Solved

login problems

Posted on 2010-11-08
12
330 Views
Last Modified: 2012-05-10
I am running windows 2003 active directory. I have 3 domain controllers. One of which is a server that is being phased out. The problem is this morning this server being phased out was down... and no one could login.

I have checked to make sure that All of the domain roles are being held by a different server, Not the one that was down but no one could login.

Is there a "Preferred Server" for login. or any other ideas of what could be causing this?

Once the old server was back on line everyone could login normally.

Thank You.

0
Comment
Question by:Wildone63
  • 10
  • 2
12 Comments
 
LVL 15

Expert Comment

by:JBond2010
ID: 34085080
Go to the command prompt and type: set and then press enter. The will display the server preforming login requests.
0
 
LVL 15

Expert Comment

by:JBond2010
ID: 34085088
Look for LOGONSERVER in the list.
0
 
LVL 15

Expert Comment

by:JBond2010
ID: 34085098
Verify which Server is holding the FSMO Roles.
0
 
LVL 15

Expert Comment

by:JBond2010
ID: 34085110
Usually the Server hosting the PDC Role is performing logon requests.
0
 
LVL 1

Author Comment

by:Wildone63
ID: 34085245
I did check with the set command and the logon server is set to the wrong server.... (the one that is being phased out.) The PDC role is being held by another server.

How can I change the Logon Server? Would I need to do this at each station?

Thank You.
0
 
LVL 15

Expert Comment

by:JBond2010
ID: 34085263
ADSIEDIT tool:
http://www.computerperformance.co.uk/w2k3/utilities/adsi_edit.htm
Download adsi tool and use it to remove the old dc (login server) record in AD. Here is the instruction of what needs to be removed:
1. Use ADSIEdit to delete the computer account in the OU=Domain
Controllers,DC=domain...
NOTE : The FRS subscriber object is deleted when the computer object is
deleted, since it is a child of the computer account.
2. Use ADSIEdit to delete the FRS member object in CN=Domain System Volume
(SYSVOL share),CN=file replication service,CN=system....
3. In the DNS console, use the DNS MMC to delete the cname (also known as the
Alias) record in the _msdcs container.
4. In the DNS console, use the DNS MMC to delete the A (also known as the Host)
record in DNS.
5. If the deleted computer was the last domain controller in a child domain and the
child domain was also deleted, use ADSIEdit to delete the trustDomain object for
the child in CN=System, DC=domain, DC=domain, Domain NC.

http://support.microsoft.com/kb/555846

0
 
LVL 15

Expert Comment

by:JBond2010
ID: 34085286
Domain controllers with the highest priority are contacted first. When domain controllers have the same priority, the domain controllers with the highest weight are most likely to be contacted.
 
When you use the Registry Editor, on a domain controller, to set the priority and weight, Net Logon records these values in the LDAP SRV records that it writes.
 
NOTE: If you set priority and/or weight, you can view these values in the %SystemRoot%\System32\Config\netlogon.dns file.
 
To set priority and/or weight of a domain controller, use the Registry Editor to navigate to:
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters.
 
The priority is recorded in the LdapSrvPriority Value Name, a REG_DWORD data type. The highest priority is the lowest number, 0x0, which is the default data value. The permitted range is 0x0 - 0xFFFF. Lower priority domain controllers will only be contacted when the higher priority domain controllers are NOT available.
 
The weight is recorded in the LdapSrvWeight Value Name, a REG_DWORD data type. When domain controllers have the same priority (LdapSrvPriority), domain controllers with a numerically higher weight are favored, using the following formula:
 
Probability of Contact = LdapSrvWeight / SUM of all LdapSrvWeight for DCs with the same LdapSrvPriority
 
Example: If three domain controllers have the highest priority (LdapSrvPriority = 0x0), the probability of contact is:
 
Server Weight Probability
 A              3       1/2 (3/6)  
 B              2       1/3 (2/6)
 C              1       1/6 (1/6)
 
NOTE: If all the domain controllers of a given priority have the same weight, the data value of LdapSrvWeight is 0x0, by convention.
0
 
LVL 15

Expert Comment

by:JBond2010
ID: 34085303
Another option would be to make one of the other DC a GC.
0
 
LVL 15

Accepted Solution

by:
JBond2010 earned 500 total points
ID: 34085396
On the DC that will be phased out you can remove this as being a Global Catalog Server.
0
 
LVL 15

Expert Comment

by:JBond2010
ID: 34085402
You have a few options there now that should work for you. Option 2 and 3 would be more suitable for you.
0
 
LVL 1

Author Closing Comment

by:Wildone63
ID: 34085555
Thank You. Removing the Global Catalog from the server being phased out worked fine.

Thanks again.
0
 
LVL 15

Expert Comment

by:JBond2010
ID: 34085572
No problem Wildone63, glad I could help ;)
0

Join & Write a Comment

Learn about cloud computing and its benefits for small business owners.
Resolve DNS query failed errors for Exchange
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now