User authentication in windows 2000 domain failing to second domain controller

  • Thread starter Thread starter bjaming
  • Start date Start date
B

bjaming

Hello,


I have a client network that had an existing domain controller that
contained all the FSMO roles and the GC, there were some serious
problems with AD like the domain naming master being deleted, the root
CA deleted (still is) and hardware that is about to fail on the old
domain controller. I promoted another server to DC and gave it the
domain naming master role, left other roles as they were and began
testing user authentication.


When I unplug the first DC (pre-existing) and try to authenticate to
the DC I created user authentication fails. DNS is set up correctly,
the users DHCP pushes down the IP address of the new server as a DNS,
its in the _tcp, _sites, etc.. yet it will not authenticate a users
attempting to log on.


Are there any tools I can use to find out why user authentication is
failing? I found NLtest but that looks like something that is mostly
used for win NT 4 and for troubleshooting trust relationships.

To be make this more clear, there is an existing domain controller DC1
There is a domain controller I have built DC2

When I remove the network connection from DC1, users can no longer log
onto the domain, they cannot access exchange, they cannot do anything.
I need to know why DC2 is not servicing logon requests.

Here's some more information


This computer was not able to set up a secure session with a domain
controller in domain XXXXX due to the following:
There are currently no logon servers available to service the logon
request.
This may lead to authentication problems. Make sure that this computer
is connected to the network. If the problem persists, please contact
your domain administrator.


-----------------------------------


The session setup to the Windows NT or Windows 2000 Domain Controller
\\DC1 for the domain XXXXXXXXX is not responsive. The current RPC call

from Netlogon on \\EXSERVER to \\DC1 has been cancelled.


results of a dcdiag on the secondary domain controller.


Domain Controller Diagnosis


Performing initial setup:
Done gathering initial info.


Doing initial required tests


Testing server: SAN\DC2
Starting test: Connectivity
......................... DC2 passed test Connectivity


Doing primary tests


Testing server: SAN\DC2
Starting test: Replications
......................... DC2 passed test Replications
Starting test: NCSecDesc
......................... DC2 passed test NCSecDesc
Starting test: NetLogons
......................... DC2 passed test NetLogons
Starting test: Advertising
......................... DC2 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... DC2 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... DC2 passed test RidManager
Starting test: MachineAccount
......................... DC2 passed test MachineAccount
Starting test: Services
......................... DC2 passed test Services
Starting test: ObjectsReplicated
......................... DC2 passed test ObjectsReplicated
Starting test: frssysvol
......................... DC2 passed test frssysvol
Starting test: kccevent
......................... DC2 passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x00000457
Time Generated: 01/02/2006 11:07:14
Event String: Driver HP DeskJet 930C/932C/935C required for



An Error Event occured. EventID: 0x00000452
Time Generated: 01/02/2006 11:07:14
Event String: The printer could not be installed.
......................... DC2 failed test systemlog


Running enterprise tests on : domain.com
Starting test: Intersite
......................... domain.com passed test Intersite
Starting test: FsmoCheck
......................... domain.com passed test FsmoCheck



Here's some errors from the domain controller and the exchange server


this one from exchange (repeatedly)


Logon Failure:
Reason: An error occurred during logon
User Name: USER
Domain: DOMAIN
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: USER-PC
Status code: 0xC000005E
Substatus code: 0x0
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: 10.0.0.27
Source Port: 4977


This one from the DC2 repeatedly


Service Ticket Request Failed:
User Name:
User Domain:
Service Name:
Ticket Options: 0x40830000
Failure Code: 0xE
Client Address: 10.0.0.40


Thank you
 
I am also getting the same problem. If you happen to find a solution,
I would be interested in hearing it.

Thanks.
 
So after more research...Someone suggested setting the new DC to be a
Global Catalog server. You do this by Active Directory Sites And
Services->Sites->Default-First-Site-Name->Servers->{new DC
server}->NTDS Settings->Properties->Global Catalog

That did not work for me, but it may be something to try.
 
Back
Top