| Author |
Message |
Andy
Guest
|
 Posted:
Mon Jan 17, 2005 5:49 pm Post subject:
AD Controller not properly autenticating, please help! |
|
|
Hi,
PLEASE help! I am having a problem within our AD. We have 2 DC's 1
server 2003and 1 server 2000
The AD in in test at the moment, and was working perfectly. As part of the
build for each server, I have to trash it and rebuild from backup as a DR
test.
I have done that on the 2000 server and it wasn't as smooth as I would have
hoped when restoring AD and system state from tape. But I eventually got to
what I though was normality with it.
Trouble is that all is not well with the 2000 server. It does not appear to
be processing authentication requests properly. When you authenticate
against the 2003 server everything is fine. but when you authenticate against
the 2000 server, you get prompted for login details or get access denied when
mapping to rescources.
PLEASE HELP!
AD appears to be replicating fine between the 2 servers, and the SYSVOL
share also seems to be replicating fine. I have run out of ideas. Any
suggestions GREATLY appreciated!
Many Thanks,
Andy |
|
| Back to top |
|
 |
Chad A. Lacy
Guest
|
| Posted:
Mon Jan 17, 2005 6:13 pm Post subject:
RE: AD Controller not properly autenticating, please help! |
|
|
Andy,
Are your DC's pointing internally for DNS or do you have them pointing to
your ISP for DNS? Your primary DNS server should be your internal DNS
servers. If not, then reorient them and run ipconfig /flushdns to dump your
DNS Resolver cache and then run ipconfig /registerdns to force the machine to
re-register all of the DNS resources.
"Andy" wrote:
| Quote: | Hi Chad,
Many Thanks for your reply. I ran the report and one thing that glared
out at me was that the FRS service said it could not contact the other server
over dns, although i was able to ping the server on its complete dns name.
the servers are primary and secondary wins and dns servers. would you know
why this would cause a problem?
Thanks
Andy
"Chad A. Lacy" wrote:
Andy,
You could have any number of problems. Did you restore this server from tape
to exactly the same hardware? If not, you could run into problems. See
http://support.microsoft.com/kb/263532 for information.
My suggestion as to trying to figure out exactly where your problem is would
be to run a reporting tool from Microsoft called MPS Reports. If you were to
call Microsoft PSS support, this would be the very first thing the support
engineer would have you do. This tool does not make any modifications to your
domain controller. It runs a script with several tools found in the Resource
Kit and packages up the reporting detail into a .CAB file.
Go to
http://www.microsoft.com/downloads/details.aspx?FamilyID=cebf3c7c-7ca5-408f-88b7-f9c79b7306c0&displaylang=en
to download a copy. The one you want is called mpsrpt_dirsvc.exe. This is a
Directory Service version of the tool. Run it and then review all of the
reports looking for errors, warnings, or failures. Primarily, most problems
can been found in either the netdiag report or the dcdiag report.
"Andy" wrote:
Hi,
PLEASE help! I am having a problem within our AD. We have 2 DC's 1
server 2003and 1 server 2000
The AD in in test at the moment, and was working perfectly. As part of the
build for each server, I have to trash it and rebuild from backup as a DR
test.
I have done that on the 2000 server and it wasn't as smooth as I would have
hoped when restoring AD and system state from tape. But I eventually got to
what I though was normality with it.
Trouble is that all is not well with the 2000 server. It does not appear to
be processing authentication requests properly. When you authenticate
against the 2003 server everything is fine. but when you authenticate against
the 2000 server, you get prompted for login details or get access denied when
mapping to rescources.
PLEASE HELP!
AD appears to be replicating fine between the 2 servers, and the SYSVOL
share also seems to be replicating fine. I have run out of ideas. Any
suggestions GREATLY appreciated!
Many Thanks,
Andy
|
|
|
| Back to top |
|
|
Andy
Guest
|
| Posted:
Mon Jan 17, 2005 6:13 pm Post subject:
RE: AD Controller not properly autenticating, please help! |
|
|
Hi Chad,
Many Thanks for your reply. I ran the report and one thing that glared
out at me was that the FRS service said it could not contact the other server
over dns, although i was able to ping the server on its complete dns name.
the servers are primary and secondary wins and dns servers. would you know
why this would cause a problem?
Thanks
Andy
"Chad A. Lacy" wrote:
| Quote: | Andy,
You could have any number of problems. Did you restore this server from tape
to exactly the same hardware? If not, you could run into problems. See
http://support.microsoft.com/kb/263532 for information.
My suggestion as to trying to figure out exactly where your problem is would
be to run a reporting tool from Microsoft called MPS Reports. If you were to
call Microsoft PSS support, this would be the very first thing the support
engineer would have you do. This tool does not make any modifications to your
domain controller. It runs a script with several tools found in the Resource
Kit and packages up the reporting detail into a .CAB file.
Go to
http://www.microsoft.com/downloads/details.aspx?FamilyID=cebf3c7c-7ca5-408f-88b7-f9c79b7306c0&displaylang=en
to download a copy. The one you want is called mpsrpt_dirsvc.exe. This is a
Directory Service version of the tool. Run it and then review all of the
reports looking for errors, warnings, or failures. Primarily, most problems
can been found in either the netdiag report or the dcdiag report.
"Andy" wrote:
Hi,
PLEASE help! I am having a problem within our AD. We have 2 DC's 1
server 2003and 1 server 2000
The AD in in test at the moment, and was working perfectly. As part of the
build for each server, I have to trash it and rebuild from backup as a DR
test.
I have done that on the 2000 server and it wasn't as smooth as I would have
hoped when restoring AD and system state from tape. But I eventually got to
what I though was normality with it.
Trouble is that all is not well with the 2000 server. It does not appear to
be processing authentication requests properly. When you authenticate
against the 2003 server everything is fine. but when you authenticate against
the 2000 server, you get prompted for login details or get access denied when
mapping to rescources.
PLEASE HELP!
AD appears to be replicating fine between the 2 servers, and the SYSVOL
share also seems to be replicating fine. I have run out of ideas. Any
suggestions GREATLY appreciated!
Many Thanks,
Andy
|
|
|
| Back to top |
|
|
Chad A. Lacy
Guest
|
| Posted:
Mon Jan 17, 2005 6:14 pm Post subject:
RE: AD Controller not properly autenticating, please help! |
|
|
Andy,
You could have any number of problems. Did you restore this server from tape
to exactly the same hardware? If not, you could run into problems. See
http://support.microsoft.com/kb/263532 for information.
My suggestion as to trying to figure out exactly where your problem is would
be to run a reporting tool from Microsoft called MPS Reports. If you were to
call Microsoft PSS support, this would be the very first thing the support
engineer would have you do. This tool does not make any modifications to your
domain controller. It runs a script with several tools found in the Resource
Kit and packages up the reporting detail into a .CAB file.
Go to
http://www.microsoft.com/downloads/details.aspx?FamilyID=cebf3c7c-7ca5-408f-88b7-f9c79b7306c0&displaylang=en
to download a copy. The one you want is called mpsrpt_dirsvc.exe. This is a
Directory Service version of the tool. Run it and then review all of the
reports looking for errors, warnings, or failures. Primarily, most problems
can been found in either the netdiag report or the dcdiag report.
"Andy" wrote:
| Quote: | Hi,
PLEASE help! I am having a problem within our AD. We have 2 DC's 1
server 2003and 1 server 2000
The AD in in test at the moment, and was working perfectly. As part of the
build for each server, I have to trash it and rebuild from backup as a DR
test.
I have done that on the 2000 server and it wasn't as smooth as I would have
hoped when restoring AD and system state from tape. But I eventually got to
what I though was normality with it.
Trouble is that all is not well with the 2000 server. It does not appear to
be processing authentication requests properly. When you authenticate
against the 2003 server everything is fine. but when you authenticate against
the 2000 server, you get prompted for login details or get access denied when
mapping to rescources.
PLEASE HELP!
AD appears to be replicating fine between the 2 servers, and the SYSVOL
share also seems to be replicating fine. I have run out of ideas. Any
suggestions GREATLY appreciated!
Many Thanks,
Andy
|
|
|
| Back to top |
|
|
Andy
Guest
|
| Posted:
Tue Jan 18, 2005 9:51 pm Post subject:
RE: AD Controller not properly autenticating, please help! |
|
|
Hi,
Thanks for your info,
The DCs are pointing to a single internal DNS Server (there was 2, but one
of them was the server that was a problem) I have just put a virgin build on
the DC that was causing problems. I have set it back up in AD and all
appears to be ok,
Although in the 2003 DC's event log I have had this
The attempt to establish a replication link for the following writable
directory partition failed.
Directory partition:
CN=Configuration,DC=ntcad,DC=notcutts,DC=co,DC=uk
Source domain controller:
CN=NTDS
Settings,CN=PC8000,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ntcad,DC=notcutts,DC=co,DC=uk
Source domain controller address:
f5a3a121-cc6f-403a-86f2-90578a647d78._msdcs.ntcad.notcutts.co.uk
Intersite transport (if any):
This domain controller will be unable to replicate with the source domain
controller until this problem is corrected.
User Action
Verify if the source domain controller is accessible or network connectivity
is available.
Additional Data
Error value:
8524 The DSA operation is unable to proceed because of a DNS lookup failure.
It only appeared once (and that was a hour ago) I can ping the DC in
question via IP, or dns name.
Does it matter if this appears once, or would it only be a problem if it
continuously appeared?
Thanks
"Chad A. Lacy" wrote:
| Quote: | Andy,
Are your DC's pointing internally for DNS or do you have them pointing to
your ISP for DNS? Your primary DNS server should be your internal DNS
servers. If not, then reorient them and run ipconfig /flushdns to dump your
DNS Resolver cache and then run ipconfig /registerdns to force the machine to
re-register all of the DNS resources.
"Andy" wrote:
Hi Chad,
Many Thanks for your reply. I ran the report and one thing that glared
out at me was that the FRS service said it could not contact the other server
over dns, although i was able to ping the server on its complete dns name.
the servers are primary and secondary wins and dns servers. would you know
why this would cause a problem?
Thanks
Andy
"Chad A. Lacy" wrote:
Andy,
You could have any number of problems. Did you restore this server from tape
to exactly the same hardware? If not, you could run into problems. See
http://support.microsoft.com/kb/263532 for information.
My suggestion as to trying to figure out exactly where your problem is would
be to run a reporting tool from Microsoft called MPS Reports. If you were to
call Microsoft PSS support, this would be the very first thing the support
engineer would have you do. This tool does not make any modifications to your
domain controller. It runs a script with several tools found in the Resource
Kit and packages up the reporting detail into a .CAB file.
Go to
http://www.microsoft.com/downloads/details.aspx?FamilyID=cebf3c7c-7ca5-408f-88b7-f9c79b7306c0&displaylang=en
to download a copy. The one you want is called mpsrpt_dirsvc.exe. This is a
Directory Service version of the tool. Run it and then review all of the
reports looking for errors, warnings, or failures. Primarily, most problems
can been found in either the netdiag report or the dcdiag report.
"Andy" wrote:
Hi,
PLEASE help! I am having a problem within our AD. We have 2 DC's 1
server 2003and 1 server 2000
The AD in in test at the moment, and was working perfectly. As part of the
build for each server, I have to trash it and rebuild from backup as a DR
test.
I have done that on the 2000 server and it wasn't as smooth as I would have
hoped when restoring AD and system state from tape. But I eventually got to
what I though was normality with it.
Trouble is that all is not well with the 2000 server. It does not appear to
be processing authentication requests properly. When you authenticate
against the 2003 server everything is fine. but when you authenticate against
the 2000 server, you get prompted for login details or get access denied when
mapping to rescources.
PLEASE HELP!
AD appears to be replicating fine between the 2 servers, and the SYSVOL
share also seems to be replicating fine. I have run out of ideas. Any
suggestions GREATLY appreciated!
Many Thanks,
Andy
|
|
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in