Link to home
Start Free TrialLog in
Avatar of Simon336697
Simon336697Flag for Australia

asked on

Diagnosing why a domain controller is not handling any authentication requests.

Hi guys,
We have an AD 2003 Domain.
We have added the correct site and subnets to AD sites and services and the right DC is in the correct AD Site.
What we are finding is that this domain controller is not authenticating any clients in the applicable subnet ranges that it should be. There are no attempts for the clients to contact this domain controller, and they are being authenticated by other domain controllers and we dont know why.
We know that this domain controller is handling replication activities correctly such as user account creation etc, so we dont know why it is not authenticating clients.

We have run a dcdiag against this domain controller and all seems fine.

Any other help greatly appreciated.
SOLUTION
Avatar of slappa1
slappa1

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Check below article & its applicable for windows 2003.

http://support.microsoft.com/?kbid=247811
Avatar of Simon336697

ASKER

Guys thanks so much for all your assistance.
Avatar of slappa1
slappa1

what was the problem in th end?
The SRV record for the DC was not in DNS.
As we dont use a Microsoft DNS Server, but a system called QIP, we had to allow permission for the DC to write its SRV records to this DNS zone.
Then, I restarted the netlogon service, and then did an nslookup, set q=srv, followed by:
_ldap._tcp.dc._msdcs.<domain>
and the domain controller showed an entry now.
Once again, I thank all of you.