| pkiller 2004-06-18, 1:55 pm |
| We have a Active Directory domain with two domain controllers. Both DC's are on the same subnet. We recently configured our Cisco Catalyst 4000 switch with a layer 3 module and configured vlan interfaces. DCHP is configured and PCs can get valid IP addresses depending on what VLAN they are in. We have 4 computers that cannot login to the domain if they are on a VLAN. They are all the same model HP WX4100 with Windows XP Pro SP1. You can logon to the PC (the domain is authenticating you because you must have the right username and password) but it hangs on 'applying computer settings'. If you unplug the NIC, the PC will continue loading and can traverse the network with no problems. You can ping devices, use nslookup and verify the service records for the domain, etc. If you look at the local administrator's group membership - the PC can't resolve the SIDs. If you remove the PC from the domain and try to re-add it, you get a "semaphore timeout" error message. You put the PC back on vlan 1 and you can join it to the domain without a reboot. Just release/renew the IP and go through the domain join process and it works. I've tried setting the DNS settings manually, I've tried removing and joining from the domain. The only group policy is the default domain policy and the local computer policy. We have several other machines on the same VLAN that have no problem. They are running Windows 98, 2000 and XP. Its only these 4 HP PCs that are having the problem. Anyone have ideas on how to resolve this? I know DHCP/DNS/Active Directory are working because we have machines that are working with no problems. It has to be local to the PC itself but I'm not sure what to do next. Thanks. |