| Author |
Message |
Joe Topjian
Guest
|
 Posted:
Mon Nov 07, 2005 9:50 pm Post subject:
Authentication |
|
|
Hello -
I have a domain with about 5 domain controllers. Ironically, the DC with
the least amount of resources is the one that seems to be authenticating
users the most.
I tried demoting that DC, but on reboot, several users called and said they
could not log in to the domain any more. Rebooting the client machines did
not help at all, so I ended up promoting the DC again and everyone could log
in fine.
Why are all the client machines trying to use this one and none of the other
DCs? There are a few here and there that use the other DCs, but 90% of the
authentication happens on this particular one.
All DCs are 2003 server but I'm still in 2000 mixed mode -- if that makes a
difference.
Thanks!
-Joe |
|
| Back to top |
|
 |
Pablo Colazurdo
Guest
|
| Posted:
Mon Nov 07, 2005 9:50 pm Post subject:
RE: Authentication |
|
|
There are tons of things to check here ...
what os level are your users running?
Is that DC running the PDC Emulator role?
Check DNS entries for the domain name and SRV records to see if every server
is listed there.
Run dcdiag and netdiag from the support tools to see if there is any problem.
Check the sites configuration to see if those are righlty configured (i.e.
in a standard case all the DCs should belong to the Default-First-Site-Name
site)
hope it helps to find out what is going on.
Pablo
"Joe Topjian" wrote:
| Quote: | Hello -
I have a domain with about 5 domain controllers. Ironically, the DC with
the least amount of resources is the one that seems to be authenticating
users the most.
I tried demoting that DC, but on reboot, several users called and said they
could not log in to the domain any more. Rebooting the client machines did
not help at all, so I ended up promoting the DC again and everyone could log
in fine.
Why are all the client machines trying to use this one and none of the other
DCs? There are a few here and there that use the other DCs, but 90% of the
authentication happens on this particular one.
All DCs are 2003 server but I'm still in 2000 mixed mode -- if that makes a
difference.
Thanks!
-Joe |
|
|
| Back to top |
|
|
Joe Topjian
Guest
|
| Posted:
Tue Nov 08, 2005 1:50 am Post subject:
RE: Authentication |
|
|
Thanks for your reply. The client machines are all Windows XP. The DC is
not the PDC emulator. There's only one site, so that can't be interfering.
The other stuff I will double-check on tomorrow at work to make sure.
Thanks!
-Joe
"Pablo Colazurdo" wrote:
| Quote: | There are tons of things to check here ...
what os level are your users running?
Is that DC running the PDC Emulator role?
Check DNS entries for the domain name and SRV records to see if every server
is listed there.
Run dcdiag and netdiag from the support tools to see if there is any problem.
Check the sites configuration to see if those are righlty configured (i.e.
in a standard case all the DCs should belong to the Default-First-Site-Name
site)
hope it helps to find out what is going on.
Pablo
"Joe Topjian" wrote:
Hello -
I have a domain with about 5 domain controllers. Ironically, the DC with
the least amount of resources is the one that seems to be authenticating
users the most.
I tried demoting that DC, but on reboot, several users called and said they
could not log in to the domain any more. Rebooting the client machines did
not help at all, so I ended up promoting the DC again and everyone could log
in fine.
Why are all the client machines trying to use this one and none of the other
DCs? There are a few here and there that use the other DCs, but 90% of the
authentication happens on this particular one.
All DCs are 2003 server but I'm still in 2000 mixed mode -- if that makes a
difference.
Thanks!
-Joe |
|
|
| Back to top |
|
|
Paul Williams [MVP]
Guest
|
|
| Back to top |
|
|
R Huber
Guest
|
| Posted:
Tue Nov 08, 2005 1:50 pm Post subject:
RE: Authentication |
|
|
I might have a related issue. I have a web page that requires user
authentication. Users put in their AD id and pswd and based on group
membership are able to view the page. However, my problem is when a new user
is created in AD and the "user must change password at next logon" box is
checked they are not prompted to change the password. Any suggestions? They
do not logon to AD with a windows client.
"Joe Topjian" wrote:
| Quote: | Hello -
I have a domain with about 5 domain controllers. Ironically, the DC with
the least amount of resources is the one that seems to be authenticating
users the most.
I tried demoting that DC, but on reboot, several users called and said they
could not log in to the domain any more. Rebooting the client machines did
not help at all, so I ended up promoting the DC again and everyone could log
in fine.
Why are all the client machines trying to use this one and none of the other
DCs? There are a few here and there that use the other DCs, but 90% of the
authentication happens on this particular one.
All DCs are 2003 server but I'm still in 2000 mixed mode -- if that makes a
difference.
Thanks!
-Joe |
|
|
| Back to top |
|
|
Joe Topjian
Guest
|
| Posted:
Wed Nov 09, 2005 5:50 pm Post subject:
Re: Authentication |
|
|
Hi Paul -
The new DC is a GC and the one that I want to replace (but is doing all the
authentication) is not a GC.
"Paul Williams [MVP]" wrote:
|
|
| Back to top |
|
|
Paul Williams [MVP]
Guest
|
| Posted:
Thu Nov 10, 2005 1:51 am Post subject:
Re: Authentication |
|
|
The other thing then is - where are the clients pointing for DNS? Are they
pointing at the box you want to get rid of? They need to point to other DCs
that are going to be online.
--
Paul Williams
Microsoft MVP - Windows Server - Directory Services
http://www.msresource.net | http://forums.msresource.net |
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in