login problems

I am running windows 2003 active directory. I have 3 domain controllers. One of which is a server that is being phased out. The problem is this morning this server being phased out was down... and no one could login.

I have checked to make sure that All of the domain roles are being held by a different server, Not the one that was down but no one could login.

Is there a "Preferred Server" for login. or any other ideas of what could be causing this?

Once the old server was back on line everyone could login normally.

Thank You.

LVL 1
Wildone63Asked:
Who is Participating?
 
JamesConnect With a Mentor Senior Cloud Infrastructure EngineerCommented:
On the DC that will be phased out you can remove this as being a Global Catalog Server.
0
 
JamesSenior Cloud Infrastructure EngineerCommented:
Go to the command prompt and type: set and then press enter. The will display the server preforming login requests.
0
 
JamesSenior Cloud Infrastructure EngineerCommented:
Look for LOGONSERVER in the list.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
JamesSenior Cloud Infrastructure EngineerCommented:
Verify which Server is holding the FSMO Roles.
0
 
JamesSenior Cloud Infrastructure EngineerCommented:
Usually the Server hosting the PDC Role is performing logon requests.
0
 
Wildone63Author Commented:
I did check with the set command and the logon server is set to the wrong server.... (the one that is being phased out.) The PDC role is being held by another server.

How can I change the Logon Server? Would I need to do this at each station?

Thank You.
0
 
JamesSenior Cloud Infrastructure EngineerCommented:
ADSIEDIT tool:
http://www.computerperformance.co.uk/w2k3/utilities/adsi_edit.htm
Download adsi tool and use it to remove the old dc (login server) record in AD. Here is the instruction of what needs to be removed:
1. Use ADSIEdit to delete the computer account in the OU=Domain
Controllers,DC=domain...
NOTE : The FRS subscriber object is deleted when the computer object is
deleted, since it is a child of the computer account.
2. Use ADSIEdit to delete the FRS member object in CN=Domain System Volume
(SYSVOL share),CN=file replication service,CN=system....
3. In the DNS console, use the DNS MMC to delete the cname (also known as the
Alias) record in the _msdcs container.
4. In the DNS console, use the DNS MMC to delete the A (also known as the Host)
record in DNS.
5. If the deleted computer was the last domain controller in a child domain and the
child domain was also deleted, use ADSIEdit to delete the trustDomain object for
the child in CN=System, DC=domain, DC=domain, Domain NC.

http://support.microsoft.com/kb/555846

0
 
JamesSenior Cloud Infrastructure EngineerCommented:
Domain controllers with the highest priority are contacted first. When domain controllers have the same priority, the domain controllers with the highest weight are most likely to be contacted.
 
When you use the Registry Editor, on a domain controller, to set the priority and weight, Net Logon records these values in the LDAP SRV records that it writes.
 
NOTE: If you set priority and/or weight, you can view these values in the %SystemRoot%\System32\Config\netlogon.dns file.
 
To set priority and/or weight of a domain controller, use the Registry Editor to navigate to:
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters.
 
The priority is recorded in the LdapSrvPriority Value Name, a REG_DWORD data type. The highest priority is the lowest number, 0x0, which is the default data value. The permitted range is 0x0 - 0xFFFF. Lower priority domain controllers will only be contacted when the higher priority domain controllers are NOT available.
 
The weight is recorded in the LdapSrvWeight Value Name, a REG_DWORD data type. When domain controllers have the same priority (LdapSrvPriority), domain controllers with a numerically higher weight are favored, using the following formula:
 
Probability of Contact = LdapSrvWeight / SUM of all LdapSrvWeight for DCs with the same LdapSrvPriority
 
Example: If three domain controllers have the highest priority (LdapSrvPriority = 0x0), the probability of contact is:
 
Server Weight Probability
 A              3       1/2 (3/6)  
 B              2       1/3 (2/6)
 C              1       1/6 (1/6)
 
NOTE: If all the domain controllers of a given priority have the same weight, the data value of LdapSrvWeight is 0x0, by convention.
0
 
JamesSenior Cloud Infrastructure EngineerCommented:
Another option would be to make one of the other DC a GC.
0
 
JamesSenior Cloud Infrastructure EngineerCommented:
You have a few options there now that should work for you. Option 2 and 3 would be more suitable for you.
0
 
Wildone63Author Commented:
Thank You. Removing the Global Catalog from the server being phased out worked fine.

Thanks again.
0
 
JamesSenior Cloud Infrastructure EngineerCommented:
No problem Wildone63, glad I could help ;)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.