Solved

login problems

Posted on 2010-11-08
12
332 Views
Last Modified: 2012-05-10
I am running windows 2003 active directory. I have 3 domain controllers. One of which is a server that is being phased out. The problem is this morning this server being phased out was down... and no one could login.

I have checked to make sure that All of the domain roles are being held by a different server, Not the one that was down but no one could login.

Is there a "Preferred Server" for login. or any other ideas of what could be causing this?

Once the old server was back on line everyone could login normally.

Thank You.

0
Comment
Question by:Wildone63
  • 10
  • 2
12 Comments
 
LVL 15

Expert Comment

by:JBond2010
ID: 34085080
Go to the command prompt and type: set and then press enter. The will display the server preforming login requests.
0
 
LVL 15

Expert Comment

by:JBond2010
ID: 34085088
Look for LOGONSERVER in the list.
0
 
LVL 15

Expert Comment

by:JBond2010
ID: 34085098
Verify which Server is holding the FSMO Roles.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 15

Expert Comment

by:JBond2010
ID: 34085110
Usually the Server hosting the PDC Role is performing logon requests.
0
 
LVL 1

Author Comment

by:Wildone63
ID: 34085245
I did check with the set command and the logon server is set to the wrong server.... (the one that is being phased out.) The PDC role is being held by another server.

How can I change the Logon Server? Would I need to do this at each station?

Thank You.
0
 
LVL 15

Expert Comment

by:JBond2010
ID: 34085263
ADSIEDIT tool:
http://www.computerperformance.co.uk/w2k3/utilities/adsi_edit.htm
Download adsi tool and use it to remove the old dc (login server) record in AD. Here is the instruction of what needs to be removed:
1. Use ADSIEdit to delete the computer account in the OU=Domain
Controllers,DC=domain...
NOTE : The FRS subscriber object is deleted when the computer object is
deleted, since it is a child of the computer account.
2. Use ADSIEdit to delete the FRS member object in CN=Domain System Volume
(SYSVOL share),CN=file replication service,CN=system....
3. In the DNS console, use the DNS MMC to delete the cname (also known as the
Alias) record in the _msdcs container.
4. In the DNS console, use the DNS MMC to delete the A (also known as the Host)
record in DNS.
5. If the deleted computer was the last domain controller in a child domain and the
child domain was also deleted, use ADSIEdit to delete the trustDomain object for
the child in CN=System, DC=domain, DC=domain, Domain NC.

http://support.microsoft.com/kb/555846

0
 
LVL 15

Expert Comment

by:JBond2010
ID: 34085286
Domain controllers with the highest priority are contacted first. When domain controllers have the same priority, the domain controllers with the highest weight are most likely to be contacted.
 
When you use the Registry Editor, on a domain controller, to set the priority and weight, Net Logon records these values in the LDAP SRV records that it writes.
 
NOTE: If you set priority and/or weight, you can view these values in the %SystemRoot%\System32\Config\netlogon.dns file.
 
To set priority and/or weight of a domain controller, use the Registry Editor to navigate to:
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters.
 
The priority is recorded in the LdapSrvPriority Value Name, a REG_DWORD data type. The highest priority is the lowest number, 0x0, which is the default data value. The permitted range is 0x0 - 0xFFFF. Lower priority domain controllers will only be contacted when the higher priority domain controllers are NOT available.
 
The weight is recorded in the LdapSrvWeight Value Name, a REG_DWORD data type. When domain controllers have the same priority (LdapSrvPriority), domain controllers with a numerically higher weight are favored, using the following formula:
 
Probability of Contact = LdapSrvWeight / SUM of all LdapSrvWeight for DCs with the same LdapSrvPriority
 
Example: If three domain controllers have the highest priority (LdapSrvPriority = 0x0), the probability of contact is:
 
Server Weight Probability
 A              3       1/2 (3/6)  
 B              2       1/3 (2/6)
 C              1       1/6 (1/6)
 
NOTE: If all the domain controllers of a given priority have the same weight, the data value of LdapSrvWeight is 0x0, by convention.
0
 
LVL 15

Expert Comment

by:JBond2010
ID: 34085303
Another option would be to make one of the other DC a GC.
0
 
LVL 15

Accepted Solution

by:
JBond2010 earned 500 total points
ID: 34085396
On the DC that will be phased out you can remove this as being a Global Catalog Server.
0
 
LVL 15

Expert Comment

by:JBond2010
ID: 34085402
You have a few options there now that should work for you. Option 2 and 3 would be more suitable for you.
0
 
LVL 1

Author Closing Comment

by:Wildone63
ID: 34085555
Thank You. Removing the Global Catalog from the server being phased out worked fine.

Thanks again.
0
 
LVL 15

Expert Comment

by:JBond2010
ID: 34085572
No problem Wildone63, glad I could help ;)
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now