Re: Default Domain Policy vs Default Domain Controller Policy

In article <ecKO#xsxFHA.464@xxxxxxxxxxxxxxxxxxxx>, n9rou@nospam-
comcast.net says...
> You need to make sure that auditing of "account logon" events is enabled in
> for both success and failure in Domain Controller Security Policy. It sounds
> like it was set to undefined for at least failure if enabling it in Domain
> Security Policy got it to work. You will find the Resultant Set of Policy
> mmc snapin on the domain controller in logging mode helpful to find out what
> Group Policy settings are applied to the computer and it should show the GPO
> that is applying a particular setting. It would make do difference if you
> were logging on from a domain workstation as all domain user accounts are
> authenticated by a domain controller and a logon failure to the domain
> should generate a failed "account logon" event in the security log of the
> domain controller used for authentication. Since you seem to be experiencing
> problems and time lags I would verify that dns is correct in that your only
> domain controller points ONLY to itself as it's preferred dns server by it's
> static IP address as shown via ipconfig /all. Then check the system,
> application, etc, logs for anything that may be related and run the support
> tools netdiag, dcdiag, and gpotool on your domain controller to see if a
> problem is found. The support tools are on the install disk in the
> support/tools folder where you need to run the setup program there. ---
> Steve

Yeah, I had verified that it was not undefined or obviously
misconfigured prior to writing my original post. Very strange, I know.
I'm still at a loss for that one. However, the DNS issue was something
that I needed to look at. Windows Server 2003 had installed DNS services
by default and I had just never got around to configuring them. Not that
there is really anything to configure DNS for as I am just on a single
PDC that isn't on a network, nor has there been a chapter about how to
configure DNS during my studies so far. I glanced over the DNS
configuration and, luckily for me, it turned out to be pretty self-
explanitory. Once I setup DNS the annoying pauses between Active
Directory operations vanished. Thanks for the suggestion! You were right
on!
.

Relevant Pages

  • Remote Branch DC wont Replicate With Corporate DC
    ... Active Directory could not resolve the following DNS host name of the source ... domain controller to an IP address. ... 'Event' is not recognized as an internal or external command, ... operable program or batch file. ...
    (microsoft.public.windows.server.dns)
  • RPC Endpoint Mapper Error
    ... We are adding our first Windows 2003 Domain Controller to a Windows ... I checked DNS entries with articles from Microsoft on ... PASS - All the DNS entries for DC are registered on DNS server ... List of NetBt transports currently bound to the Redir ...
    (microsoft.public.win2000.active_directory)
  • Re: Replication event errors
    ... PASS - All the DNS entries for DC are registered on DNS server ... But as a test I manually added a dns alias for Domain controller: ... Active Directory failed to construct a mutual authentication service ... computer name of the source domain controller. ...
    (microsoft.public.windows.server.active_directory)
  • Re: the system cannot log you on now because the domain <domain>is not available
    ... What I would suggest trying, at least temporarily, is to open Domain Controller ... The other main concern is that dns is configured correctly for the whole domain. ... controllers running dns with the AD domain zone and NEVER an ISP dns server anywhere ... > event log showed teh failed attempts at locating the DC. ...
    (microsoft.public.windows.server.networking)
  • Re: Active Directory could not resolve DNS host name
    ... Best practices for DNS client settings in Windows 2000 Server and in Windows ... How to Verify the Creation of SRV Records for a Domain Controller ... Active Directory could not resolve the following DNS host name of the ...
    (microsoft.public.windows.server.active_directory)