Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

login problems

Posted on 2010-11-08
12
Medium Priority
?
344 Views
Last Modified: 2012-05-10
I am running windows 2003 active directory. I have 3 domain controllers. One of which is a server that is being phased out. The problem is this morning this server being phased out was down... and no one could login.

I have checked to make sure that All of the domain roles are being held by a different server, Not the one that was down but no one could login.

Is there a "Preferred Server" for login. or any other ideas of what could be causing this?

Once the old server was back on line everyone could login normally.

Thank You.

0
Comment
Question by:Wildone63
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 10
  • 2
12 Comments
 
LVL 15

Expert Comment

by:JBond2010
ID: 34085080
Go to the command prompt and type: set and then press enter. The will display the server preforming login requests.
0
 
LVL 15

Expert Comment

by:JBond2010
ID: 34085088
Look for LOGONSERVER in the list.
0
 
LVL 15

Expert Comment

by:JBond2010
ID: 34085098
Verify which Server is holding the FSMO Roles.
0
 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

 
LVL 15

Expert Comment

by:JBond2010
ID: 34085110
Usually the Server hosting the PDC Role is performing logon requests.
0
 
LVL 1

Author Comment

by:Wildone63
ID: 34085245
I did check with the set command and the logon server is set to the wrong server.... (the one that is being phased out.) The PDC role is being held by another server.

How can I change the Logon Server? Would I need to do this at each station?

Thank You.
0
 
LVL 15

Expert Comment

by:JBond2010
ID: 34085263
ADSIEDIT tool:
http://www.computerperformance.co.uk/w2k3/utilities/adsi_edit.htm
Download adsi tool and use it to remove the old dc (login server) record in AD. Here is the instruction of what needs to be removed:
1. Use ADSIEdit to delete the computer account in the OU=Domain
Controllers,DC=domain...
NOTE : The FRS subscriber object is deleted when the computer object is
deleted, since it is a child of the computer account.
2. Use ADSIEdit to delete the FRS member object in CN=Domain System Volume
(SYSVOL share),CN=file replication service,CN=system....
3. In the DNS console, use the DNS MMC to delete the cname (also known as the
Alias) record in the _msdcs container.
4. In the DNS console, use the DNS MMC to delete the A (also known as the Host)
record in DNS.
5. If the deleted computer was the last domain controller in a child domain and the
child domain was also deleted, use ADSIEdit to delete the trustDomain object for
the child in CN=System, DC=domain, DC=domain, Domain NC.

http://support.microsoft.com/kb/555846

0
 
LVL 15

Expert Comment

by:JBond2010
ID: 34085286
Domain controllers with the highest priority are contacted first. When domain controllers have the same priority, the domain controllers with the highest weight are most likely to be contacted.
 
When you use the Registry Editor, on a domain controller, to set the priority and weight, Net Logon records these values in the LDAP SRV records that it writes.
 
NOTE: If you set priority and/or weight, you can view these values in the %SystemRoot%\System32\Config\netlogon.dns file.
 
To set priority and/or weight of a domain controller, use the Registry Editor to navigate to:
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters.
 
The priority is recorded in the LdapSrvPriority Value Name, a REG_DWORD data type. The highest priority is the lowest number, 0x0, which is the default data value. The permitted range is 0x0 - 0xFFFF. Lower priority domain controllers will only be contacted when the higher priority domain controllers are NOT available.
 
The weight is recorded in the LdapSrvWeight Value Name, a REG_DWORD data type. When domain controllers have the same priority (LdapSrvPriority), domain controllers with a numerically higher weight are favored, using the following formula:
 
Probability of Contact = LdapSrvWeight / SUM of all LdapSrvWeight for DCs with the same LdapSrvPriority
 
Example: If three domain controllers have the highest priority (LdapSrvPriority = 0x0), the probability of contact is:
 
Server Weight Probability
 A              3       1/2 (3/6)  
 B              2       1/3 (2/6)
 C              1       1/6 (1/6)
 
NOTE: If all the domain controllers of a given priority have the same weight, the data value of LdapSrvWeight is 0x0, by convention.
0
 
LVL 15

Expert Comment

by:JBond2010
ID: 34085303
Another option would be to make one of the other DC a GC.
0
 
LVL 15

Accepted Solution

by:
JBond2010 earned 2000 total points
ID: 34085396
On the DC that will be phased out you can remove this as being a Global Catalog Server.
0
 
LVL 15

Expert Comment

by:JBond2010
ID: 34085402
You have a few options there now that should work for you. Option 2 and 3 would be more suitable for you.
0
 
LVL 1

Author Closing Comment

by:Wildone63
ID: 34085555
Thank You. Removing the Global Catalog from the server being phased out worked fine.

Thanks again.
0
 
LVL 15

Expert Comment

by:JBond2010
ID: 34085572
No problem Wildone63, glad I could help ;)
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Suggested Courses

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question