kcorbiniqg
asked on
Windows 98 clients can't login when first DC is down.
When I shut down the first DC that I setup for the domain, my Win98 clients can't login to the domain with the bad password/access denied message. I know the domain is replicating OK, and my XP clients can login fine albeit a bit slower than usual.
It is a single domain with 2 domain controllers.
If I got the message "no domain server was able to validate your password" I would know that the clients couldn't even see the second DC so I'm a bit confused as to the problem.
Then I was thinking it was possibly an FSMO issue and PDC emulation, but I don't want to have to switch roles every time I take down a DC for maintenance or something. Isn't that the job of AD?
Am I missing something simple?
Thanks!
It is a single domain with 2 domain controllers.
If I got the message "no domain server was able to validate your password" I would know that the clients couldn't even see the second DC so I'm a bit confused as to the problem.
Then I was thinking it was possibly an FSMO issue and PDC emulation, but I don't want to have to switch roles every time I take down a DC for maintenance or something. Isn't that the job of AD?
Am I missing something simple?
Thanks!
Oops, wrong question :-(
Ummm, the problem is that you need to have a GC available. The reason your 2K clients logon is they are using cached credentials. It's not a big issue to resolve, however. Just add the second DC as a Global Catalog server, and you'll be fine.
ASKER
Both DCs were already GC servers (the 'Global Catalog' box is checked under NTDS settings). I then had just the non-primary DC be the GC server and still no dice.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Is the one domain controller also the DNS server that the win98 clients are pointed to?
ASKER
File this one under DOH!
After trying the PDC emulator role switch and the DSClient, it still didn't work. This led me to start looking at all aspects of accessing the second domain controller. Turns out, I had disabled File and Print Sharing. I had done that a while back in a quest for minimalism while this machine was just an Exchange box and not a DC.
As usual, the most perplexing problems have the smallest fix.
Thanks for giving me some other things to think about however, and I was unaware of the DSClient in the first place so thanks for bringing that to my attention.
After trying the PDC emulator role switch and the DSClient, it still didn't work. This led me to start looking at all aspects of accessing the second domain controller. Turns out, I had disabled File and Print Sharing. I had done that a while back in a quest for minimalism while this machine was just an Exchange box and not a DC.
As usual, the most perplexing problems have the smallest fix.
Thanks for giving me some other things to think about however, and I was unaware of the DSClient in the first place so thanks for bringing that to my attention.
My pleasure, and thanks for the points and score.
2nd, let's see what we can tell that guy