Solved

can not login in the morning

Posted on 2013-12-23
11
267 Views
Last Modified: 2013-12-23
Hi,

We have a DC environment in the office, there is one pc can not be logged in every morning, keeps saying wrong password, but once reboot, it is fine, any ideas?  thx
0
Comment
Question by:mcrmg
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3
  • 2
11 Comments
 
LVL 11

Expert Comment

by:Miftaul
ID: 39735992
Can you logon to the PC with local credentials and check the system Time.
0
 
LVL 15

Expert Comment

by:unknown_routine
ID: 39735993
What do you reboot? DC?
0
 

Author Comment

by:mcrmg
ID: 39735996
actually, I did not try that.  But, I just checked the time on that pc (domain login), the time is correct...thx
0
DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

 

Author Comment

by:mcrmg
ID: 39735997
I reboot PC...thanks
0
 
LVL 15

Accepted Solution

by:
unknown_routine earned 250 total points
ID: 39736011
Something is broken here. When user sees wrong password,  go to the DC computer and reset his password and have him reboot.

Do you have only 1 DC? if you have more than one make sure replication is set up correctly DC.
0
 
LVL 11

Assisted Solution

by:Miftaul
Miftaul earned 250 total points
ID: 39736018
Next time when the PC doesn't allow you to login using domain credential, log in using local credential and check the time.

If the local PC time and the DC time doesnt match, you cant logon. It could happen when the  BIOS battery is faulty that the system initiates to default time when first started. Rebooting is different case, as it can hold previous time, I did face similar issue before.
0
 

Author Comment

by:mcrmg
ID: 39736023
This is what I found out, it loos like the replication access was denied, but I am not sure how to fix it, can EE give me some directions...thx


C:\Users\MYPC>repadmin /showrepl

Repadmin: running command /showrepl against full DC localhost
Default-First-Site-Name\MYSRV1
DSA Options: IS_GC
Site Options: (none)
DSA object GUID: b7a823a8-da25-42c6-837f-140dd8c2afbf
DSA invocationID: ffb16316-aa6a-4336-8d1c-bb7d8642c15f

==== INBOUND NEIGHBORS ======================================

DC=LOCAL,DC=MY-DM,DC=COM
    Default-First-Site-Name\MYSRV2 via RPC
        DSA object GUID: d5e4877e-e259-49bf-a462-5aa0995e75c6
        Last attempt @ 2013-12-23 09:11:15 was successful.

CN=Configuration,DC=LOCAL,DC=MY-DM,DC=COM
    Default-First-Site-Name\MYSRV2 via RPC
        DSA object GUID: d5e4877e-e259-49bf-a462-5aa0995e75c6
        Last attempt @ 2013-12-23 08:54:51 was successful.

CN=Schema,CN=Configuration,DC=LOCAL,DC=MY-DM,DC=COM
    Default-First-Site-Name\MYSRV2 via RPC
        DSA object GUID: d5e4877e-e259-49bf-a462-5aa0995e75c6
        Last attempt @ 2013-12-23 08:54:51 was successful.

DC=DomainDnsZones,DC=LOCAL,DC=MY-DM,DC=COM
    Default-First-Site-Name\MYSRV2 via RPC
        DSA object GUID: d5e4877e-e259-49bf-a462-5aa0995e75c6
        Last attempt @ 2013-12-23 08:54:51 was successful.

DC=ForestDnsZones,DC=LOCAL,DC=MY-DM,DC=COM
    Default-First-Site-Name\MYSRV2 via RPC
        DSA object GUID: d5e4877e-e259-49bf-a462-5aa0995e75c6
        Last attempt @ 2013-12-23 08:54:51 was successful.
DsReplicaGetInfo() failed with status 8453 (0x2105):
    Replication access was denied.
DsReplicaGetInfo() failed with status 8453 (0x2105):
    Replication access was denied.
0
 
LVL 11

Assisted Solution

by:Miftaul
Miftaul earned 250 total points
ID: 39736032
Can you check the DNS server if there is any issues. And you are running Repadmin from an elevated command prompt, right.
0
 

Author Comment

by:mcrmg
ID: 39736049
DNS does not seem have issues.

I rebooted the second DC and ran repadmin from elevated command prompt (I didnt).  Here is the result


C:\Windows\system32>repadmin /showrepl

Repadmin: running command /showrepl against full DC localhost
Default-First-Site-Name\MYSRV1
DSA Options: IS_GC
Site Options: (none)
DSA object GUID: b7a823a8-da25-42c6-837f-140dd8c2afbf
DSA invocationID: ffb16316-aa6a-4336-8d1c-bb7d8642c15f

==== INBOUND NEIGHBORS ======================================

DC=LOCAL,DC=MY-DM,DC=COM
    Default-First-Site-Name\MYSRV2 via RPC
        DSA object GUID: d5e4877e-e259-49bf-a462-5aa0995e75c6
        Last attempt @ 2013-12-23 09:25:07 was successful.

CN=Configuration,DC=LOCAL,DC=MY-DM,DC=COM
    Default-First-Site-Name\MYSRV2 via RPC
        DSA object GUID: d5e4877e-e259-49bf-a462-5aa0995e75c6
        Last attempt @ 2013-12-23 08:54:51 was successful.

CN=Schema,CN=Configuration,DC=LOCAL,DC=MY-DM,DC=COM
    Default-First-Site-Name\MYSRV2 via RPC
        DSA object GUID: d5e4877e-e259-49bf-a462-5aa0995e75c6
        Last attempt @ 2013-12-23 08:54:51 was successful.

DC=DomainDnsZones,DC=LOCAL,DC=MY-DM,DC=COM
    Default-First-Site-Name\MYSRV2 via RPC
        DSA object GUID: d5e4877e-e259-49bf-a462-5aa0995e75c6
        Last attempt @ 2013-12-23 09:22:42 was successful.

DC=ForestDnsZones,DC=LOCAL,DC=MY-DM,DC=COM
    Default-First-Site-Name\MYSRV2 via RPC
        DSA object GUID: d5e4877e-e259-49bf-a462-5aa0995e75c6
        Last attempt @ 2013-12-23 09:22:57 was successful.
0
 

Author Comment

by:mcrmg
ID: 39736051
Under File Replication Service, I see this on the second DC



The File Replication Service is having trouble enabling replication from MYSRV1 to MYSRV2 for c:\windows\sysvol\domain using the DNS name MYSRV1.LOCAL.MY-DM.COM. FRS will keep retrying.
 Following are some of the reasons you would see this warning.
 
 [1] FRS can not correctly resolve the DNS name MYSRV1.LOCAL.MY-DM.COM from this computer.
 [2] FRS is not running on MYSRV1.LOCAL.MY-DM.COM.
 [3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers.
 
 This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.
0
 

Author Comment

by:mcrmg
ID: 39736123
I just did a test, I created a new user on DC1, and it shows up on DC2 as well.  I assume it is working somehow...
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A safe way to clean winsxs folder from your windows server 2008 R2 editions
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question