We have a Windows 2003 AD Domain with three DC's called DC-1, DC-2, and DC-3. All DC's are running AD integrated DNS. There seems to be no problem authenticating to DC-1, but all the XP/2000 workstation in our environment are having problems authenticating to DC-2 and DC-3. It's real annoying because customers have to keep restarting their computers until they connect to DC-1. When they fail, the follwing event error appears:
Event ID 3210
This Computer could not authenticate with \\DC-2 (also DC-3), a windows domain controller for domain OUR_DOMAIN_NAME, and therefore this computer might deny login requests. This inability to authenticate might be caused by another computer on the same network using the same name or the password for this computer is not recognized. If this message appears again, contact your system administrator.
We tried deleting/recreating workstation accounts, but that didn't help. There doesn't seem to be any problem with duplicate computer names on the network. We also checked our DNS records and everything seems to be ok. We can also ping the FQDN for all DC's. NLTEST tells us that we can only connect to DC-1.