Many factors go into determining which Domain Control will validate a logon. Here is a number of methods that help insure that a specific Domain Controller on a local sub-net validates the logon:

1. Use Regedt32.exe to browse:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NetBT\Parameters

Edit or Add Value the following type REG_DWORD values:

NodeType - set to a 4 (m-node/mixed node).
EnableLMHOSTS set to a 1 to enable LMHOSTS.

2. Use a true ASCII editor like Edit from a cmd prompt (not NotePad) to edit:

%SystemRoot%\system32\drivers\etc\LMHOSTS (you may need to copy LMHOSTS.SAM) and add an entry at the top for the BDC:

IP_ADDRESS_OF_BDC "DOMAINNAME \0x1C" #PRE where the entire entry in quotes is exacly 20 characters.

Make sure there are a few (3 or 4) blank lines at the bottom of the file.

Then type NBTSTAT -R (use exact case) to reload the LMHOSTS file and NBTSTAT -c to verify that the 1C entry is in the cache.

You can either reboot the client or use NLTEST or NETDOM from


NLTEST /SC_QUERY:<DOMAINNAME> to check and NLTEST /SC_RESET:<DOMAINNAME> to reset the secure channel.

NETDOM /Domain:<DOMAINNAME> MEMBER <YourComputer> /JOINDOMAIN to reset the secure channel.