Solved

Windows 2000 server DC Crash

Posted on 2014-03-26
4
220 Views
Last Modified: 2014-04-03
Hi all,

I have a Windows 2000 server that is a PDC, it has crashed with a hardware failure
Lets say the domain name is mycompany.com
Users there are logging in and are being authenticated by a BDC.
They can't see their files anymore, but that is not my priority right now

In a child domain, lw.mycompany.com I am now having user logon problems.
If a user trys to log in they get the message: "The username or password is incorrect"
If I change the password at the lw.mycompany DC to another password, it still fails.

If my login problems are being caused by the PDC failure, I don't see how.
Users in the lw.mycompany.com domain login to the lw.mycompany domain, not the mycompany.com domain

I need to get these users logged in, can someone please help?
0
Comment
Question by:permacel
  • 2
4 Comments
 
LVL 15

Expert Comment

by:WalkaboutTigger
ID: 39957511
Are the DNS entries for the child domain available on the BDC?
Do you see errors in the Security or System event logs related to the failed attempts?
Have you promoted the BDC and seized the FSMO roles held by the PDC?
This is not, as you have discovered, an issue with forgotten or misremembered passwords, but the client's ability to access and pass through the credentials to the child domain.
0
 

Author Comment

by:permacel
ID: 39957537
Thanks for the quick reply.
You meantion "pass thru credentials"

I want you to be clear.
A client in the lw.mycompany.com domain is trying to login to the lw.mycompany domain
I don't think there is any pass through going on.
(If there is please explain how)

as a workaround, we have the user login locally to his PC using the local admin account
Then map a drive to the shared folders on the lw.mycompany DC using administrator creds, and it works

Does that give you any clues?
0
 
LVL 15

Accepted Solution

by:
WalkaboutTigger earned 500 total points
ID: 39957556
So the client workstation is in the child domain?
If you log in to the parent domain on this computer, does it authenticate correctly?  If so, is the logonserver environment variable set to the expected server?
In order to failure events being logged in the security event log?
hild.
By pass-through, I mean the client workstation has to determine to which server it needs to send the authentication request AND the resulting server must have the necessary AD records to authenticate the user.  It is likely getting child.domain.tld records from the BDC, but the BDC may be missing critical DNS entries required for authentication
0
 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 39957578
Hi,

1. Run the NETDOM QUERY FSMO and see the roles.
2. Run DCDIAG /V
3. Run DCDIAG /test:DNS
4. also see the event logs for errors.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

by Nathan Brom/Bromy2004 Introduction There are numerous websites out there for any different type of program you can imagine.  Of those, you'll need to decide which ones are legitimate and aren't trying to steal your money or infect your comput…
The way I use Experts Exchange to assist me in analyzing and diagnosing a problem is I first enter a Verbose Question at Experts Exchange like: Office 2007 will hang when opening and saving files I then launch WordPad (any text editor will do) an…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now