Re: Authentication doesn't fail over to additional DC's
- From: Kimberly Pace <KimberlyPace@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 27 Mar 2008 09:54:00 -0700
The one's who haven't logged on get the normal message about bad
username/password -- I think that if they tried several times and waiting 5 -
10 minutes, they would get logged on, however, they call the Helpdesk right
away. The biggest problem is our Intranet -- users see "code" but some of
the error messages indicate that the service account can't log on. Here is a
report from one of the developers.
Here are a few log entries that may be of interest in investigating the
problem that occurred this morning with iSITE's failure to authenticate with
CSQL1 using the VFSSystem account.
---
There are a few of these on WEB2 and WEB3:
Event Type: Failure Audit
Event Source: Security
Event Category: Object Access
Event ID: 560
Date: 1/25/2008
Time: 9:14:06 AM
User: NT AUTHORITY\NETWORK SERVICE
Computer: WEB2
Description:
Object Open:
Object Server: SC Manager
Object Type: SERVICE OBJECT
Object Name: WinHttpAutoProxySvc
Handle ID: -
Operation ID: {0,7816790}
Process ID: 628
Image File Name: C:\WINDOWS\system32\services.exe
Primary User Name: WEB2$
Primary Domain: CCCHSD
Primary Logon ID: (0x0,0x3E7)
Client User Name: NETWORK SERVICE
Client Domain: NT AUTHORITY
Client Logon ID: (0x0,0x3E4)
Accesses: Query status of service
Start the service
Query information from service
Privileges: -
Restricted Sid Count: 0
Access Mask: 0x94
"Danny Sanders" wrote:
What error do the users get trying to log in when this DC is down?.
hth
DDS
"Kimberly Pace" <KimberlyPace@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:05A07E59-5579-42D1-A131-80734BAD2E48@xxxxxxxxxxxxxxxx
Each DC at the six sites are GC's. The 2nd server in the DC is a global
catalog. I have played with changing roles and moving the GC from one
server
to the other. I have split the roles between the two and have put all the
roles on one server, etc. Also, I've adjusted the logon cache settings in
group policy, thinking the workstations would try to re-authenticate with
the
last DC that logged them on.
"Danny Sanders" wrote:
Which server is the global catalog?
hth
DDS
"Kimberly Pace" <KimberlyPace@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:8D879F63-002D-4621-A135-C39BF0F6644B@xxxxxxxxxxxxxxxx
Hi,
I have 8 domain controllers in our enterprise. 6 are located at other
geographical sites and 2 are located in our central datacenter. All
domain
controllers are handling logon requests through the enterprise. I
assumed
I
should be able to shut down one of the DC's in the datacenter without
causing
logon issues, but that doesn't seem to be the case -- even if I
transfer
the
PDC emulator role to another DC. Users start calling the HelpDesk
saying
they can't log on but more importantly, our BizTalk server won't
authenticate
and all users are denied access to our intranet site which relies on
BizTalk.
Once the DC controller is back on line, everything goes back to normal.
I've talked with the team controlling the BizTalk server and they
assure
me
that don't have any dependencies written into the server configuration
requiring that one DC to be online. I can shut down other DC's with no
interruption to authentication. Any ideas?
- Follow-Ups:
- Re: Authentication doesn't fail over to additional DC's
- From: Danny Sanders
- Re: Authentication doesn't fail over to additional DC's
- References:
- Authentication doesn't fail over to additional DC's
- From: Kimberly Pace
- Re: Authentication doesn't fail over to additional DC's
- From: Danny Sanders
- Re: Authentication doesn't fail over to additional DC's
- From: Kimberly Pace
- Re: Authentication doesn't fail over to additional DC's
- From: Danny Sanders
- Authentication doesn't fail over to additional DC's
- Prev by Date: Re: Replication NTDS Settings
- Next by Date: Re: Authentication doesn't fail over to additional DC's
- Previous by thread: Re: Authentication doesn't fail over to additional DC's
- Next by thread: Re: Authentication doesn't fail over to additional DC's
- Index(es):
Relevant Pages
|
