Re: DC Apparently lost authentication to domain

Tech-Archive recommends: Fix windows errors by optimizing your registry

Try running netdiag, repadmin and dcdiag. Look for fail, error and warning
errors.

If you don't have the tools installed load them from your install disk.

d:\i386\adminpak.msi (Server tools for remote management of servers)
d:\support\tools\setup.exe (Server Utilities)

Copy the following to a cmd file and run look for error, fail and warn
within the reports. Post any errors you can't figure out. make sure you
modify DC_Name to the name of a dc in your domain.

@echo off

c:
cd \
cd "program files\support tools"

del c:\dcdiag.log
dcdiag /e /c /v /s:DC_Name /f:c:\dcdiag.log
start c:\dcdiag.log

netdiag.exe /v > c:\netdiag.log
start c:\netdiag.log

repadmin.exe /showrepl dc* /verbose /all /intersite > c:\repl.txt
start c:\repl.txt


See for more details

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/TechRef/1d4ce93c-54f2-4069-a708-251509c38837.mspx

--


Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA

This posting is provided "AS IS" with no warranties, and confers no rights.


"Ken Eisman" <ken@xxxxxxxxxxxx> wrote in message
news:6Wu5f.2715$dO2.1229@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> We own the connection to the remote site, so there is no firewall between
> the home and remote sites. There is just a routing switch which doesn't
> have the capability to block ports.
>
> Good thought. I wish it were that easy.
>
> Speaking of routing... Could it be a WINS/NetBIOS thing since we are
> routing? We're not using WINS because every MS class I ever went to
> suggested not using it with AD integrated DNS but I've recently heard that
> some things just won't work right without WINS. Any thoughts?
>
> Ken
>
> "Paul Bergson" <pbergson@xxxxxxxxxxxxxxxxx> wrote in message
> news:%23Mve$rM1FHA.3188@xxxxxxxxxxxxxxxxxxxxxxx
>> First thought that comes to mind is a firewall issue. Just because the
>> servers haven't changed doesn't mean someone didn't block some ports on
>> you. Check with your firewall folks and see if they made any changes over
>> the weekend.
>>
>> --
>>
>>
>> Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
>>
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights.
>>
>>
>> "Ken Eisman" <ken@xxxxxxxxxxxx> wrote in message
>> news:8bt5f.4287$BZ5.411@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
>>> We have a W2K/2K3 domain. It's been working fine up until this weekend.
>>> Now one DC (in a remote site) will not authenticate with the other DC's.
>>> Consequently, clients that authenticate with the bad DC cannot access
>>> network resources in the home site. They seem to be able to access
>>> resources in the remote site without problem.
>>>
>>> Some examples are:
>>> If I try to connect to the event viewer of a good DC from the bad DC, I
>>> get an 'access denied' error.
>>> If I try to connect to any computer in the good site from any computer
>>> in the bad site using the computer browser or 'net use ...', I get 'The
>>> target account name is incorrect'
>>> If I try to connect using 'net view...', I get 'Error 5 Access is
>>> denied.'
>>> In ADSS, replication appears to work from the good DC to the bad DC but
>>> not from the bad DC to the good DC.
>>> DNS on the bad DC gives an error 4015 '....critical error from the
>>> Active Director' in the event log.
>>> Running netdiag on the bad DC yields very few errors except for this:
>>> LDAP test. . . . . . . . . . . . . : Passed
>>> [WARNING] Failed to query SPN registration on DC
>>> 'adserver.co.matagorda.tx.us'.
>>> [WARNING] Failed to query SPN registration on DC
>>> 'ptr-svr.co.matagorda.tx.us'.
>>> [WARNING] Failed to query SPN registration on DC
>>> 'ANTIVIRUS.co.matagorda.tx.us'.
>>> (These are all the DCs in the home site.)
>>>
>>> Based on my search of the MS KB, I've tried using netdom to reset the
>>> password and I've checked for duplicate account names , but nothing has
>>> helped, so far.
>>>
>>> I'm not sure what kind of information you may need to help me out. Just
>>> ask for it and I will do my best to provide it.
>>>
>>> Thank You
>>>
>>> Ken
>>>
>>
>>
>
>


.

Relevant Pages

  • Re: Okay, what now?? Cannot publish -- now this is really strange
    ... If this fails to help then ask your host to run a Server Health Check on ... But -- I could see the remote site in FP. ... publish four new pages and three new photos. ... window; local website is in the left-side window. ...
    (microsoft.public.frontpage.programming)
  • RE: VPN Router query
    ... remote site to windows 2003 server on the main site. ... Then the SBS and Windows member server also connect to the switch. ... server and paste the results to the newsgroup. ...
    (microsoft.public.windows.server.sbs)
  • Re: Error 1054
    ... instead the remote site user will still use the ... Exchange server, the issue should be caused by the group policy is blocked ... Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)
  • Re: Windows 2000 Server Replication Problem
    ... Just because you can ping a remote site doesn't mean that you can ... If you don't have the support tools installed, install them from your server ... Run dcdiag, netdiag and repadmin in verbose mode. ... I am having windows server 2000 Replication problem as follows ...
    (microsoft.public.win2000.active_directory)
  • Re: Another additional DC question
    ... The Phone is not VOIP so PTP T1 should be ok. ... Secondary DNS at the remote site would better suited for keeping the ... have their own T1 for internet and both are protected by ISA Server 2006. ... Clients use VPN, why not have them log on to the domain that Site A hosts. ...
    (microsoft.public.cert.exam.mcse)