I seem to have a problem with my backup DC on a 2 DC domain. The PDC is an SBS 2003 and the BDC is Server 2003. For the last 2 weeks I have been seeing a number of NTLM authentication failure errors on the daily reports along with a few other, possibly related errors. I've run dcdiag on the bdc and all tests pass, as does the same test on the SBS. Although if I run dcdiag /e on the BDC, I get a whole host of failures:
Starting test: NetLogons
[SERVER] User credentials does not have permission to perform this oper
The account used for this test must have network logon privileges
for this machine's domain.
......................... SERVER failed test NetLogons
Starting test: Advertising
Fatal Error:DsGetDcName (SERVER) call failed, error 5
The Locator could not find the server.
......................... SERVER failed test Advertising
Starting test: KnowsOfRoleHolders
I don't understand the "The account used for this test must have network logon privileges
for this machine's domain" as I'm using the domain admin account to run these tests.
Dcdiag /e on the PDC passes everything.
Netdiag passes everything, barring the following:
LDAP test. . . . . . . . . . . . . : Passed
[FATAL] Cannot do NTLM authenticated ldap_bind to 'server.domain.local': Inval
[FATAL] Cannot do Negotiate authenticated ldap_bind to 'server.domain.local':
[WARNING] Failed to query SPN registration on DC 'server.domain.local'.
All the neccesary shares (Netlogon, Sysvol and IPC$) are up and accessbile on both DC's, I've checked to make sure all required services are started correcly and now I'm pretty much stuck. Iv'e trawled the net most of today looking for a solution and so far not been successful :(
Any help would be much appreciated :)