. The Windows 2000 End-of-Support Solution Center
(http://support.microsoft.com/?scid=http%3a%2f%2fsupport.microsoft.com%2fwin2000)is a starting point for planning your migration strategy from Windows 2000. For more information see the Microsoft Support Lifecycle Policy
On a domain controller, removing Everyone from the Access this computer from the network user right and not replacing it with the appropriate user or group accounts may cause tools not to work. Because the tools do not work, it may be difficult to diagnose and resolve the problem.
When you try to use Active Directory Users and Computers or Active Directory Sites and Services, this error message is displayed:
When you try to use Active Directory Domains and Trusts, this error message is displayed:
Naming information cannot be located because:
Logon attempt failed.
Contact your system administrator to verify that your domain is properly configured and is currently online.
When you add the Group Policy Object snap-in and click another computer, this error message is displayed:
The configuration information describing this enterprise is not available. The logon attempt failed.
When you click DNS Manager, this error message is displayed:
Cannot display objects from this location because of the following error:
Logon failure: unknown user name or bad password.
When you start License Manager, this error message is displayed:
Cannot contact the DNS Server.
When you try to run Dcdiag, this error message is displayed:
To open Licensing, you must be an administrator of the domain on which license information is stored for your network. If you are the server's administrator, use the Licensing option in Control Panel to manage Licensing on this server.
When you use Netdiag, this error message is displayed:
Error: The machine could not attach to the DC because the credentials were incorrect. Check your credentials or specify credentials with /u:domain\user and /p:password
When you try to use Replmon, the domain controllers are not displayed and the following error message is displayed when you click Synchronize Each Directory Partition With All Servers:
DNS Test: Failed DC list test: Failed
When you try to use the Ldp tool to connect and bind to the server, this error message is displayed:
The synchronization of the directory partition (CN=Schema,CN=Configuration,DC=domain,DC=com) failed. This may be because you have insufficient credentials.
When you try to use Repadmin, this error message is displayed:
Failed to bind: Invalid credentials.
When you run Dsacls, this error message is displayed:
LDAP error 49 (Invalid Credentials)
The command failed to complete successfully
The administrator who is logged on locally does not have the Access this computer from the network user right. All of the tools listed in the "Symptoms" section of this article use network API calls to operate; they do not work because they try to access the computer from the network.
To resolve this issue, edit the Gpttmpl.inf file to grant the Access this computer from the network user right for the appropriate users on the domain controller:
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.
Replication does not work if the computer account does not have the Access this computer from the network user right.
For additional information, click the article number below to view the article in the Microsoft Knowledge Base:
249261Also, users cannot log on to the domain if Everyone is missing the "Access this computer through the network" right. If you want to remove the Everyone group, you should replace it with Authenticated Users, Enterprise Domain Controllers, System, and Administrators.
(http://support.microsoft.com/kb/249261/EN-US/ )Replication Does Not Work After Upgrading to Windows 2000