Solved

Windows 7 machine authentication problems on 2008 Network

Posted on 2010-09-24
34
631 Views
Last Modified: 2012-05-10
We have a 2008 Active Directory Network.  We recently started using 3 New Windows 7 machines for the domain administrators.  We also have a large facility with 3 different IP subnets.  When one of the administrators goes to a different area and uses his computer on a different subnet, when he comes back to his office he can not log in to his computer.  He gets the error bad username or password.  Then he can not log in to the network.  Also, he is using kerberos to connect to client access for the iSeries.  He can log in to his computer if he disconnects the network cable.  Then when he reconnects the cable he gets kerberos credentials not foound.
0
Comment
Question by:jtennyson
  • 19
  • 7
  • 7
  • +1
34 Comments
 

Author Comment

by:jtennyson
ID: 33753269
Now if he connects wirelessly he can get on the windows network.  However when he tries to connect to client access he recieves Kerberos client credentials not found.
0
 
LVL 8

Expert Comment

by:psychogr
ID: 33753765
this is a dns issue.. make sure first dns entry is the ip address of your dc
0
 

Author Comment

by:jtennyson
ID: 33753775
Do you mean put a static dns entry in his computer instead of getting it through dhcp?
0
 
LVL 76

Expert Comment

by:arnold
ID: 33753791
I.e. make sure the system the administrator uses while moving around is configured for DHCP for both IP and DNS and is not using a static IP and DNS configuration.
0
 
LVL 8

Expert Comment

by:psychogr
ID: 33753811
yes and make dhcp to forward proper dns entries i.e. dc ip adress as first dns entry
0
 

Author Comment

by:jtennyson
ID: 33753835
I have DHCP configured that way.  I will put a static DNS entry in his computer.
0
 
LVL 76

Expert Comment

by:arnold
ID: 33754762
Presumably you have a DHCP on each subnet or you have a dhcp relay agent configured on the Subnets where there is no DHCP server.  The scope options allocate DNS servers that are local to the segment or all point to the same DC?
0
 

Author Comment

by:jtennyson
ID: 33754954
I put the static DNS entry in his computer.  It did not work.  He is still is getting a kerberos error.  The DC is attached to all three subnets.  All DNS ponts to the dc.
0
 
LVL 76

Expert Comment

by:arnold
ID: 33755164
Is there a path from each subnet?
Does your DC have multiple NICs? or is there a router in the place that combines the traffic for all the subnets?  Does the user have issues loging into a local workstation on each subnet?
0
 

Author Comment

by:jtennyson
ID: 33755470
The DC has multiple nics.  He does not have a problem logging on to any other computer except his Windows 7 laptop.
0
 
LVL 76

Expert Comment

by:arnold
ID: 33755504
Several things do not make sense provided you have the NIC configured for DHCP for both IP and DNS as well as have ipv6 off?

Does the windows 7 have a local firewall setup where it has explicitly set one LAN as exempt/trusted while others are seen as public?
0
 

Author Comment

by:jtennyson
ID: 33756202
None of this makes sense to me.  The nic is configured for both dhcp and dns.  Although now I put a static entry in for dns.  The local firewall is turned off.  He did have ipv6 turned on with ipv4 so I turned off 6.
0
 
LVL 76

Expert Comment

by:arnold
ID: 33756627
Is the change being tested now?

Also did you configure the DHCP on the windows 2008 to use/allocate both IPv4 and IPv6 IPs?
0
 
LVL 7

Expert Comment

by:jesaja
ID: 33761750
when you say "different area and uses his computer on a different subnet, when he comes back to his office he can not log in to his computer"
that means he were able to login before at the main subnet right

is this affecting only this windows 7 machine

that he can login without network cable is because windows is using cached credentials and after logged in when you plug in the cable there is no kerberos credentials as pc and user have not received a TGT from KDC.

have you tried to rejoin the pc to the domain, first remove from domain and then join again

DNS can be the problem because all Domain Services are provided in DNS.
DHCP should not be the problem as the client receives the correct IP settings, right?

Do you have only one side in your domain?
can you provide more details of the domain infrastructure


 
0
 

Author Comment

by:jtennyson
ID: 33779514
The static DNS entry and turning off IPv6 did not work.,
0
 
LVL 76

Expert Comment

by:arnold
ID: 33780212
What errors if any are recorded on the workstation?

You may have to do as others have suggested to rejoin the system to the domain just in the event that the joining initially was not complete.
0
 

Author Comment

by:jtennyson
ID: 33781505
He had errors on the workstation.  Unfortunately he is out of town now and I don't know what they were.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:jtennyson
ID: 33801853
This just hapened to another user.  If I pull the network cable and log him in, then connect the cable he is fine.  He can get in to all network resources. If I log him in with the cable connected I get wrong user name or password.  I know the password is correct because I entere it in to his account in AD myself.  I also took this machine off of the domain, and then rejoined it.
0
 
LVL 76

Expert Comment

by:arnold
ID: 33804883
You might have a DC out of sync.
Run dcdiag on the DC's.
0
 

Author Comment

by:jtennyson
ID: 33806726
What am I looking for?  I ran it on both DC's.
0
 

Author Comment

by:jtennyson
ID: 33806733
I have four Windows 7 machines and two of them are behaving this way.
0
 
LVL 8

Expert Comment

by:psychogr
ID: 33806853
When running dcdiag on both dcs do you get any errors?
Post dcdiag output here for more information if you like.

Also are you sure dns entries pointing to the correct Primary DC on every subnet?
Can you remove all entries from DNS and leave Only the ip of your primary dc ?
0
 

Author Comment

by:jtennyson
ID: 33807004
Here is the out put from DCdiag

Primary

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = RGRAYDC1
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\RGRAYDC1
      Starting test: Connectivity
         ......................... RGRAYDC1 passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\RGRAYDC1
      Starting test: Advertising
         ......................... RGRAYDC1 passed test Advertising
      Starting test: FrsEvent
         ......................... RGRAYDC1 passed test FrsEvent
      Starting test: DFSREvent
         ......................... RGRAYDC1 passed test DFSREvent
      Starting test: SysVolCheck
         ......................... RGRAYDC1 passed test SysVolCheck
      Starting test: KccEvent
         ......................... RGRAYDC1 passed test KccEvent
      Starting test: KnowsOfRoleHolders
         ......................... RGRAYDC1 passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         ......................... RGRAYDC1 passed test MachineAccount
      Starting test: NCSecDesc
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
            Replicating Directory Changes In Filtered Set
         access rights for the naming context:
         DC=DomainDnsZones,DC=corp,DC=rgrayclamps,DC=com
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
            Replicating Directory Changes In Filtered Set
         access rights for the naming context:
         DC=ForestDnsZones,DC=corp,DC=rgrayclamps,DC=com
         ......................... RGRAYDC1 failed test NCSecDesc
      Starting test: NetLogons
         ......................... RGRAYDC1 passed test NetLogons
      Starting test: ObjectsReplicated
         ......................... RGRAYDC1 passed test ObjectsReplicated
      Starting test: Replications
         ......................... RGRAYDC1 passed test Replications
      Starting test: RidManager
         ......................... RGRAYDC1 passed test RidManager
      Starting test: Services
         ......................... RGRAYDC1 passed test Services
      Starting test: SystemLog
         An Error Event occurred.  EventID: 0x000016AD
            Time Generated: 10/01/2010   06:17:23
            Event String: The session setup from the computer TIMEATTD3 failed to authenticate. The following error occurred:
         An Error Event occurred.  EventID: 0xC0000010
            Time Generated: 10/01/2010   06:30:02
            Event String:
            While processing a TGS request for the target server cifs/RGRAYAS4.corp.rgrayclamps.com, the account jtenny@CORP.RGRAYCLAMPS.COM
 did not have a suitable key for generating a Kerberos ticket (the missing key has an ID of 8). The requested etypes were 18  17  23  24  -1
35. The accounts available etypes were 23  -133  -128  18  17  3  1  -140. Changing or resetting the password of rgrayas4_5_cifs will genera
te a proper key.
         An Error Event occurred.  EventID: 0x00000457
            Time Generated: 10/01/2010   06:32:52
            Event String:
            Driver Kyocera CS-3060 KX required for printer !!rgraybg02!P01SC05 is unknown. Contact the administrator to install the driver b
efore you log in again.
         An Error Event occurred.  EventID: 0x00000457
            Time Generated: 10/01/2010   06:32:55
            Event String:
            Driver Microsoft Office Document Image Writer Driver required for printer Microsoft Office Document Image Writer is unknown. Con
tact the administrator to install the driver before you log in again.
         An Error Event occurred.  EventID: 0x00000457
            Time Generated: 10/01/2010   06:32:57
            Event String:
            Driver Kyocera CS 250ci KX required for printer !!SYSTEMCENTER!p01ex03 is unknown. Contact the administrator to install the driv
er before you log in again.
         An Error Event occurred.  EventID: 0x00000457
            Time Generated: 10/01/2010   06:32:58
            Event String:
            Driver Microsoft Office Live Meeting 2007 Document Writer Driver required for printer Microsoft Office Live Meeting 2007 Documen
t Writer is unknown. Contact the administrator to install the driver before you log in again.
         ......................... RGRAYDC1 failed test SystemLog
      Starting test: VerifyReferences
         ......................... RGRAYDC1 passed test VerifyReferences


   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation

   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation

   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation

   Running partition tests on : corp
      Starting test: CheckSDRefDom
         ......................... corp passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... corp passed test CrossRefValidation

   Running enterprise tests on : corp.rgrayclamps.com
      Starting test: LocatorCheck
         ......................... corp.rgrayclamps.com passed test LocatorCheck
      Starting test: Intersite
         ......................... corp.rgrayclamps.com passed test Intersite
0
 

Author Comment

by:jtennyson
ID: 33807017
Here is the secondary

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = RGRAYBG01
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\RGRAYBG01
      Starting test: Connectivity
         ......................... RGRAYBG01 passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\RGRAYBG01
      Starting test: Advertising
         ......................... RGRAYBG01 passed test Advertising
      Starting test: FrsEvent
         ......................... RGRAYBG01 passed test FrsEvent
      Starting test: DFSREvent
         ......................... RGRAYBG01 passed test DFSREvent
      Starting test: SysVolCheck
         ......................... RGRAYBG01 passed test SysVolCheck
      Starting test: KccEvent
         ......................... RGRAYBG01 passed test KccEvent
      Starting test: KnowsOfRoleHolders
         ......................... RGRAYBG01 passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         ......................... RGRAYBG01 passed test MachineAccount
      Starting test: NCSecDesc
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
            Replicating Directory Changes In Filtered Set
         access rights for the naming context:
         DC=DomainDnsZones,DC=corp,DC=rgrayclamps,DC=com
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
            Replicating Directory Changes In Filtered Set
         access rights for the naming context:
         DC=ForestDnsZones,DC=corp,DC=rgrayclamps,DC=com
         ......................... RGRAYBG01 failed test NCSecDesc
      Starting test: NetLogons
         ......................... RGRAYBG01 passed test NetLogons
      Starting test: ObjectsReplicated
         ......................... RGRAYBG01 passed test ObjectsReplicated
      Starting test: Replications
         ......................... RGRAYBG01 passed test Replications
      Starting test: RidManager
         ......................... RGRAYBG01 passed test RidManager
      Starting test: Services
         ......................... RGRAYBG01 passed test Services
      Starting test: SystemLog
         An Error Event occurred.  EventID: 0x000016AD
            Time Generated: 10/01/2010   06:07:34
            Event String:
            The session setup from the computer PRESSDATACOLLEC failed to authen
ticate. The following error occurred:
         An Error Event occurred.  EventID: 0x000016AD
            Time Generated: 10/01/2010   06:32:24
            Event String:
            The session setup from the computer SHIPPINGLABELS failed to authent
icate. The following error occurred:
         ......................... RGRAYBG01 failed test SystemLog
      Starting test: VerifyReferences
         ......................... RGRAYBG01 passed test VerifyReferences


   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test
         CrossRefValidation

   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test
         CrossRefValidation

   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation

   Running partition tests on : corp
      Starting test: CheckSDRefDom
         ......................... corp passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... corp passed test CrossRefValidation

   Running enterprise tests on : corp.rgrayclamps.com
      Starting test: LocatorCheck
         ......................... corp.rgrayclamps.com passed test
         LocatorCheck
      Starting test: Intersite
         ......................... corp.rgrayclamps.com passed test Intersite
0
 
LVL 8

Expert Comment

by:psychogr
ID: 33807097
On both dcs

Click Start, type "adsiedit.msc", find and right-click "DC=abc,DC=com,DC=au", choose Properties, switch to Security tab, click Advanced. On permissions tab, click ADD if Enterprise Read-only Domain Controllers was not listed. Type Enterprise Read-only Domain Controllers and click OK.

Then Allow the following permissions.
Replicating Directory Changes
Replication Synchronization
Manage Replication Topology

Finaly change pasword for the users that have problem logging in and hopefully your problem will be solved..
0
 
LVL 8

Expert Comment

by:psychogr
ID: 33807160
after successful replication please run dcdiag again and post the results here
0
 

Author Comment

by:jtennyson
ID: 33807625
OK.  I followed the instructions.  Here are the new dcdiags

Primary

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = RGRAYDC1
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\RGRAYDC1
      Starting test: Connectivity
         ......................... RGRAYDC1 passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\RGRAYDC1
      Starting test: Advertising
         ......................... RGRAYDC1 passed test Advertising
      Starting test: FrsEvent
         ......................... RGRAYDC1 passed test FrsEvent
      Starting test: DFSREvent
         ......................... RGRAYDC1 passed test DFSREvent
      Starting test: SysVolCheck
         ......................... RGRAYDC1 passed test SysVolCheck
      Starting test: KccEvent
         ......................... RGRAYDC1 passed test KccEvent
      Starting test: KnowsOfRoleHolders
         ......................... RGRAYDC1 passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         ......................... RGRAYDC1 passed test MachineAccount
      Starting test: NCSecDesc
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
            Replicating Directory Changes In Filtered Set
         access rights for the naming context:
         DC=DomainDnsZones,DC=corp,DC=rgrayclamps,DC=com
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
            Replicating Directory Changes In Filtered Set
         access rights for the naming context:
         DC=ForestDnsZones,DC=corp,DC=rgrayclamps,DC=com
         ......................... RGRAYDC1 failed test NCSecDesc
      Starting test: NetLogons
         ......................... RGRAYDC1 passed test NetLogons
      Starting test: ObjectsReplicated
         ......................... RGRAYDC1 passed test ObjectsReplicated
      Starting test: Replications
         ......................... RGRAYDC1 passed test Replications
      Starting test: RidManager
         ......................... RGRAYDC1 passed test RidManager
      Starting test: Services
         ......................... RGRAYDC1 passed test Services
      Starting test: SystemLog
         An Error Event occurred.  EventID: 0x000016AD
            Time Generated: 10/01/2010   07:25:07
            Event String: The session setup from the computer TIMEATTD4 failed to authenticate. The following error occurred:
         An Error Event occurred.  EventID: 0x000016AD
            Time Generated: 10/01/2010   07:40:07
            Event String: The session setup from the computer MARTHARUIZ failed to authenticate. The following error occurred:
         An Error Event occurred.  EventID: 0xC0001B77
            Time Generated: 10/01/2010   07:43:07
            Event String:
            The Kaspersky Network Agent service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will
be taken in 0 milliseconds: Restart the service.
         An Error Event occurred.  EventID: 0x000016AD
            Time Generated: 10/01/2010   07:47:24
            Event String: The session setup from the computer C01WA-5481B failed to authenticate. The following error occurred:
         ......................... RGRAYDC1 failed test SystemLog
      Starting test: VerifyReferences
         ......................... RGRAYDC1 passed test VerifyReferences


   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation

   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation

   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation

   Running partition tests on : corp
      Starting test: CheckSDRefDom
         ......................... corp passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... corp passed test CrossRefValidation

   Running enterprise tests on : corp.rgrayclamps.com
      Starting test: LocatorCheck
0
 

Author Comment

by:jtennyson
ID: 33807648
Are you sure I can change the password and log in?

Secondary

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = RGRAYBG01
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\RGRAYBG01
      Starting test: Connectivity
         ......................... RGRAYBG01 passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\RGRAYBG01
      Starting test: Advertising
         ......................... RGRAYBG01 passed test Advertising
      Starting test: FrsEvent
         ......................... RGRAYBG01 passed test FrsEvent
      Starting test: DFSREvent
         ......................... RGRAYBG01 passed test DFSREvent
      Starting test: SysVolCheck
         ......................... RGRAYBG01 passed test SysVolCheck
      Starting test: KccEvent
         ......................... RGRAYBG01 passed test KccEvent
      Starting test: KnowsOfRoleHolders
         ......................... RGRAYBG01 passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         ......................... RGRAYBG01 passed test MachineAccount
      Starting test: NCSecDesc
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
            Replicating Directory Changes In Filtered Set
         access rights for the naming context:
         DC=DomainDnsZones,DC=corp,DC=rgrayclamps,DC=com
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
            Replicating Directory Changes In Filtered Set
         access rights for the naming context:
         DC=ForestDnsZones,DC=corp,DC=rgrayclamps,DC=com
         ......................... RGRAYBG01 failed test NCSecDesc
      Starting test: NetLogons
         ......................... RGRAYBG01 passed test NetLogons
      Starting test: ObjectsReplicated
         ......................... RGRAYBG01 passed test ObjectsReplicated
      Starting test: Replications
         ......................... RGRAYBG01 passed test Replications
      Starting test: RidManager
         ......................... RGRAYBG01 passed test RidManager
      Starting test: Services
         ......................... RGRAYBG01 passed test Services
      Starting test: SystemLog
         An Error Event occurred.  EventID: 0x0000165B
            Time Generated: 10/01/2010   07:30:31
            Event String:
            The session setup from computer 'MARTHARUIZ' failed because the secu
rity database does not contain a trust account 'MARTHARUIZ$' referenced by the s
pecified computer.
         An Error Event occurred.  EventID: 0x000016AD
            Time Generated: 10/01/2010   07:54:19
            Event String:
            The session setup from the computer TIMEATTD4 failed to authenticate
. The following error occurred:
         An Error Event occurred.  EventID: 0xC0000010
            Time Generated: 10/01/2010   08:07:03
            Event String:
            While processing a TGS request for the target server cifs/RGRAYAS4.c
orp.rgrayclamps.com, the account CWOLFO@CORP.RGRAYCLAMPS.COM did not have a suit
able key for generating a Kerberos ticket (the missing key has an ID of 8). The
requested etypes were 18  17  23  24  -135. The accounts available etypes were 2
3  -133  -128  18  17  3  1  -140. Changing or resetting the password of rgrayas
4_5_cifs will generate a proper key.
         An Error Event occurred.  EventID: 0x000016AD
            Time Generated: 10/01/2010   08:17:24
            Event String:
            The session setup from the computer TIMEATTD3 failed to authenticate
. The following error occurred:
         An Error Event occurred.  EventID: 0x000016AD
            Time Generated: 10/01/2010   08:17:24
            Event String:
            The session setup from the computer C01SHPLBL2 failed to authenticat
e. The following error occurred:
         ......................... RGRAYBG01 failed test SystemLog
      Starting test: VerifyReferences
         ......................... RGRAYBG01 passed test VerifyReferences


   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test
         CrossRefValidation

   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test
         CrossRefValidation

   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation

   Running partition tests on : corp
      Starting test: CheckSDRefDom
         ......................... corp passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... corp passed test CrossRefValidation

   Running enterprise tests on : corp.rgrayclamps.com
      Starting test: LocatorCheck
         ......................... corp.rgrayclamps.com passed test
         LocatorCheck
      Starting test: Intersite
         ......................... corp.rgrayclamps.com passed test Intersite
0
 

Author Comment

by:jtennyson
ID: 33807688
Do I have to change the password?
0
 

Author Comment

by:jtennyson
ID: 33808200
If I do have to change it, should I do it from the computer or in AD?
0
 
LVL 8

Accepted Solution

by:
psychogr earned 500 total points
ID: 33808937
You should change the password from the ad.
Also you must force replication and then run the dcdiag again.

To force replication :
*Open Active Directory Sites and Services.
*In the console tree, click NTDS Settings for the server that you want to force replication.
* In the details pane, right-click the connection over which you want to replicate directory information, and then click Replicate Now.

Run dcdiag and attach the results here
0
 

Author Comment

by:jtennyson
ID: 33809290
This aears to have worked
0
 

Author Closing Comment

by:jtennyson
ID: 33809296
Your the only one who came up with a solution that appears to have worked.
0
 
LVL 8

Expert Comment

by:psychogr
ID: 33813317
Great, Im glad that worked out and thank you for the grade and points. :)
0

Featured Post

Don't lose your head updating email signatures!

Do your end users still have the wrong email signature? Do email signature updates bore you or fill you with a sense of dread? You can make this a whole lot easier on yourself by trusting an Exclaimer email signature management solution. Over 50 million users do...so should you!

Join & Write a Comment

Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
If you need to start windows update installation remotely or as a scheduled task you will find this very helpful.
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now