• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 240
  • Last Modified:

Problems on a Windows 2003 Domain Controller


Hi

I had a problem with a domain controller which holds a lot of windows shares. I have 2 DC in my Active Directory environment.

Here's what's happened:

1. The users who were logged into the domain didn't have any problems on accessing their shared folders on that server
2. Some users who tryied to log-on this morning couldn't access to their folders. The logon script didn't  started
3. I tried to start the logon script manually but I couldn't map any disks on that server.

I needed to restart the domain controller it in order to fix everything.

It has been some time that network disks mapped on that server suddenly disappears.

I guess there's something wrong in the users authenticate process but I can't understand it.

I have activated the Security Audit on that server. I had a lot of these errors which referred to different users:

Pre-authentication failed:
       User Name:      dcp
       User ID:            DOMAIN\dcp
       Service Name:      krbtgt/DOMAIN
       Pre-Authentication Type:      0x2
       Failure Code:      0x18
       Client Address:      192.168.1.232



0
fmalinve
Asked:
fmalinve
1 Solution
 
SunshineVKCommented:
Hi!!
If I am not mistaken from your comments above the Domain Controllers are also the file servers (i.e. the servers holfding the shares).
Kindly check the following
(1) Replication between the Domain Controllers
(2) Time & Time Zone settings i.e. whether the time is the same across all the machines involved.

Kindly let me know if the above solution works.
0
 
fmalinveAuthor Commented:

Hi

Yes the DC which has the problem is file server also.

Regarding your questions:

1) Replication between the 2 DCs works fine

2) The time and Time Zone settings are the same for all the machines involved. Only the client is 2 seconds late with the DCs.

0
 
artthegeekCommented:

Is it possible these folks are just having problems w/their passwords?
0x18 Failures are bad password errors.

Do you have complex password policies set? -- don't get me wrong, this is recommended, but we end up with a rash of these each time passwords change.

If you've just begun to audit logon events, you may be surprised to find a number of these errors, even from users who have had their pwd for a while.
0
Free recovery tool for Microsoft Active Directory

Veeam Explorer for Microsoft Active Directory provides fast and reliable object-level recovery for Active Directory from a single-pass, agentless backup or storage snapshot — without the need to restore an entire virtual machine or use third-party tools.

 
fmalinveAuthor Commented:

Well, actually I can't find any exact corrispondence between that error message and the problem that occurred.
There's an high possibility that the 0x18 failure is not related to what's happened.

My password policy set is relatively complicated. Yes, this could be a good explanation of 0x18 errors in my log file.

What could I check also?
0
 
Michael PfisterCommented:
See if eveything is fine with your domain with dcdiag /v.

For W2k you get it here: http://www.microsoft.com/downloads/details.aspx?familyid=23870a87-8422-408c-9375-2d9aaf939fa3&displaylang=en

I think W2k3 has it already.

Hope this helps,

Michael
0
 
Netman66Commented:
If these are XP client machines, then set this Group Policy Element in your Default Domain Policy:

Computer Configuration>Administrative Templates>System>Logon - Always wait for network on computer startup or user logon = Enabled.

This error (I think) is being caused by Xp attempting to used cached credentials on the local PC to speed up login until the network has completely initialized.  If there has been recent password changes, then things get "unsync'd" between the local LSA and the AD.

Let us know if this works.

NM
0
 
fmalinveAuthor Commented:

DCDiag /v doesn't give any error. All tests have passed.

netman66: I will make some tests in my test environment and let you know the results
0
 
fmalinveAuthor Commented:

Dear Exchange Experts

Sorry for the delay.

The problem was caused by a memory leak in the Mcafee Antivirus Program. It stressed the server so much that it caused logon problems to the users.

I solved the problem installing the last Viruscan patch.

Thanks anyway for your kind support
0
 
GhostModCommented:
PAQed with points refunded (250)

GhostMod
Community Support Moderator
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now