sacs
asked on
Child Domain logon problem
I have a Win2000 network with a parent and child domain. The domain is using active directory and seems fully functional EXCEPT members of the child domain usually don't get their password validated until the second or third attempt at logging on. The error reads 'The domain password you supplied is not correct, or access to your logon server has been denied' - neither of which is true. The error comes back almost instantly - like not enough time has passed to really check. The child domain has 3 servers and the validating servers sit on the same switch so it isn't the physical network. The parent domain has no problems.
I have no idea where to start tracking down the problem.
I have no idea where to start tracking down the problem.
Nevaar
Check the DNS entries for your child domain controllers. Are they all showing up (the SRV reocrds)? Are all the records correct (they really point to the domain controllers)?
I might have to agree that DNS is the issue. You may be having a resolution problem that could be causing this. Your domain should have the authoritative DNS server where as the child should have a secondary to the primary.
ASKER
According to Microsoft (look at Q286753)child DNS should be in active directory and only some information is stored in the child DNS.
It could be DNS is incorrectly functioning but if the DNS in the parent and child domain show no errors and it's setup according to Microsoft how is it tested?
It could be DNS is incorrectly functioning but if the DNS in the parent and child domain show no errors and it's setup according to Microsoft how is it tested?
ASKER
According to Microsoft (look at Q286753)child DNS should be in active directory and only some information is stored in the child DNS.
It could be DNS is incorrectly functioning but if the DNS in the parent and child domain show no errors and it's setup according to Microsoft how is it tested?
It could be DNS is incorrectly functioning but if the DNS in the parent and child domain show no errors and it's setup according to Microsoft how is it tested?
Normally you would create another zone on the DNS server in the primary domain for the child and have a secondary DNS server in the child domain for name resolution. Is this how your currently set up?
ASKER
Mikecr - I have a root DNS - I know it's the root as it has no hints lookup table. I have another DC DNS with Active Directory and a third server as a secondary DNS (all are in the parent domain and have a full list of clients).
In the child domain I have a DC with DNS active directory intergration but its has only some of the information from the parent and the information it has is only to do with the child.
I would understand Micrsoft's logic if the child domain only carried information about itself but the DNS doesn't even have a full set of the child information.
In the child domain I have a DC with DNS active directory intergration but its has only some of the information from the parent and the information it has is only to do with the child.
I would understand Micrsoft's logic if the child domain only carried information about itself but the DNS doesn't even have a full set of the child information.
Go into the properties of the DNS server then and set up a forwarder to the DNS server of your primary domain. See if this helps, also, check the event viewer of the domain controller and see what errors it is logging under system and security and post them here.
ASKER
Forwarding was already checked from the Child to the Parent - over the last week there have been no error reports by either the parent and child DNS server.
Have you gone into sites and services and created the site for your child domain? Do you have all Windows 2000 clients?
ASKER
In site and services I have only the default container - default-first-site-name which contains a folder servers - which has both parent and child servers - why create another container?
I have both Win2000 and Win98 clients. I have mainly Win 98 in the child - made me think to check with the Win2000 machines in the child domain if they too have the problem.
I have both Win2000 and Win98 clients. I have mainly Win 98 in the child - made me think to check with the Win2000 machines in the child domain if they too have the problem.
Are you using the AD client on the Windows 98 machines? The reason I asked about the site is if you have different subnets with domain controllers on them you need to specify them in Sites and Services. Whenever the client logs in then it knows where the closest domain controller is to log into and the servers know how to set up the KCC and replicate between themselves properly.
ASKER
Resolution - we ghost our machines and the win 98 copy we used has some corruption that affected the wins resolution
---- CLEAN UP ----
sacs,
No comment has been added lately (284 days), so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area for this question:
RECOMMENDATION: [ PAQ/Refund ]
Please leave any comments here within the next seven days.
¡PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!
--------------------------
Rajiv Makhijani
EE Cleanup Volunteer
sacs,
No comment has been added lately (284 days), so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area for this question:
RECOMMENDATION: [ PAQ/Refund ]
Please leave any comments here within the next seven days.
¡PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!
--------------------------
Rajiv Makhijani
EE Cleanup Volunteer
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.