Solved

can not login in the morning

Posted on 2013-12-23
11
262 Views
Last Modified: 2013-12-23
Hi,

We have a DC environment in the office, there is one pc can not be logged in every morning, keeps saying wrong password, but once reboot, it is fine, any ideas?  thx
0
Comment
Question by:mcrmg
  • 6
  • 3
  • 2
11 Comments
 
LVL 11

Expert Comment

by:Miftaul
Comment Utility
Can you logon to the PC with local credentials and check the system Time.
0
 
LVL 15

Expert Comment

by:unknown_routine
Comment Utility
What do you reboot? DC?
0
 

Author Comment

by:mcrmg
Comment Utility
actually, I did not try that.  But, I just checked the time on that pc (domain login), the time is correct...thx
0
 

Author Comment

by:mcrmg
Comment Utility
I reboot PC...thanks
0
 
LVL 15

Accepted Solution

by:
unknown_routine earned 250 total points
Comment Utility
Something is broken here. When user sees wrong password,  go to the DC computer and reset his password and have him reboot.

Do you have only 1 DC? if you have more than one make sure replication is set up correctly DC.
0
Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

 
LVL 11

Assisted Solution

by:Miftaul
Miftaul earned 250 total points
Comment Utility
Next time when the PC doesn't allow you to login using domain credential, log in using local credential and check the time.

If the local PC time and the DC time doesnt match, you cant logon. It could happen when the  BIOS battery is faulty that the system initiates to default time when first started. Rebooting is different case, as it can hold previous time, I did face similar issue before.
0
 

Author Comment

by:mcrmg
Comment Utility
This is what I found out, it loos like the replication access was denied, but I am not sure how to fix it, can EE give me some directions...thx


C:\Users\MYPC>repadmin /showrepl

Repadmin: running command /showrepl against full DC localhost
Default-First-Site-Name\MYSRV1
DSA Options: IS_GC
Site Options: (none)
DSA object GUID: b7a823a8-da25-42c6-837f-140dd8c2afbf
DSA invocationID: ffb16316-aa6a-4336-8d1c-bb7d8642c15f

==== INBOUND NEIGHBORS ======================================

DC=LOCAL,DC=MY-DM,DC=COM
    Default-First-Site-Name\MYSRV2 via RPC
        DSA object GUID: d5e4877e-e259-49bf-a462-5aa0995e75c6
        Last attempt @ 2013-12-23 09:11:15 was successful.

CN=Configuration,DC=LOCAL,DC=MY-DM,DC=COM
    Default-First-Site-Name\MYSRV2 via RPC
        DSA object GUID: d5e4877e-e259-49bf-a462-5aa0995e75c6
        Last attempt @ 2013-12-23 08:54:51 was successful.

CN=Schema,CN=Configuration,DC=LOCAL,DC=MY-DM,DC=COM
    Default-First-Site-Name\MYSRV2 via RPC
        DSA object GUID: d5e4877e-e259-49bf-a462-5aa0995e75c6
        Last attempt @ 2013-12-23 08:54:51 was successful.

DC=DomainDnsZones,DC=LOCAL,DC=MY-DM,DC=COM
    Default-First-Site-Name\MYSRV2 via RPC
        DSA object GUID: d5e4877e-e259-49bf-a462-5aa0995e75c6
        Last attempt @ 2013-12-23 08:54:51 was successful.

DC=ForestDnsZones,DC=LOCAL,DC=MY-DM,DC=COM
    Default-First-Site-Name\MYSRV2 via RPC
        DSA object GUID: d5e4877e-e259-49bf-a462-5aa0995e75c6
        Last attempt @ 2013-12-23 08:54:51 was successful.
DsReplicaGetInfo() failed with status 8453 (0x2105):
    Replication access was denied.
DsReplicaGetInfo() failed with status 8453 (0x2105):
    Replication access was denied.
0
 
LVL 11

Assisted Solution

by:Miftaul
Miftaul earned 250 total points
Comment Utility
Can you check the DNS server if there is any issues. And you are running Repadmin from an elevated command prompt, right.
0
 

Author Comment

by:mcrmg
Comment Utility
DNS does not seem have issues.

I rebooted the second DC and ran repadmin from elevated command prompt (I didnt).  Here is the result


C:\Windows\system32>repadmin /showrepl

Repadmin: running command /showrepl against full DC localhost
Default-First-Site-Name\MYSRV1
DSA Options: IS_GC
Site Options: (none)
DSA object GUID: b7a823a8-da25-42c6-837f-140dd8c2afbf
DSA invocationID: ffb16316-aa6a-4336-8d1c-bb7d8642c15f

==== INBOUND NEIGHBORS ======================================

DC=LOCAL,DC=MY-DM,DC=COM
    Default-First-Site-Name\MYSRV2 via RPC
        DSA object GUID: d5e4877e-e259-49bf-a462-5aa0995e75c6
        Last attempt @ 2013-12-23 09:25:07 was successful.

CN=Configuration,DC=LOCAL,DC=MY-DM,DC=COM
    Default-First-Site-Name\MYSRV2 via RPC
        DSA object GUID: d5e4877e-e259-49bf-a462-5aa0995e75c6
        Last attempt @ 2013-12-23 08:54:51 was successful.

CN=Schema,CN=Configuration,DC=LOCAL,DC=MY-DM,DC=COM
    Default-First-Site-Name\MYSRV2 via RPC
        DSA object GUID: d5e4877e-e259-49bf-a462-5aa0995e75c6
        Last attempt @ 2013-12-23 08:54:51 was successful.

DC=DomainDnsZones,DC=LOCAL,DC=MY-DM,DC=COM
    Default-First-Site-Name\MYSRV2 via RPC
        DSA object GUID: d5e4877e-e259-49bf-a462-5aa0995e75c6
        Last attempt @ 2013-12-23 09:22:42 was successful.

DC=ForestDnsZones,DC=LOCAL,DC=MY-DM,DC=COM
    Default-First-Site-Name\MYSRV2 via RPC
        DSA object GUID: d5e4877e-e259-49bf-a462-5aa0995e75c6
        Last attempt @ 2013-12-23 09:22:57 was successful.
0
 

Author Comment

by:mcrmg
Comment Utility
Under File Replication Service, I see this on the second DC



The File Replication Service is having trouble enabling replication from MYSRV1 to MYSRV2 for c:\windows\sysvol\domain using the DNS name MYSRV1.LOCAL.MY-DM.COM. FRS will keep retrying.
 Following are some of the reasons you would see this warning.
 
 [1] FRS can not correctly resolve the DNS name MYSRV1.LOCAL.MY-DM.COM from this computer.
 [2] FRS is not running on MYSRV1.LOCAL.MY-DM.COM.
 [3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers.
 
 This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.
0
 

Author Comment

by:mcrmg
Comment Utility
I just did a test, I created a new user on DC1, and it shows up on DC2 as well.  I assume it is working somehow...
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
This Micro Tutorial will teach you how to change your appearance and customize your Windows 7 interface to your unique preference. This will be demonstrated using Windows 7 operating system.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now