Solved

can not login in the morning

Posted on 2013-12-23
11
264 Views
Last Modified: 2013-12-23
Hi,

We have a DC environment in the office, there is one pc can not be logged in every morning, keeps saying wrong password, but once reboot, it is fine, any ideas?  thx
0
Comment
Question by:mcrmg
  • 6
  • 3
  • 2
11 Comments
 
LVL 11

Expert Comment

by:Miftaul
ID: 39735992
Can you logon to the PC with local credentials and check the system Time.
0
 
LVL 15

Expert Comment

by:unknown_routine
ID: 39735993
What do you reboot? DC?
0
 

Author Comment

by:mcrmg
ID: 39735996
actually, I did not try that.  But, I just checked the time on that pc (domain login), the time is correct...thx
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 

Author Comment

by:mcrmg
ID: 39735997
I reboot PC...thanks
0
 
LVL 15

Accepted Solution

by:
unknown_routine earned 250 total points
ID: 39736011
Something is broken here. When user sees wrong password,  go to the DC computer and reset his password and have him reboot.

Do you have only 1 DC? if you have more than one make sure replication is set up correctly DC.
0
 
LVL 11

Assisted Solution

by:Miftaul
Miftaul earned 250 total points
ID: 39736018
Next time when the PC doesn't allow you to login using domain credential, log in using local credential and check the time.

If the local PC time and the DC time doesnt match, you cant logon. It could happen when the  BIOS battery is faulty that the system initiates to default time when first started. Rebooting is different case, as it can hold previous time, I did face similar issue before.
0
 

Author Comment

by:mcrmg
ID: 39736023
This is what I found out, it loos like the replication access was denied, but I am not sure how to fix it, can EE give me some directions...thx


C:\Users\MYPC>repadmin /showrepl

Repadmin: running command /showrepl against full DC localhost
Default-First-Site-Name\MYSRV1
DSA Options: IS_GC
Site Options: (none)
DSA object GUID: b7a823a8-da25-42c6-837f-140dd8c2afbf
DSA invocationID: ffb16316-aa6a-4336-8d1c-bb7d8642c15f

==== INBOUND NEIGHBORS ======================================

DC=LOCAL,DC=MY-DM,DC=COM
    Default-First-Site-Name\MYSRV2 via RPC
        DSA object GUID: d5e4877e-e259-49bf-a462-5aa0995e75c6
        Last attempt @ 2013-12-23 09:11:15 was successful.

CN=Configuration,DC=LOCAL,DC=MY-DM,DC=COM
    Default-First-Site-Name\MYSRV2 via RPC
        DSA object GUID: d5e4877e-e259-49bf-a462-5aa0995e75c6
        Last attempt @ 2013-12-23 08:54:51 was successful.

CN=Schema,CN=Configuration,DC=LOCAL,DC=MY-DM,DC=COM
    Default-First-Site-Name\MYSRV2 via RPC
        DSA object GUID: d5e4877e-e259-49bf-a462-5aa0995e75c6
        Last attempt @ 2013-12-23 08:54:51 was successful.

DC=DomainDnsZones,DC=LOCAL,DC=MY-DM,DC=COM
    Default-First-Site-Name\MYSRV2 via RPC
        DSA object GUID: d5e4877e-e259-49bf-a462-5aa0995e75c6
        Last attempt @ 2013-12-23 08:54:51 was successful.

DC=ForestDnsZones,DC=LOCAL,DC=MY-DM,DC=COM
    Default-First-Site-Name\MYSRV2 via RPC
        DSA object GUID: d5e4877e-e259-49bf-a462-5aa0995e75c6
        Last attempt @ 2013-12-23 08:54:51 was successful.
DsReplicaGetInfo() failed with status 8453 (0x2105):
    Replication access was denied.
DsReplicaGetInfo() failed with status 8453 (0x2105):
    Replication access was denied.
0
 
LVL 11

Assisted Solution

by:Miftaul
Miftaul earned 250 total points
ID: 39736032
Can you check the DNS server if there is any issues. And you are running Repadmin from an elevated command prompt, right.
0
 

Author Comment

by:mcrmg
ID: 39736049
DNS does not seem have issues.

I rebooted the second DC and ran repadmin from elevated command prompt (I didnt).  Here is the result


C:\Windows\system32>repadmin /showrepl

Repadmin: running command /showrepl against full DC localhost
Default-First-Site-Name\MYSRV1
DSA Options: IS_GC
Site Options: (none)
DSA object GUID: b7a823a8-da25-42c6-837f-140dd8c2afbf
DSA invocationID: ffb16316-aa6a-4336-8d1c-bb7d8642c15f

==== INBOUND NEIGHBORS ======================================

DC=LOCAL,DC=MY-DM,DC=COM
    Default-First-Site-Name\MYSRV2 via RPC
        DSA object GUID: d5e4877e-e259-49bf-a462-5aa0995e75c6
        Last attempt @ 2013-12-23 09:25:07 was successful.

CN=Configuration,DC=LOCAL,DC=MY-DM,DC=COM
    Default-First-Site-Name\MYSRV2 via RPC
        DSA object GUID: d5e4877e-e259-49bf-a462-5aa0995e75c6
        Last attempt @ 2013-12-23 08:54:51 was successful.

CN=Schema,CN=Configuration,DC=LOCAL,DC=MY-DM,DC=COM
    Default-First-Site-Name\MYSRV2 via RPC
        DSA object GUID: d5e4877e-e259-49bf-a462-5aa0995e75c6
        Last attempt @ 2013-12-23 08:54:51 was successful.

DC=DomainDnsZones,DC=LOCAL,DC=MY-DM,DC=COM
    Default-First-Site-Name\MYSRV2 via RPC
        DSA object GUID: d5e4877e-e259-49bf-a462-5aa0995e75c6
        Last attempt @ 2013-12-23 09:22:42 was successful.

DC=ForestDnsZones,DC=LOCAL,DC=MY-DM,DC=COM
    Default-First-Site-Name\MYSRV2 via RPC
        DSA object GUID: d5e4877e-e259-49bf-a462-5aa0995e75c6
        Last attempt @ 2013-12-23 09:22:57 was successful.
0
 

Author Comment

by:mcrmg
ID: 39736051
Under File Replication Service, I see this on the second DC



The File Replication Service is having trouble enabling replication from MYSRV1 to MYSRV2 for c:\windows\sysvol\domain using the DNS name MYSRV1.LOCAL.MY-DM.COM. FRS will keep retrying.
 Following are some of the reasons you would see this warning.
 
 [1] FRS can not correctly resolve the DNS name MYSRV1.LOCAL.MY-DM.COM from this computer.
 [2] FRS is not running on MYSRV1.LOCAL.MY-DM.COM.
 [3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers.
 
 This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.
0
 

Author Comment

by:mcrmg
ID: 39736123
I just did a test, I created a new user on DC1, and it shows up on DC2 as well.  I assume it is working somehow...
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This article explains how to install and use the NTBackup utility that comes with Windows Server.
This Micro Tutorial will teach you the basics of configuring your computer to improve its speed. It will also teach you how to disable programs that are running in the background simultaneously. This will be demonstrated using Windows 7 operating…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question