Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 245
  • Last Modified:

Windows 2000 server DC Crash

Hi all,

I have a Windows 2000 server that is a PDC, it has crashed with a hardware failure
Lets say the domain name is mycompany.com
Users there are logging in and are being authenticated by a BDC.
They can't see their files anymore, but that is not my priority right now

In a child domain, lw.mycompany.com I am now having user logon problems.
If a user trys to log in they get the message: "The username or password is incorrect"
If I change the password at the lw.mycompany DC to another password, it still fails.

If my login problems are being caused by the PDC failure, I don't see how.
Users in the lw.mycompany.com domain login to the lw.mycompany domain, not the mycompany.com domain

I need to get these users logged in, can someone please help?
0
permacel
Asked:
permacel
  • 2
1 Solution
 
WalkaboutTiggerCommented:
Are the DNS entries for the child domain available on the BDC?
Do you see errors in the Security or System event logs related to the failed attempts?
Have you promoted the BDC and seized the FSMO roles held by the PDC?
This is not, as you have discovered, an issue with forgotten or misremembered passwords, but the client's ability to access and pass through the credentials to the child domain.
0
 
permacelAuthor Commented:
Thanks for the quick reply.
You meantion "pass thru credentials"

I want you to be clear.
A client in the lw.mycompany.com domain is trying to login to the lw.mycompany domain
I don't think there is any pass through going on.
(If there is please explain how)

as a workaround, we have the user login locally to his PC using the local admin account
Then map a drive to the shared folders on the lw.mycompany DC using administrator creds, and it works

Does that give you any clues?
0
 
WalkaboutTiggerCommented:
So the client workstation is in the child domain?
If you log in to the parent domain on this computer, does it authenticate correctly?  If so, is the logonserver environment variable set to the expected server?
In order to failure events being logged in the security event log?
hild.
By pass-through, I mean the client workstation has to determine to which server it needs to send the authentication request AND the resulting server must have the necessary AD records to authenticate the user.  It is likely getting child.domain.tld records from the BDC, but the BDC may be missing critical DNS entries required for authentication
0
 
Santosh GuptaCommented:
Hi,

1. Run the NETDOM QUERY FSMO and see the roles.
2. Run DCDIAG /V
3. Run DCDIAG /test:DNS
4. also see the event logs for errors.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now