Link to home
Create AccountLog in
Avatar of mhamer

asked on

unable to logon to windows DC failure

Arrived this morning to 600 users unable to logon,
applying policy was on there screen for over 30 mins

the primary DC (FSIMOS) was rebooted just before i arrived, along with everything else which appears to have resolved but still sluggish.

the only error i can see is event id 3   rest posetd at end.

a significant yesterday was..

on a file server encrpytion was turned on and myself and one other users cert used.

worked for me but crashed his pc when he attempted to open the protected file. a reboot fof clinet fixed him, but the file server then could not be logged on loacly to.  or i should say it logged in but desktop never loaded. i could see process associated with the user who crashed still active but unable to shut down.

a reboot this mornning whilst the other stuff was going on also fixed that related?

A Kerberos Error Message was received:
         on logon session domz.COM\asl-ad1$
 Client Time:
 Server Time: 9:6:22.0000 3/6/2008 Z
 Extended Error: 0xc0000234 KLIN(0)
 Client Realm:
 Client Name:
 Server Realm: domz.COM
 Server Name: krbtgt/domz.COM
 Target Name: krbtgt/domz.COM@domz.COM
 Error Text:
 File: e
 Line: 6c0
 Error Data is in record data.

For more information, see Help and Support Center at
Avatar of Paka

Did you stand up a certificate authority recently?
Avatar of mhamer


yes about a month ago
When you establish an Enterprise Root CA, the mechanisms for Kerberos authentication changes, since machine certificates are valid for a month, this would seem to be the cause of your machines losing their trust.  The reboot should cure this and the sluggishness was probably a result of an inrush of reissuance of machine certs.
Avatar of mhamer


Thank you

likley to happen every month? then
Avatar of Paka

Link to home
Create an account to see this answer
Signing up is free. No credit card required.
Create Account