Re: Cannot logon to the Domain

Run diagnostics against your Active Directory domain.

If you don't have the tools installed, install them from your server install
disk.
d:\support\tools\setup.exe

Run dcdiag and netdiag in verbose mode.
-> dcdiag /e /c /v /s:DC_Name /f:c:\dcdiag.log
-> netdiag.exe /v > c:\netdiag.log

If you download a gui script I wrote it should be simple to set and run. It
also has the option to run individual tests without having to learn all the
switch options. The details will be output in notepad text files that pop
up automagically.

The script is located in the download section on my website at
http://www.pbbergs.com

Just select both dcdiag and netdiag make sure verbose is set. (Leave the
default settings for dcdiag as set when selected)

When complete search for fail, error and warning messages.


--
Paul Bergson MCT, MCSE, MCSA, Security+, CNE, CNA, CCA
http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup

This posting is provided "AS IS" with no warranties, and confers no rights.

"Henri" <spam@xxxxxxxx> wrote in message
news:OmSg3IhlGHA.3916@xxxxxxxxxxxxxxxxxxxxxxx
Thanks,

We have two DCs say DC1 and DC2.

- DC1 is the FSMO the GC is replicated to DC2 so both have the GC.
- DC1 an DC2 have DNS integrated installed DC1 is the primary DNS and DC2
is the secondary.
- Our DHCP server is configure to push DNSs IPs to all clients as follows
were .26 is DC1 and .27 is DC2:

Default Gateway . . . . . . . . . : 192.7.1.1
DNS Servers . . . . . . . . . . . : 192.7.1.27
192.7.1.26

Still when DC1 is down users cannot logon to the domain and service that
need periodical authentication to the domain cannot be authenticated. This
causing a serious outrage to our services.

Thanks for your help guys any additional hints will be appreciated.

Thanks in advance,

Henri.




"Paul Bergson" <pbergson@xxxxxxxxxxxxxxxxx> wrote in message
news:%23RGTbrflGHA.5044@xxxxxxxxxxxxxxxxxxxxxxx
When the DC is brought down clients need to authenticate to another DC,
the way they find the DC's and its services is through DNS. Once the
client has been provided a DNS server it requests services for a Global
Catalog on an active DC. As you can see there are several redundency
needs in order to be able to keep things up and running.

1) There needs to be more than one dns server
2) There needs to be more than one GC
3) The clients need to point to more than one dns server

Jorge pointed this all out already but I wanted to go into a bit of
detail for you to understand what the needs are for.

If you need help in tracking down if you meet all of this criteria
re-post what specifically you are unsure of.

--
Paul Bergson MCT, MCSE, MCSA, Security+, CNE, CNA, CCA
http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup

This posting is provided "AS IS" with no warranties, and confers no
rights.

"Henri" <spam@xxxxxxxx> wrote in message
news:eQDr%23aWlGHA.836@xxxxxxxxxxxxxxxxxxxxxxx
Hi,

Occasionally we need to service the FSMO PDC (Windows Updates). During
the downtime ( Usually a reboot) users cannot logon to the Domain
although there is another DC with a replica of
the GC.

I know that I can Transfer the Operation Master role to the other DC,
but I
am concern of the time it might take to do this and I do not know if I
have
to do it on all three Tabs ( RID, PDC and Infrastructure ). We have two
domain on the same tree, a primary domain with a child domain.

Is there's a way so that users and services with domain account will be
able
to stay authenticated while the FSMO is down for maintenance, sometimes
is
it only the time of a reboot after applying Microsoft Update patches.

Thanks in advance for you help.

Henri.









.

Relevant Pages