[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

DC and TS authentication over WAN

Posted on 2007-10-01
10
Medium Priority
?
911 Views
Last Modified: 2013-11-21
I have had to take over a problem that someone has left behind.

I have two servers with the following
server1 = (Virtual Server) - DC
server2 = (which VC is on) - Exchange
server3 = Terminal Server.

They are both in a datacentre with only WAN connections.
I can ping /  access data between severs, but I cannot log into the terminal server using a ad user, I can only log onto the TS using a local username password.

Hope some can help
0
Comment
Question by:pbrane
  • 5
  • 4
10 Comments
 
LVL 13

Expert Comment

by:Mohamed ElManakhly
ID: 19989710
dear pbrane,

make sure that user on the AD has access permissions .. simplpy go the proerties of this user , and go to the Dial-in tap .. and give allow access to that user
0
 
LVL 4

Author Comment

by:pbrane
ID: 19990031
Hi
I forget to mention, when I try to log on using the AD account info we get the error,
"Windows cannot connect to the domain, either because the domain controller is down or otherwise unavailable or because your computer account is not found. Please try again later"
The system does recognise when its incorrect and tells me its incorrect, but when it correct I get the above error.

Cheers
0
 
LVL 13

Expert Comment

by:Kini pradeep
ID: 19996872
could you check the event log on your TS and Dc and update on any errors/warnings.
0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 
LVL 4

Author Comment

by:pbrane
ID: 19996923
The events when I try to connect to the TS on the DC are

Security Events:
Event Type:      Success Audit
Event Source:      Security
Event Category:      Account Logon
Event ID:      672
Date:            10/2/2007
Time:            9:23:33 AM
User:            NT AUTHORITY\SYSTEM
Computer:      SERVER1
Description:
Authentication Ticket Request:
       User Name:            ian.hill
       Supplied Realm Name:      DOMAIN
       User ID:                  DOMAIN\ian.hill
       Service Name:            krbtgt
       Service ID:            DOMAIN\krbtgt
       Ticket Options:            0x40810010
       Result Code:            -
       Ticket Encryption Type:      0x17
       Pre-Authentication Type:      2
       Client Address:            81.101.xx.xx
       Certificate Issuer Name:      
       Certificate Serial Number:      
       Certificate Thumbprint:      

Event Type:      Success Audit
Event Source:      Security
Event Category:      Account Logon
Event ID:      673
Date:            10/2/2007
Time:            9:23:33 AM
User:            NT AUTHORITY\SYSTEM
Computer:      SERVER1
Description:
Service Ticket Request:
       User Name:            ian.hill@DOMAIN.LOCAL
       User Domain:            DOMAIN.LOCAL
       Service Name:            SECAURA02$
       Service ID:            DOMAIN\SECAURA02$
       Ticket Options:            0x40810000
       Ticket Encryption Type:      0x17
       Client Address:            81.101.xx.xx
       Failure Code:            -
       Logon GUID:            {cbd70266-632c-76e5-25de-0d1f8d1ae1ad}
       Transited Services:      -


SECAURA02 being the terminal server.

And on the TS server there is nothing.

Thanks
0
 
LVL 13

Accepted Solution

by:
Kini pradeep earned 2000 total points
ID: 19997009
That could be either a Time sync issue ( usually get the RPC error in that case) or can you also check the secure channel using the support tools NLtest or netdom. If the secure channel is busted then you could use these tools to rest the secure channel or disjoin the box from the domain and join it again..
0
 
LVL 13

Expert Comment

by:Kini pradeep
ID: 19997020
0
 
LVL 4

Author Comment

by:pbrane
ID: 19997060
Hi There
Thanks, I have ran the following command changign appropriate:

In this example, you want to verify that the server a-dc1 has a valid trust relationship with the domain. At the command prompt, type:
"nltest.exe /server:fourthcoffee-dc-01 /sc_query:fourthcoffee"

And the result I got was
I_NetLogonControl failed: Status - 5 0x5 ERROR_ACCESS_DENIED

I am looking into as well now.
Feels nice to make progression.
0
 
LVL 4

Author Comment

by:pbrane
ID: 19997076
I found this. Not sure what to make of it, but I am removing and rejoining the TS from the domain.

If the domain computer account has been reset, NLTest will respond with the message:

   Connection Status = 5 0x5 ERROR_ACCESS_DENIED

0
 
LVL 4

Author Comment

by:pbrane
ID: 19997175
Thanks you for your help
I disjoined the TS from the domain and rejoined it and I can now login using a AD user.

Thanks again.
0
 
LVL 13

Expert Comment

by:Kini pradeep
ID: 19997177
you could check
http://support.microsoft.com/kb/810977
thats where it says so..
0

Featured Post

Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
High user turnover can cause old/redundant user data to consume valuable space. UserResourceCleanup was developed to address this by automatically deleting user folders when the user account is deleted.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question