Solved

sbs2003 domain login problem

Posted on 2012-03-15
19
299 Views
Last Modified: 2012-04-18
We have a single sbs2003 running exchange, and just recently, we are having problems with clients logging in to the domain. It seems to be worse on the older xp machines, but has occasionally affected V7 pro workstations too.

If we remove the workstation from the domain, and rejoin it, we can log in OK, but when we restart the workstation, the problem returns.

At the moment, all but one are logged in OK, but I wanted to know if there is anything we should look for, and how to resolve the issue.

Any advice, would be appreciated.

Thanks.
0
Comment
Question by:nigelbeatson
  • 8
  • 4
  • 3
  • +2
19 Comments
 
LVL 8

Expert Comment

by:Tymetwister
ID: 37724202
What error are you getting when they try to login?
0
 

Author Comment

by:nigelbeatson
ID: 37724210
We just get the message that we have used an incorrect username or password.
0
 
LVL 9

Expert Comment

by:bharrington83
ID: 37724229
Dumb question, is the time set correctly on both the client and the server?  Kerberos is time dependent.
0
 

Author Comment

by:nigelbeatson
ID: 37724250
Yes, I can confirm that the workstation and server are set to the correct time.

The current problem workstation, I have found allows one user to log in, but not the other??

Thanks.
0
 
LVL 9

Expert Comment

by:bharrington83
ID: 37724258
have you ran dcdiag on the dc?  It may be a domain controller issue.
0
 

Author Comment

by:nigelbeatson
ID: 37724281
No, I will give it try and post the results. Thanks.
0
 
LVL 9

Expert Comment

by:bharrington83
ID: 37724355
No problem.  If the dcdiag doesn't report errors, have you tried reinstalling the OS on the clients and re joining them to the domain? You may have some stuff in the registry causing the issue, such as HKU records for identical names, which would have different identifiers.
0
 
LVL 27

Expert Comment

by:Steve
ID: 37724416
first step: check the event viewer on the pc. it may have problems connecting or updating with the DC. if this doesnt help, check the security log on the DC. if this shows the corresponding user login failure you know its not the PCs fault but the DC.

Let us know what you find and we can go from there,
0
 

Author Comment

by:nigelbeatson
ID: 37724610
I will check the event log. Where is the DC security log??

Here is the DCDIAG report. A couple of errors which are beyond me I am affraid. Any help in assessing this would be appreciated.

Many thanks.
dcdiag.txt
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 
LVL 9

Expert Comment

by:bharrington83
ID: 37724696
One of them is a pretty big issue, but unrelated. The bad block on the hard drive should be addressed as soon as possible.  The SYSVOL may be the culprit but I doubt it.  have you tried a clean install on the client?  Also, is the client to the current on it's updates?
0
 

Author Comment

by:nigelbeatson
ID: 37724786
Thankyou. Yes, we are aware of the bad block, but presumed the OS would mark it so, relocate the data and mark it "don't use".

We have not tried a clean install of the client OS, if that is what you mean, due to the amount of programs and data on the workstation in question. We will of course have to do this if essential.

Due to the amount of work involved in doing this, we thought we should try further investigations first, particulalry, as it has affected other workstations too.

Updates are enabled on each of our servers and client workstations.
0
 
LVL 27

Expert Comment

by:Steve
ID: 37725696
the security log in in the event viewer on the Domain Controller should show any failed attempts for users to log on. the faiiures (or lack of them) can help work out where the issue is.
You also need the events from the applicaton and system logs on the PC though.
0
 
LVL 17

Accepted Solution

by:
WORKS2011 earned 500 total points
ID: 37727148
It's not a workstation, the probability of more than one workstation needing an OS rebuild is "Zero", yes null so don't bother doing the work.

I would definitely be worried about the SYSVOL being affected you need to address this ASAP.

run dcdiag /test:dns, I know its part of dcdiag and post the results.

We need to start by fixing the following from dcdiag:

      Starting test: frsevent
         There are warning or error events within the last 24 hours after the
         SYSVOL has been shared.  Failing SYSVOL replication problems may cause
         Group Policy problems.
         ......................... SWWSERVER failed test frsevent
      Starting test: kccevent
         ......................... SWWSERVER passed test kccevent
      Starting test: systemlog
         An Error Event occured.  EventID: 0xC0001B77
            Time Generated: 03/15/2012   11:07:55
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC0001B77
            Time Generated: 03/15/2012   11:24:40
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC0001B77
0
 
LVL 17

Expert Comment

by:WORKS2011
ID: 37727161
1. has anything changed with your DHCP scope options?

2. run ipconfig /flushdns on the server

3. on workstations run ipconfig /flushdns then ipconfig /registerdns

4. run the connect to the internet wizard on the SBS, its a good place to start SBS love the built in wizards.
0
 

Author Comment

by:nigelbeatson
ID: 37728840
Many thanks to all.

I have carried out the dcdiag test fir DNS and the results are as follows :-

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests
   
   Testing server: Default-First-Site-Name\SWWSERVER
      Starting test: Connectivity
         ......................... SWWSERVER passed test Connectivity

Doing primary tests
   
   Testing server: Default-First-Site-Name\SWWSERVER

DNS Tests are running and not hung. Please wait a few minutes...
   
   Running partition tests on : ForestDnsZones
   
   Running partition tests on : DomainDnsZones
   
   Running partition tests on : Schema
   
   Running partition tests on : Configuration
   
   Running partition tests on : swdom
   
   Running enterprise tests on : swdom.local
      Starting test: DNS
         Test results for domain controllers:
           
            DC: swwserver.swdom.local
            Domain: swdom.local

                 
               TEST: Forwarders/Root hints (Forw)
                  Error: Forwarders list has invalid forwarder: 222.67.220.220 (<name unavailable>)
         
         Summary of test results for DNS servers used by the above domain controllers:

            DNS server: 222.67.220.220 (<name unavailable>)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 222.67.220.220
               
         Summary of DNS test results:
         
                                            Auth Basc Forw Del  Dyn  RReg Ext  
               ________________________________________________________________
            Domain: swdom.local
               swwserver                    PASS PASS FAIL PASS PASS PASS n/a  
         
         ......................... swdom.local failed test DNS

The strange thing is, I changed the DNS forwarders to 8.8.8.8 and also one other that I often use, but the error persists. Very strange.

Any suggestions?

I can also confirm that the problem workstation form yesterday (XP Pro client) is now working fine, but one of our Windows V7 workstations failed to log in (again incorrect username / password).

The user tried to log on a different usrer at a different V7 workstation, and this logged in fine. After doing this, they could then log in OK on their workstion too.

I checked the Security event log, and it showed :--


Logon Failure:
       Reason:            Unknown user name or bad password
       User Name:      
       Domain:            
       Logon Type:      3
       Logon Process:      Kerberos
       Authentication Package:      Kerberos
       Workstation Name:      -
       Caller User Name:      -
       Caller Domain:      -
       Caller Logon ID:      -
       Caller Process ID:      -
       Transited Services:      -
       Source Network Address:      194.168.123.17
       Source Port:      3911

All are working OK at the moment, but there must be an underlying issue, as it has been like this for a few weeks now, and I need to get to the bottom of it.

Any further help would be appreciated.

Thanks.
0
 

Author Comment

by:nigelbeatson
ID: 37728948
Not changed anything on the DHCP service at all.

I think it is a server based problem, as the workstations do connect sometimes, first time. They are all working now, but I know come Monday, we will get this issue somewhere on the network.

Many thanks.
0
 
LVL 17

Expert Comment

by:WORKS2011
ID: 37729124
1. reset your switch since its a single point of failure, if it's a managed check the logs. Could be a port intermittently broadcasting bad info or something like this.
0
 
LVL 27

Expert Comment

by:Steve
ID: 37733502
COuld you explain the following details from your post:

"Source Network Address:      194.168.123.17
       Source Port:      3911"

How come your IP has come out as an external IP instead an internal one?
Also, port 3911 is a little odd for workstation login.

Are there any details you've missed here?
0
 

Author Comment

by:nigelbeatson
ID: 37746607
Sorry for the delay in replying.

No, I cannot explain the IP address?? The workstation is a local device and is connected via ethernet to our server.

??
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now