Solved

User logins not authenticating by all domain controllers

Posted on 2006-06-16
3
242 Views
Last Modified: 2010-03-19
I have 2 Windows 2000 Server domain controllers at my company (TMIDC1 and TMIDC2). TMIDC2 is old and I replaced it a short time ago. We named the new server TMIDC3. It replicated with DC1 & 2 just fine, so we figured we could now turn off TMIDC2 and nobody would care, however when we did that certain users could not get logged in. Once we turned TMIDC2 back on they logged in just fine. My question is this...how can I tell (from a users PC) what domain controller it's trying to log into? I'm thinking that if I find the PCs that are trying to log into TMIDC2 and change that to TMIDC1 then they will be able to log in once I turn off TMIDC2.

The other question I have is, even if TMIDC2 is off, I always assumed that the user should get authenticated by either TMIDC1 or TMIDC3, but that is not happening. There is nothing running on TMIDC2 that TMIDC1 doesn't have running as well. Any ideas?

thanks in advance.
-Bob
0
Comment
Question by:bobrossi56
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 71

Expert Comment

by:Chris Dent
ID: 16920269
> how can I tell (from a users PC) what domain controller it's trying to log into?

At the command prompt do:

echo %logonserver%

And it'll show you exactly which they're trying to use.

But... they should be able to log onto any DC. That they can't suggests maybe you possibly have a name resolution problem; how is DNS configured for those clients?

HTH

Chris
0
 
LVL 13

Expert Comment

by:marine7275
ID: 16920408
DNS brother. You got to have those client statically assigned to the #2 server.

FLush DNS
0
 
LVL 13

Accepted Solution

by:
prashsax earned 500 total points
ID: 16920842
You cannot just turnoff a DC and assume it is removed.

First you need to check, if this DC is holding any FSMO roles.

If yes, then you need to transfer them to another DC.

Then run DCPROMO again on DC2.

This will remove all the entries of DC2 from AD, and gracefully remove it from the Active Directory.

The problem you are facing could be due to DC2 is holding some FSMO roles. First transfer them to other DC.
0

Featured Post

Why Off-Site Backups Are The Only Way To Go

You are probably backing up your data—but how and where? Ransomware is on the rise and there are variants that specifically target backups. Read on to discover why off-site is the way to go.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
This article is a collection of issues that people face from time to time and possible solutions to those issues. I hope you enjoy reading it.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question