Cached credentials issue

G

Guest

I didn't see a Windows 2003 AD forum so I'm using this one.

We currenly promoted a new DC into the domain. When laptop users are
connected to the network and their LOGONSERVER is the new DC they don't
experience any issues. When the LOGONSERVER was the new DC during the users
last authentication/login when the laptop is disconnected from the network
the user is NOT able to make use of cached credentials. If the LOGONSERVER
was any of the other DC's during the users last authentication/login when the
laptop is disconnected from the network the user DOESN'T have any issues
making use of cached credentials. Any thoughts on what is causing the issue
or suggestions of what to look into?
 
H

Herb Martin

Onion said:
I didn't see a Windows 2003 AD forum so I'm using this one.
Click to expand...

It's called:
microsoft.public.windows.server.active_directory

[I wish Microsoft would stop changing the names
of the product and the newsgroups convention and
just have "whatever.CurrentVersion.areaOfInternet"
Then when we go to Server 2006 Or 2007 it would'nt
matter.]
We currenly promoted a new DC into the domain. When laptop users are
connected to the network and their LOGONSERVER is the new DC they don't
experience any issues. When the LOGONSERVER was the new DC during the users
last authentication/login when the laptop is disconnected from the network
the user is NOT able to make use of cached credentials.
Click to expand...

Such problems (authentication or replication probably) are
usually DNS errors in Win2000 or Win2003.
If the LOGONSERVER
was any of the other DC's during the users last authentication/login when the
laptop is disconnected from the network the user DOESN'T have any issues
making use of cached credentials. Any thoughts on what is causing the issue
or suggestions of what to look into?
Click to expand...

Likely that new DC is not properly repclicated.

Try DCDiag (on that DC) and check the following:

DNS for AD
1) Dynamic for the zone supporting AD
2) All internal DNS clients NIC\IP properties must specify SOLELY
that internal, dynamic DNS server (set.)
3) DCs and even DNS servers are DNS clients too -- see #2
4) If you have more than one Domain, every DNS server must
be able to resolve ALL domains (either directly or indirectly)

netdiag /fix

....or maybe:

dcdiag /fix

(Win2003 can do this from Support tools):
nltest /dsregdns /server:DC-ServerNameGoesHere
http://support.microsoft.com/kb/q260371/

Ensure that DNS zones/domains are fully replicated to all DNS
servers for that (internal) zone/domain.

Also useful may be running DCDiag on each DC, sending the
output to a text file, and searching for FAIL, ERROR, WARN.

Single Label domain zone names are a problem Google:
[ "SINGLE LABEL" domain names DNS 2000 | 2003 microsoft: ]
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

%logonserver% varible to connect to home folder in DC2 to when DC1 one down 0
URGENT HELP WITH .MSI INSTALLATION 2
cached domain credentials 2
Inter-office roaming home and profile folders? 4
Random Authentication Requests 4
Login Question 1
isolated DC fails to work 5
Windows 2000 Logs on using cached credentials 1

Top