Authentication

[Floyd]

People are not authenticating to their local DC as they
should. I can log in 2 times in a row and once I will
authenticate thru site1 and the very next time I will
authenticate to Site2. ??? In trying to figure this out I
have run across some information that seems to say that
part of the issue could be time not working properly. I
have noticed some oddities along this line.

If I do a NET TIME at a DOS prompt it tells me that Site1
is the main time server

In the registry of my w/s it tells me that Site2 is my
NTP server which I assume would be the main time server

I cannot find anything alluding to an NTP server any
where configured in the group policies.

Thanks

floyd

 

[Roger Abell]

Site1 and Site2 are two DCs of a single domain ?
Or are these only sites (which contain DCs by
whatever other name) ?

Are you sure that you have correctly defined your
sites in AD and that the client has an IP that clearly
places it into a site ?

If Site1 and Site2 are DC names, are you sure that
they are not both registered via SRVs in the site
resource records for the site of the client ?

A client is free to use, for authentication, any DC
of the domain but will first try those that are listed
via SRV resource records for its site, so you really
need to examine the DNS site SRVs.

As for the NTP part of your question:

A domain member will in default settings use the
PDC emulator FSMO of its domain as its time server.
Are you sure that your PDC FSMO exists and is
correctly registring the PDC SRV resource record in
DNS ?

net time /querysntp
is the older interface.

Try at a cmd prompt running
w32tm /once
and read to see what NTP servers it tries.

 

[GoumbaYa]

This is Active Directory related - not XP.