Re: DC Apparently lost authentication to domain
- From: "Ken Eisman" <ken@xxxxxxxxxxxx>
- Date: Wed, 19 Oct 2005 16:57:38 GMT
We own the connection to the remote site, so there is no firewall between
the home and remote sites. There is just a routing switch which doesn't have
the capability to block ports.
Good thought. I wish it were that easy.
Speaking of routing... Could it be a WINS/NetBIOS thing since we are
routing? We're not using WINS because every MS class I ever went to
suggested not using it with AD integrated DNS but I've recently heard that
some things just won't work right without WINS. Any thoughts?
Ken
"Paul Bergson" <pbergson@xxxxxxxxxxxxxxxxx> wrote in message
news:%23Mve$rM1FHA.3188@xxxxxxxxxxxxxxxxxxxxxxx
> First thought that comes to mind is a firewall issue. Just because the
> servers haven't changed doesn't mean someone didn't block some ports on
> you. Check with your firewall folks and see if they made any changes over
> the weekend.
>
> --
>
>
> Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
>
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>
>
> "Ken Eisman" <ken@xxxxxxxxxxxx> wrote in message
> news:8bt5f.4287$BZ5.411@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
>> We have a W2K/2K3 domain. It's been working fine up until this weekend.
>> Now one DC (in a remote site) will not authenticate with the other DC's.
>> Consequently, clients that authenticate with the bad DC cannot access
>> network resources in the home site. They seem to be able to access
>> resources in the remote site without problem.
>>
>> Some examples are:
>> If I try to connect to the event viewer of a good DC from the bad DC, I
>> get an 'access denied' error.
>> If I try to connect to any computer in the good site from any computer in
>> the bad site using the computer browser or 'net use ...', I get 'The
>> target account name is incorrect'
>> If I try to connect using 'net view...', I get 'Error 5 Access is
>> denied.'
>> In ADSS, replication appears to work from the good DC to the bad DC but
>> not from the bad DC to the good DC.
>> DNS on the bad DC gives an error 4015 '....critical error from the Active
>> Director' in the event log.
>> Running netdiag on the bad DC yields very few errors except for this:
>> LDAP test. . . . . . . . . . . . . : Passed
>> [WARNING] Failed to query SPN registration on DC
>> 'adserver.co.matagorda.tx.us'.
>> [WARNING] Failed to query SPN registration on DC
>> 'ptr-svr.co.matagorda.tx.us'.
>> [WARNING] Failed to query SPN registration on DC
>> 'ANTIVIRUS.co.matagorda.tx.us'.
>> (These are all the DCs in the home site.)
>>
>> Based on my search of the MS KB, I've tried using netdom to reset the
>> password and I've checked for duplicate account names , but nothing has
>> helped, so far.
>>
>> I'm not sure what kind of information you may need to help me out. Just
>> ask for it and I will do my best to provide it.
>>
>> Thank You
>>
>> Ken
>>
>
>
.
- Follow-Ups:
- Re: DC Apparently lost authentication to domain
- From: Paul Bergson
- Re: DC Apparently lost authentication to domain
- References:
- DC Apparently lost authentication to domain
- From: Ken Eisman
- Re: DC Apparently lost authentication to domain
- From: Paul Bergson
- DC Apparently lost authentication to domain
- Prev by Date: Re: Group Policy and Local Administrator
- Next by Date: Re: Renaming Admin ID - Making Sys Admins Accountable
- Previous by thread: Re: DC Apparently lost authentication to domain
- Next by thread: Re: DC Apparently lost authentication to domain
- Index(es):
Relevant Pages
|
