Solved

Remote PC cannot contact Domain Controller.

Posted on 2008-10-30
9
720 Views
Last Modified: 2012-06-27
We have a remote facility that's connected by a dedicated T1.  The setup goes like this, from our main site we have a Cisco router, which then goes to the remote site to another Cisco router, and from there it goes through a Linksys router that is performing NAT and DHCP for the PC's there.  We had to do this b/c at the time we were unsure how to forward DHCP requests through the Cisco.  Basically the Linksys sees the Cisco as the internet as it's plugged into it's WAN port.  Up until now this has been working, and users could access their email, the internet, and files.  Now one particular user cannot access email or shared files.  When she tried to access a share via UNC path she would be prompted for authentication, but when she put her username and password in she would get the message "The login was unsuccessful.  The username typed is the same as the login.  A DC cannot be found to authenicate the login (Paraphrased)"  After many different attempts we tried removing it from the domain, which worked, but now when trying to add it back it can't find the DC.

The funny thing is, when it was still joined, she could access the internet and ping our DC by IP.  Also, when trying to access shared files and being prompted for authentication, if you put incorrect info for the username and password, then the correct info on the reprompt, it would let her access the shares.

I'm truly stumped on this one.
0
Comment
Question by:Go-GBS
  • 6
  • 2
9 Comments
 
LVL 4

Expert Comment

by:bmonroe44
ID: 22845341
Is there DNS resolution between the sites? Forward DNS through your Router on both sides.
She must have had a cached profile and now it cannot connect to the DC to authenticate.
0
 
LVL 1

Expert Comment

by:lwu168
ID: 22845356
I would remove the Linksys router from the picture.  It act as a NAT Pool.
   
1. You can forward the DHCP request from the Cisco router by adding a ip helper statement on the interface that interconnect with the Linksys, "ip helper-address xxx.xxx.xxx.xxx(ip address of your dhcp server)".  Setup the DHCP scope on your DHCP server.

2. You can also use the Cisco Router that does DHCP.
ip dhcp pool xyzcompany
      network 192.168.1.0 255.255.255.0
      domain-name xyzcompany.com
      dns-server 192.168.2.2 192.168.3.3
      netbios-node-type h-node
0
 

Author Comment

by:Go-GBS
ID: 22846733
How do you forward DNS through a Cisco Router?  Also, I do have it setup to forward DHCP, but it might be a little while until I can make it to the site.  

One more thing to note, I had someone else try to logon to this PC and were unable to as well, but she was able to logon to a different PC w/o a problem.

The other thing with the profile, now that it's off the domain, is that we're using the local admin account, so I'm not sure it could be related to just that profile.
0
Free Webinar: AWS Backup & DR

Join our upcoming webinar with experts from AWS, CloudBerry Lab, and the Town of Edgartown IT to discuss best practices for simplifying online backup management and cutting costs.

 
LVL 1

Accepted Solution

by:
lwu168 earned 500 total points
ID: 22846992
You do not forward DNS through the router, the DNS information is specify from the DHCP server.  The DNS traffic is routed through the router.  I am not sure how many machines you have behind that linksys router, Let say you have 10 machines getting an IP from the linksys, from the Domain Controller prospect it's only talking to one computer.  You can probably add the machine to the domain if you shut down all other machine but as soon as there are more than one machine are on the linksys network there is going to be some communication issue with the domain controller.  My suggestion is to get rid of the linksys router.  
0
 

Author Comment

by:Go-GBS
ID: 22895859
Ok, the Linksys is out of the loop, it's only serving as a wireless access point now.  The remote office PC's are now receiving IP's from our DHCP server in the main office and everything is working....except the one PC that started this problem.  It will join the domain, and if I logon locally, I can access anything, yet the second I try to logon to the computer with a domain account, I get the message the domain is not available.  Any thoughts on what it could be?
0
 

Author Comment

by:Go-GBS
ID: 22896176
Thought I'd throw this in, I logged onto another PC which doesn't seem to be having problems, but it didn't seem to recognize I had domain admin rights, I couldn't even access the clock.
0
 

Author Comment

by:Go-GBS
ID: 22924365
Ok, finally found the issue, well at least after the Linksys router was taken out of the loop.  Seems there was another PC on the network with that name, I didn't realize this b/c our documentation hadn't been updated properly.  I do find it odd that it would have allowed me to join the domain using a duplicated name, but it did, just wouldn't allow me to logon.
0
 

Author Comment

by:Go-GBS
ID: 22924391
I'd like to award lwu168 some points as well, as taking the Linksys out was def part of the problem, but wasn't the whole solution as I got the rest myself.
0
 

Author Comment

by:Go-GBS
ID: 22924402
As I stated above, removing the Linksys was part of the solution, the other part was the duplicate computer name.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Welcome to my series of short tips on migrations. Whilst based on Microsoft migrations the same principles can be applied to any type of migration. My first tip Migration Tip #1 – Source Server Health can be found listed in my profile here: http:…
Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question