asked on sbs2003 domain login problem
We have a single sbs2003 running exchange, and just recently, we are having problems with clients logging in to the domain. It seems to be worse on the older xp machines, but has occasionally affected V7 pro workstations too.
If we remove the workstation from the domain, and rejoin it, we can log in OK, but when we restart the workstation, the problem returns.
At the moment, all but one are logged in OK, but I wanted to know if there is anything we should look for, and how to resolve the issue.
Any advice, would be appreciated.
Thanks.
If we remove the workstation from the domain, and rejoin it, we can log in OK, but when we restart the workstation, the problem returns.
At the moment, all but one are logged in OK, but I wanted to know if there is anything we should look for, and how to resolve the issue.
Any advice, would be appreciated.
Thanks.
SBSWindows Server 2003
Last Comment
nigelbeatson
What error are you getting when they try to login?
ASKER
We just get the message that we have used an incorrect username or password.
Dumb question, is the time set correctly on both the client and the server? Kerberos is time dependent.
ASKER
Yes, I can confirm that the workstation and server are set to the correct time.
The current problem workstation, I have found allows one user to log in, but not the other??
Thanks.
The current problem workstation, I have found allows one user to log in, but not the other??
Thanks.
have you ran dcdiag on the dc? It may be a domain controller issue.
ASKER
No, I will give it try and post the results. Thanks.
No problem. If the dcdiag doesn't report errors, have you tried reinstalling the OS on the clients and re joining them to the domain? You may have some stuff in the registry causing the issue, such as HKU records for identical names, which would have different identifiers.
first step: check the event viewer on the pc. it may have problems connecting or updating with the DC. if this doesnt help, check the security log on the DC. if this shows the corresponding user login failure you know its not the PCs fault but the DC.
Let us know what you find and we can go from there,
Let us know what you find and we can go from there,
ASKER
I will check the event log. Where is the DC security log??
Here is the DCDIAG report. A couple of errors which are beyond me I am affraid. Any help in assessing this would be appreciated.
Many thanks.
dcdiag.txt
Here is the DCDIAG report. A couple of errors which are beyond me I am affraid. Any help in assessing this would be appreciated.
Many thanks.
dcdiag.txt
One of them is a pretty big issue, but unrelated. The bad block on the hard drive should be addressed as soon as possible. The SYSVOL may be the culprit but I doubt it. have you tried a clean install on the client? Also, is the client to the current on it's updates?
ASKER
Thankyou. Yes, we are aware of the bad block, but presumed the OS would mark it so, relocate the data and mark it "don't use".
We have not tried a clean install of the client OS, if that is what you mean, due to the amount of programs and data on the workstation in question. We will of course have to do this if essential.
Due to the amount of work involved in doing this, we thought we should try further investigations first, particulalry, as it has affected other workstations too.
Updates are enabled on each of our servers and client workstations.
We have not tried a clean install of the client OS, if that is what you mean, due to the amount of programs and data on the workstation in question. We will of course have to do this if essential.
Due to the amount of work involved in doing this, we thought we should try further investigations first, particulalry, as it has affected other workstations too.
Updates are enabled on each of our servers and client workstations.
the security log in in the event viewer on the Domain Controller should show any failed attempts for users to log on. the faiiures (or lack of them) can help work out where the issue is.
You also need the events from the applicaton and system logs on the PC though.
You also need the events from the applicaton and system logs on the PC though.
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
1. has anything changed with your DHCP scope options?
2. run ipconfig /flushdns on the server
3. on workstations run ipconfig /flushdns then ipconfig /registerdns
4. run the connect to the internet wizard on the SBS, its a good place to start SBS love the built in wizards.
2. run ipconfig /flushdns on the server
3. on workstations run ipconfig /flushdns then ipconfig /registerdns
4. run the connect to the internet wizard on the SBS, its a good place to start SBS love the built in wizards.
ASKER
Many thanks to all.
I have carried out the dcdiag test fir DNS and the results are as follows :-
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\SW
Starting test: Connectivity
......................... SWWSERVER passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\SW
DNS Tests are running and not hung. Please wait a few minutes...
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : swdom
Running enterprise tests on : swdom.local
Starting test: DNS
Test results for domain controllers:
DC: swwserver.swdom.local
Domain: swdom.local
TEST: Forwarders/Root hints (Forw)
Error: Forwarders list has invalid forwarder: 222.67.220.220 (<name unavailable>)
Summary of test results for DNS servers used by the above domain controllers:
DNS server: 222.67.220.220 (<name unavailable>)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 222.67.220.220
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
__________________________
Domain: swdom.local
swwserver PASS PASS FAIL PASS PASS PASS n/a
......................... swdom.local failed test DNS
The strange thing is, I changed the DNS forwarders to 8.8.8.8 and also one other that I often use, but the error persists. Very strange.
Any suggestions?
I can also confirm that the problem workstation form yesterday (XP Pro client) is now working fine, but one of our Windows V7 workstations failed to log in (again incorrect username / password).
The user tried to log on a different usrer at a different V7 workstation, and this logged in fine. After doing this, they could then log in OK on their workstion too.
I checked the Security event log, and it showed :--
Logon Failure:
Reason: Unknown user name or bad password
User Name:
Domain:
Logon Type: 3
Logon Process: Kerberos
Authentication Package: Kerberos
Workstation Name: -
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: 194.168.123.17
Source Port: 3911
All are working OK at the moment, but there must be an underlying issue, as it has been like this for a few weeks now, and I need to get to the bottom of it.
Any further help would be appreciated.
Thanks.
I have carried out the dcdiag test fir DNS and the results are as follows :-
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\SW
Starting test: Connectivity
......................... SWWSERVER passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\SW
DNS Tests are running and not hung. Please wait a few minutes...
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : swdom
Running enterprise tests on : swdom.local
Starting test: DNS
Test results for domain controllers:
DC: swwserver.swdom.local
Domain: swdom.local
TEST: Forwarders/Root hints (Forw)
Error: Forwarders list has invalid forwarder: 222.67.220.220 (<name unavailable>)
Summary of test results for DNS servers used by the above domain controllers:
DNS server: 222.67.220.220 (<name unavailable>)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 222.67.220.220
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
__________________________
Domain: swdom.local
swwserver PASS PASS FAIL PASS PASS PASS n/a
......................... swdom.local failed test DNS
The strange thing is, I changed the DNS forwarders to 8.8.8.8 and also one other that I often use, but the error persists. Very strange.
Any suggestions?
I can also confirm that the problem workstation form yesterday (XP Pro client) is now working fine, but one of our Windows V7 workstations failed to log in (again incorrect username / password).
The user tried to log on a different usrer at a different V7 workstation, and this logged in fine. After doing this, they could then log in OK on their workstion too.
I checked the Security event log, and it showed :--
Logon Failure:
Reason: Unknown user name or bad password
User Name:
Domain:
Logon Type: 3
Logon Process: Kerberos
Authentication Package: Kerberos
Workstation Name: -
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: 194.168.123.17
Source Port: 3911
All are working OK at the moment, but there must be an underlying issue, as it has been like this for a few weeks now, and I need to get to the bottom of it.
Any further help would be appreciated.
Thanks.
ASKER
Not changed anything on the DHCP service at all.
I think it is a server based problem, as the workstations do connect sometimes, first time. They are all working now, but I know come Monday, we will get this issue somewhere on the network.
Many thanks.
I think it is a server based problem, as the workstations do connect sometimes, first time. They are all working now, but I know come Monday, we will get this issue somewhere on the network.
Many thanks.
1. reset your switch since its a single point of failure, if it's a managed check the logs. Could be a port intermittently broadcasting bad info or something like this.
COuld you explain the following details from your post:
"Source Network Address: 194.168.123.17
Source Port: 3911"
How come your IP has come out as an external IP instead an internal one?
Also, port 3911 is a little odd for workstation login.
Are there any details you've missed here?
"Source Network Address: 194.168.123.17
Source Port: 3911"
How come your IP has come out as an external IP instead an internal one?
Also, port 3911 is a little odd for workstation login.
Are there any details you've missed here?
ASKER
Sorry for the delay in replying.
No, I cannot explain the IP address?? The workstation is a local device and is connected via ethernet to our server.
??
No, I cannot explain the IP address?? The workstation is a local device and is connected via ethernet to our server.
??