Simon336697
asked on
Diagnosing why a domain controller is not handling any authentication requests.
Hi guys,
We have an AD 2003 Domain.
We have added the correct site and subnets to AD sites and services and the right DC is in the correct AD Site.
What we are finding is that this domain controller is not authenticating any clients in the applicable subnet ranges that it should be. There are no attempts for the clients to contact this domain controller, and they are being authenticated by other domain controllers and we dont know why.
We know that this domain controller is handling replication activities correctly such as user account creation etc, so we dont know why it is not authenticating clients.
We have run a dcdiag against this domain controller and all seems fine.
Any other help greatly appreciated.
We have an AD 2003 Domain.
We have added the correct site and subnets to AD sites and services and the right DC is in the correct AD Site.
What we are finding is that this domain controller is not authenticating any clients in the applicable subnet ranges that it should be. There are no attempts for the clients to contact this domain controller, and they are being authenticated by other domain controllers and we dont know why.
We know that this domain controller is handling replication activities correctly such as user account creation etc, so we dont know why it is not authenticating clients.
We have run a dcdiag against this domain controller and all seems fine.
Any other help greatly appreciated.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Guys thanks so much for all your assistance.
what was the problem in th end?
ASKER
The SRV record for the DC was not in DNS.
As we dont use a Microsoft DNS Server, but a system called QIP, we had to allow permission for the DC to write its SRV records to this DNS zone.
Then, I restarted the netlogon service, and then did an nslookup, set q=srv, followed by:
_ldap._tcp.dc._msdcs.<doma in>
and the domain controller showed an entry now.
Once again, I thank all of you.
As we dont use a Microsoft DNS Server, but a system called QIP, we had to allow permission for the DC to write its SRV records to this DNS zone.
Then, I restarted the netlogon service, and then did an nslookup, set q=srv, followed by:
_ldap._tcp.dc._msdcs.<doma
and the domain controller showed an entry now.
Once again, I thank all of you.
http://support.microsoft.com/?kbid=247811