There are currently no logon servers available to service the logon request.

mickeyshelley1
mickeyshelley1 used Ask the Experts™
on
I have added a new windows 2003 server to the network, It is configured as a domain controller and DNS server for a total of 2 dns servers on the same network.
The new comain "cityhall.int" shows up fine on the network and i can see and access the other domain "Cityofabbeville,int" but the cityofabbeville.int can see cityhall.int but can not access it.
When I try to join a computer to cityhall.int it is unable to locate the domain.

I notices the following error in the system event log. There are no apparent DNS event issues


The Security System detected an authenticaton error for the server ldap/W3kABB1.cityhall.int.
The failure code from the authentication protocal Kerberos was "There are currently no logon servers available to service the logon request.
Event id: 40960
category: SPENGO (Negotiator)
(0xc000005e)
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Author

Commented:
 I have tried both and the error event still appears in the event log. I remain unable to join a client to cityhall.int
Should you be charging more for IT Services?

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Commented:
There can be multiple causes of your problem:
You just brought a new server on line. To complete the process, the server has to register its own host A record and SVR record in DNS. To do this, Type the following at the command prompt:
IPconfig /flushdns
IPconfig /registerdns
net stop netlogon
net start netlogon

flushing DNS will remove all old or improper DNS records
registering dns records registers your Host A record
restarting the netlogon will register your SVR records.

Speaking of SVR records, here is your second potential problem:

The cause or your problem may be the result of a faulty default DNS server cached record Cityofabbeville,int.

2003 server has a quirk in it. When the netlogon service is restarted it registers the SRV record of both NICs on the DNS server. As you know DNS is the service that provides the DNS translation to the Authenticating server. If DNS sees two SRV records, Cityofabbeville,int picks up on the NIC that shouldn't be providing DNS to the clients, you may get "no netlogon servers can be found" for your authentication server and see the errors above.

The quirk in 2003 server is regardless of deselecting the option registering the SRV record when netlogon is restarted, it will still register the SRV record. There is a patch to resolve this. But, let's make sure this is the problem. Go into DNS and see if your multihomed DNS server has two SRV records. One will be internal and the other external of your LAN. If you have an SRV record that doesn't belong, you should remove these records. This is only a temp fix for troubleshooting because upon a restart of the netlogon service will put those records back in DNS.  

Then, I would go to the XP clients and check out the IPconfig /all. See if you have picked up on a DNS server that is not correct. If so, you will not be able to get the DNS query for the Authenticating server to propogate back. So, you will not be able to communicate with the Authenticating server. Hence, you will not be able to authenticate and recieve errors like you are seeing. Flush the DNS cache and manually configure your list of preferred DNS servers to the correct NICS.

There is a fix to the 2003 server. It is a patch.
Have a look at this:
 -- http://support.microsoft.com/?id=832478

I hope this helps

Author

Commented:
I followed each insrtuction to the letter, my problem stabds resolved..

Commented:
IF YOU ARE LOOKING FOR ANSWERS, I wished to add a little additional information.

I was just bringing a new domain on line and ran through the above steps. So, my memory has been refreshed.
The above information tells you how to register the DNS Host A and SRV records for your new server.
1) Register the DNS records
2) Register the SRV records

3) Then, it tells you how to prevent a multihomed computer from having DNS problems by applying a patch and removing records of the improper NIC.
___________________________________________________________________________________

Once the above information is followed, you may wish to force replicate your information from the PDC Emulator to the new DC. Replicating the Host A records and SRV records will allow you to share those records with other DNS servers that may have just come on line. If you do not force replicate from one server to another, it will happen automatically. However, you may have to wait up to eight hours per server. So, you may wish to replicate from your PDC emulator to the new DNS server.

So, here is step 4):
To force replicate, and save yourself time:
a) go to the Active Directory Sites and Services Snapin
b) navigate to Default First Site>>Servers
c)Pick the server you want to replicate TO and expand it
d)right click what is showing (NTDS site?) and select "replicate now"

Commented:
Glad things are working for you mickeyshelley1:
also so you know Dhcp is coming from my firewall not the server

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial