Re: DC Apparently lost authentication to domain

First thought that comes to mind is a firewall issue. Just because the
servers haven't changed doesn't mean someone didn't block some ports on you.
Check with your firewall folks and see if they made any changes over the
weekend.

--


Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA

This posting is provided "AS IS" with no warranties, and confers no rights.


"Ken Eisman" <ken@xxxxxxxxxxxx> wrote in message
news:8bt5f.4287$BZ5.411@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> We have a W2K/2K3 domain. It's been working fine up until this weekend.
> Now one DC (in a remote site) will not authenticate with the other DC's.
> Consequently, clients that authenticate with the bad DC cannot access
> network resources in the home site. They seem to be able to access
> resources in the remote site without problem.
>
> Some examples are:
> If I try to connect to the event viewer of a good DC from the bad DC, I
> get an 'access denied' error.
> If I try to connect to any computer in the good site from any computer in
> the bad site using the computer browser or 'net use ...', I get 'The
> target account name is incorrect'
> If I try to connect using 'net view...', I get 'Error 5 Access is denied.'
> In ADSS, replication appears to work from the good DC to the bad DC but
> not from the bad DC to the good DC.
> DNS on the bad DC gives an error 4015 '....critical error from the Active
> Director' in the event log.
> Running netdiag on the bad DC yields very few errors except for this:
> LDAP test. . . . . . . . . . . . . : Passed
> [WARNING] Failed to query SPN registration on DC
> 'adserver.co.matagorda.tx.us'.
> [WARNING] Failed to query SPN registration on DC
> 'ptr-svr.co.matagorda.tx.us'.
> [WARNING] Failed to query SPN registration on DC
> 'ANTIVIRUS.co.matagorda.tx.us'.
> (These are all the DCs in the home site.)
>
> Based on my search of the MS KB, I've tried using netdom to reset the
> password and I've checked for duplicate account names , but nothing has
> helped, so far.
>
> I'm not sure what kind of information you may need to help me out. Just
> ask for it and I will do my best to provide it.
>
> Thank You
>
> Ken
>


.

Relevant Pages

  • Re: [WARNING] Failed to query SPN registration on DC
    ... List of NetBt transports currently bound to the Redir ... [WARNING] ... Failed to query SPN registration on DC ... you mentioned unteaming the NICs. ...
    (microsoft.public.windows.server.active_directory)
  • Re: [WARNING] Failed to query SPN registration on DC
    ... The sites are subnetted very well here with common 10.x.x.x /20 network ... [WARNING] ... Failed to query SPN registration on DC ... you mentioned unteaming the NICs. ...
    (microsoft.public.windows.server.active_directory)
  • RE: NTDS ISAM / NTDS Replication major issues
    ... [WARNING] ... Failed to query SPN registration on DC 'permail.mydomain.com' ... server connections: connect to server permail.mydomain.com ...
    (microsoft.public.windows.server.active_directory)
  • Re: should i install windows xp service pack 2
    ... I don't care about monitoring outbound traffic. ... some Cyber nut or spyware bot has successfully penetrated my ... firewall is very effective at stopping unwanted inbound ... sure if SP2 is or is not warning me about traffic in either ...
    (microsoft.public.windowsxp.general)
  • Re: Why you should use a firewall on Win98
    ... > filtering firewall or indeed any firewall, ... If you like the outbound firewall you can use it. ... With a PFW it's all there and nobody ... message the warning that there is a phising e-mail in my Trashbin once ...
    (comp.security.firewalls)