Link to home
Start Free TrialLog in
Avatar of Wildone63
Wildone63

asked on

login problems

I am running windows 2003 active directory. I have 3 domain controllers. One of which is a server that is being phased out. The problem is this morning this server being phased out was down... and no one could login.

I have checked to make sure that All of the domain roles are being held by a different server, Not the one that was down but no one could login.

Is there a "Preferred Server" for login. or any other ideas of what could be causing this?

Once the old server was back on line everyone could login normally.

Thank You.

Avatar of James
James
Flag of Ireland image

Go to the command prompt and type: set and then press enter. The will display the server preforming login requests.
Look for LOGONSERVER in the list.
Verify which Server is holding the FSMO Roles.
Usually the Server hosting the PDC Role is performing logon requests.
Avatar of Wildone63
Wildone63

ASKER

I did check with the set command and the logon server is set to the wrong server.... (the one that is being phased out.) The PDC role is being held by another server.

How can I change the Logon Server? Would I need to do this at each station?

Thank You.
ADSIEDIT tool:
http://www.computerperformance.co.uk/w2k3/utilities/adsi_edit.htm
Download adsi tool and use it to remove the old dc (login server) record in AD. Here is the instruction of what needs to be removed:
1. Use ADSIEdit to delete the computer account in the OU=Domain
Controllers,DC=domain...
NOTE : The FRS subscriber object is deleted when the computer object is
deleted, since it is a child of the computer account.
2. Use ADSIEdit to delete the FRS member object in CN=Domain System Volume
(SYSVOL share),CN=file replication service,CN=system....
3. In the DNS console, use the DNS MMC to delete the cname (also known as the
Alias) record in the _msdcs container.
4. In the DNS console, use the DNS MMC to delete the A (also known as the Host)
record in DNS.
5. If the deleted computer was the last domain controller in a child domain and the
child domain was also deleted, use ADSIEdit to delete the trustDomain object for
the child in CN=System, DC=domain, DC=domain, Domain NC.

http://support.microsoft.com/kb/555846

Domain controllers with the highest priority are contacted first. When domain controllers have the same priority, the domain controllers with the highest weight are most likely to be contacted.
 
When you use the Registry Editor, on a domain controller, to set the priority and weight, Net Logon records these values in the LDAP SRV records that it writes.
 
NOTE: If you set priority and/or weight, you can view these values in the %SystemRoot%\System32\Config\netlogon.dns file.
 
To set priority and/or weight of a domain controller, use the Registry Editor to navigate to:
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters.
 
The priority is recorded in the LdapSrvPriority Value Name, a REG_DWORD data type. The highest priority is the lowest number, 0x0, which is the default data value. The permitted range is 0x0 - 0xFFFF. Lower priority domain controllers will only be contacted when the higher priority domain controllers are NOT available.
 
The weight is recorded in the LdapSrvWeight Value Name, a REG_DWORD data type. When domain controllers have the same priority (LdapSrvPriority), domain controllers with a numerically higher weight are favored, using the following formula:
 
Probability of Contact = LdapSrvWeight / SUM of all LdapSrvWeight for DCs with the same LdapSrvPriority
 
Example: If three domain controllers have the highest priority (LdapSrvPriority = 0x0), the probability of contact is:
 
Server Weight Probability
 A              3       1/2 (3/6)  
 B              2       1/3 (2/6)
 C              1       1/6 (1/6)
 
NOTE: If all the domain controllers of a given priority have the same weight, the data value of LdapSrvWeight is 0x0, by convention.
Another option would be to make one of the other DC a GC.
ASKER CERTIFIED SOLUTION
Avatar of James
James
Flag of Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
You have a few options there now that should work for you. Option 2 and 3 would be more suitable for you.
Thank You. Removing the Global Catalog from the server being phased out worked fine.

Thanks again.
No problem Wildone63, glad I could help ;)