Problems on a Windows 2003 Domain Controller

Posted on 2005-04-26
Last Modified: 2010-08-05


I had a problem with a domain controller which holds a lot of windows shares. I have 2 DC in my Active Directory environment.

Here's what's happened:

1. The users who were logged into the domain didn't have any problems on accessing their shared folders on that server
2. Some users who tryied to log-on this morning couldn't access to their folders. The logon script didn't  started
3. I tried to start the logon script manually but I couldn't map any disks on that server.

I needed to restart the domain controller it in order to fix everything.

It has been some time that network disks mapped on that server suddenly disappears.

I guess there's something wrong in the users authenticate process but I can't understand it.

I have activated the Security Audit on that server. I had a lot of these errors which referred to different users:

Pre-authentication failed:
       User Name:      dcp
       User ID:            DOMAIN\dcp
       Service Name:      krbtgt/DOMAIN
       Pre-Authentication Type:      0x2
       Failure Code:      0x18
       Client Address:

Question by:fmalinve
    LVL 4

    Expert Comment

    If I am not mistaken from your comments above the Domain Controllers are also the file servers (i.e. the servers holfding the shares).
    Kindly check the following
    (1) Replication between the Domain Controllers
    (2) Time & Time Zone settings i.e. whether the time is the same across all the machines involved.

    Kindly let me know if the above solution works.

    Author Comment



    Yes the DC which has the problem is file server also.

    Regarding your questions:

    1) Replication between the 2 DCs works fine

    2) The time and Time Zone settings are the same for all the machines involved. Only the client is 2 seconds late with the DCs.

    LVL 3

    Expert Comment


    Is it possible these folks are just having problems w/their passwords?
    0x18 Failures are bad password errors.

    Do you have complex password policies set? -- don't get me wrong, this is recommended, but we end up with a rash of these each time passwords change.

    If you've just begun to audit logon events, you may be surprised to find a number of these errors, even from users who have had their pwd for a while.

    Author Comment


    Well, actually I can't find any exact corrispondence between that error message and the problem that occurred.
    There's an high possibility that the 0x18 failure is not related to what's happened.

    My password policy set is relatively complicated. Yes, this could be a good explanation of 0x18 errors in my log file.

    What could I check also?
    LVL 28

    Expert Comment

    See if eveything is fine with your domain with dcdiag /v.

    For W2k you get it here:

    I think W2k3 has it already.

    Hope this helps,

    LVL 51

    Expert Comment

    If these are XP client machines, then set this Group Policy Element in your Default Domain Policy:

    Computer Configuration>Administrative Templates>System>Logon - Always wait for network on computer startup or user logon = Enabled.

    This error (I think) is being caused by Xp attempting to used cached credentials on the local PC to speed up login until the network has completely initialized.  If there has been recent password changes, then things get "unsync'd" between the local LSA and the AD.

    Let us know if this works.


    Author Comment


    DCDiag /v doesn't give any error. All tests have passed.

    netman66: I will make some tests in my test environment and let you know the results

    Author Comment


    Dear Exchange Experts

    Sorry for the delay.

    The problem was caused by a memory leak in the Mcafee Antivirus Program. It stressed the server so much that it caused logon problems to the users.

    I solved the problem installing the last Viruscan patch.

    Thanks anyway for your kind support
    LVL 1

    Accepted Solution

    PAQed with points refunded (250)

    Community Support Moderator

    Featured Post

    Top 6 Sources for Identifying Threat Actor TTPs

    Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

    Join & Write a Comment

    by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
    Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop. Interesting thing was the fact th…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now