Re: Account Audit issue

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: "Jorge Silva" <jorgesilva_pt@xxxxxxxxxxx>
Date: Thu, 27 Dec 2007 18:02:06 -0000

Sounds like your users are only used those 2 DCs for authentication.
Check if you've the ADSS and subnets correctly configured, and if your clients are using the Correct DC for authentication.

--
I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MCSE, MVP Directory Services
"FallenNCantGetUp" <FallenNCantGetUp@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:BE1E744C-F64E-43F3-AAD8-C4A97E12C93E@xxxxxxxxxxxxxxxx

If that is true, then why do two of the domain controllers show the event?
Incidentally, one will show the source as the client where the logon attempt
was made, the other will show the first domain controller as the source. I
assume that the one is authenticating the system, and then forwarding the
failed logon attempt to the other domain controller. But why then do the
other two DCs not get the same message?

I'm lost. Thanks for the response.

"Jorge Silva" wrote:

Hi
Please see answers inline:
> Okay, I've got a network running 4 domain controllers on server 2003.
> Everything is 2003 or XP on the network. Account Logon/Logoff -
> Success/Fail
> is configured on a GPO and applied to all workstations. The auditing
> works, kinda. Two of my domain controllers successfully track Security
> Events when a user logs on through one of the workstations. > Specifically,
> I'm testing for 'failed' log on events. The other two domain > controllers,
> don't record the events? They are tracking several security events, > just
> not
> my failed logon?

The failed logon will be recorded in the DC where the user authentication
was made.

--
I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MCSE, MVP Directory Services

References:
- Re: Account Audit issue
  - From: Jorge Silva

Prev by Date: Re: Unabe to change FSMO
Next by Date: Automate Active Directory User Maintenance
Previous by thread: Re: Account Audit issue
Next by thread: trust relationship for same namespace
Index(es):
- Date
- Thread

Relevant Pages

Netlogon 5783
... For about there mounts I<m having small network problem, with clients, that ... The session setup to the Windows NT or Windows 2000 Domain Controller ... On DC1r there is Exchange 2000 server, witch is Exchange system manager is ... The failure code from authentication protocol Kerberos ...
(microsoft.public.win2000.networking)
Re: Remote site BDCs wont auth clients when T1 to AD 2003 is down LTLM?
... Depending on what clients you have if you do not have additional W2K DCs ... Put a W2K DC at every site the you want authentication to continue if the ... 298713 How to Prevent Overloading on the First Domain Controller During ... I have tried forcing the AD controller to do NTLM only- but that ...
(microsoft.public.security)
Re: Remote site BDCs wont auth clients when T1 to AD 2003 is down LTLM?
... Depending on what clients you have if you do not have additional W2K DCs ... Put a W2K DC at every site the you want authentication to continue if the ... 298713 How to Prevent Overloading on the First Domain Controller During ... I have tried forcing the AD controller to do NTLM only- but that ...
(microsoft.public.win2000.security)
Re: Does eliminating NetBios kill NTLMv2?
... Disabling netbios over tcp/ip does not eliminate downlevel authentication. ... You can verify that by disabling it on a domain controller and then using ... > clients and servers have fewer options, ...
(microsoft.public.win2000.security)
Re: Backup Domain controller??
... > The Primary vs. Backup Domain Controller concept went out the door in NT4, ... > Be sure to define Sites & Subnets for your domain controllers and clients, ... > since this will reduce authentication traffic going across your T1. ... >> I believe that in the NT days, this server would have been a BDC. ...
(microsoft.public.windows.server.general)