Re: Random Authentication Requests

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

Hi Guys,

Thanks for your responses. Well, I can rule out for sure any kind of
firewall issue. Should I try and print to any printer attached to that DC I
get errors, although this is likely to be my machine giving me errors, I
haven't bounced it in some time. I also see random domain login prompts
every now and again. I enter my credentials and I'm fine. Additionally, as
you'll see from a posting below, I'm seeing 1373 and 1528 errors in one of
my DC event logs. If I query this DC using any of the replication tools,
they reject my request until I parse it the box my username and password.

Both boxes have been bounced since this started happening however, with
netlogon services restarted in-between. Any further help gratefully
received!

Many Thanks,
Sian.


"Herb Martin" <news@xxxxxxxxxxxxxx> wrote in message
news:%239T58eBTGHA.5736@xxxxxxxxxxxxxxxxxxxxxxx
"Orbital" <sian.clarke@xxxxxxxxxxxxxxxxxxx> wrote in message
news:%23LhsAudSGHA.4384@xxxxxxxxxxxxxxxxxxxxxxx
Hi All,

Can anyone advise why one of my DC's intermittently prompts for users
login credentials? I believe this authentication issue is now affecting
replication throughout the domain- if I run a REPADMIN query against this
DC I have to enter it with username and password credentials, as where
all my other DC's run successfully with my logged on details. I've
restarted the NETLOGON service to no effect and I'm seeing nothing
significant in my logs, apart from NTDS Inter-site Messaging 1373 and
1528 messages in my Directory Service log.

I think Andrei's response (this thread) may be on the right
track because the "DC" does NOT (in general) ever prompt
for credentials -- applications do that and then arrange
authentication with the accounts database (e.g., the DC.)

Even logging onto a machine is handled by an 'application'
known as the GINA (Graphical Identification and Authentication).

Most people think of the GINA as part of the OS but technically
it can be replaced.

Web requests that require authentication are PROMPTED by
the Browser due to some failure or rejection from the Web server
OR from an intermediate Firewall-Proxy (e.g., ISA Server) as
Andrei has suggested.

What specifically is causing and displaying the prompts?
(What type of activity and which application is being used.)

Specifically what does the dialog say, and what are the
messages involved?


--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]



Any help gratefully received,
Orb.





.

Relevant Pages

  • Re: Windows Authentication Timeout
    ... If you want to force the cached credentials in Internet Explorer to expire, ... | Subject: Re: Windows Authentication Timeout ... | because IIS first prompts the client, then my VB code in .NET prompts the ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Random Authentication Requests
    ... Can anyone advise why one of my DC's intermittently prompts for users ... I believe this authentication issue is now affecting ... DC I have to enter it with username and password credentials, ... the Browser due to some failure or rejection from the Web server ...
    (microsoft.public.win2000.active_directory)
  • Forcing authentication with a specific DC
    ... Firewall authentication at site A is required for internet ... Firewall uses domain credentials for ... >specific domain controller, that domain controller ...
    (microsoft.public.win2000.security)
  • Re: Windows Integrated and the domain name
    ... Windows Integrated authentication does NOT allow you to set the ... why would the client do this? ... automatically authenticate with the current logged-in credentials ... If you want to avoid login prompts, ...
    (microsoft.public.inetserver.iis.security)
  • Re: Windows Integrated Authentication - weird issue
    ... I have IIS's authentication set to Windows Integrated ... credentials, it prompts for a login. ... Does anyone know how this other laptop outside of the domain is capable to ...
    (microsoft.public.inetserver.iis.security)