Solved

Authentication issues of 2003 domain

Posted on 2014-09-26
3
409 Views
Last Modified: 2014-10-09
Hi all,

I have a 2003 domain which im in the process of bringing up to 2012 .It currently has a mixture of 2012 and 2003 domain controllers. All FSMO roles have been moved over to 2012 server and im slowly demoting the 2003 servers. Since the work started I have noticed some strange behavior with authentication.  When users boot up and logon in the morning some of them cannot logon as they get a message saying the logon or password is incorrect when its not. They reboot then it works. Another user is trying to change their password, but it tells then it doesn't meet the complexity requirements when it does.

Have attached GPO for passwords and logon

Can anyone assist with taking steps to find the cause of these issues?

GPO
0
Comment
Question by:Matt
  • 2
3 Comments
 
LVL 21

Expert Comment

by:mcsween
Comment Utility
Sounds like you might have a replication issue.  Please run and examine the output of the following command which will test all your domain controllers.
dcdiag /n:domain.fqdn /e

Open in new window

0
 

Author Comment

by:Matt
Comment Utility
The distinguished name of the domain is DC=domain,DC=local.


Directory Server Diagnosis


Performing initial setup:

   Finding server for domain DC=domain,DC=local...

   Server for domain = winDC01.domain.local

   * Identified AD Forest.
   Done gathering initial info.


Doing initial required tests

   
   Testing server: site\siteDC2

      Starting test: Connectivity

         ......................... siteDC2 passed test Connectivity

   
   Testing server: Cumbernauld\CUMBERNAULDDC1

      Starting test: Connectivity

         ......................... CUMBERNAULDDC1 passed test Connectivity

   
   Testing server: RealIPColo\COLODC

      Starting test: Connectivity

         ......................... COLODC passed test Connectivity

   
   Testing server: Paris\FRFILE-PRINT

      Starting test: Connectivity

         ......................... FRFILE-PRINT passed test Connectivity

   
   Testing server: DRSite\DRDC

      Starting test: Connectivity

         ......................... DRDC passed test Connectivity

   
   Testing server: Turin\MITDC

      Starting test: Connectivity

         ......................... MITDC passed test Connectivity

   
   Testing server: site\WINDC01

      Starting test: Connectivity

         ......................... WINDC01 passed test Connectivity

   
   Testing server: site\WINDC02

      Starting test: Connectivity

         ......................... WINDC02 passed test Connectivity

   
   Testing server: Munich\DEDC02

      Starting test: Connectivity

         ......................... DEDC02 passed test Connectivity

   
   Testing server: Roosendaal\ROOSENDAALDC01

      Starting test: Connectivity

         ......................... ROOSENDAALDC01 passed test Connectivity

   
   Testing server: Paris\FRDC01

      Starting test: Connectivity

         ......................... FRDC01 passed test Connectivity



Doing primary tests

   
   Testing server: site\siteDC2

      Starting test: Advertising

         ......................... siteDC2 passed test Advertising

      Starting test: FrsEvent

         ......................... siteDC2 passed test FrsEvent

      Starting test: DFSREvent

         ......................... siteDC2 passed test DFSREvent

      Starting test: SysVolCheck

         ......................... siteDC2 passed test SysVolCheck

      Starting test: KccEvent

         ......................... siteDC2 passed test KccEvent

      Starting test: KnowsOfRoleHolders

         ......................... siteDC2 passed test KnowsOfRoleHolders

      Starting test: MachineAccount

         * The current DC is not in the domain controller's OU

         ......................... siteDC2 failed test MachineAccount

      Starting test: NCSecDesc

         ......................... siteDC2 passed test NCSecDesc

      Starting test: NetLogons

         ......................... siteDC2 passed test NetLogons

      Starting test: ObjectsReplicated

         ......................... siteDC2 passed test ObjectsReplicated

      Starting test: Replications

         ......................... siteDC2 passed test Replications

      Starting test: RidManager

         ......................... siteDC2 passed test RidManager

      Starting test: Services

            Invalid service type: RpcSs on siteDC2, current value

            WIN32_OWN_PROCESS, expected value WIN32_SHARE_PROCESS

         ......................... siteDC2 failed test Services

      Starting test: SystemLog

         An error event occurred.  EventID: 0x000016AD

            Time Generated: 09/26/2014   12:50:22

            Event String: The session setup from the computer ES-BAR-LT002


         ......................... siteDC2 failed test SystemLog

      Starting test: VerifyReferences

         ......................... siteDC2 passed test VerifyReferences

   
   Testing server: Cumbernauld\CUMBERNAULDDC1

      Starting test: Advertising

         ......................... CUMBERNAULDDC1 passed test Advertising

      Starting test: FrsEvent

         ......................... CUMBERNAULDDC1 passed test FrsEvent

      Starting test: DFSREvent

         ......................... CUMBERNAULDDC1 passed test DFSREvent

      Starting test: SysVolCheck

         ......................... CUMBERNAULDDC1 passed test SysVolCheck

      Starting test: KccEvent

         ......................... CUMBERNAULDDC1 passed test KccEvent

      Starting test: KnowsOfRoleHolders

         ......................... CUMBERNAULDDC1 passed test

         KnowsOfRoleHolders

      Starting test: MachineAccount

         ......................... CUMBERNAULDDC1 passed test MachineAccount

      Starting test: NCSecDesc

         ......................... CUMBERNAULDDC1 passed test NCSecDesc

      Starting test: NetLogons

         ......................... CUMBERNAULDDC1 passed test NetLogons

      Starting test: ObjectsReplicated

         ......................... CUMBERNAULDDC1 passed test ObjectsReplicated

      Starting test: Replications

         ......................... CUMBERNAULDDC1 passed test Replications

      Starting test: RidManager

         ......................... CUMBERNAULDDC1 passed test RidManager

      Starting test: Services

            Invalid service type: RpcSs on CUMBERNAULDDC1, current value

            WIN32_OWN_PROCESS, expected value WIN32_SHARE_PROCESS

         ......................... CUMBERNAULDDC1 failed test Services

      Starting test: SystemLog

         ......................... CUMBERNAULDDC1 passed test SystemLog

      Starting test: VerifyReferences

         ......................... CUMBERNAULDDC1 passed test VerifyReferences

   
   Testing server: RealIPColo\COLODC

      Starting test: Advertising

         ......................... COLODC passed test Advertising

      Starting test: FrsEvent

         ......................... COLODC passed test FrsEvent

      Starting test: DFSREvent

         ......................... COLODC passed test DFSREvent

      Starting test: SysVolCheck

         ......................... COLODC passed test SysVolCheck

      Starting test: KccEvent

         ......................... COLODC passed test KccEvent

      Starting test: KnowsOfRoleHolders

         ......................... COLODC passed test KnowsOfRoleHolders

      Starting test: MachineAccount

         ......................... COLODC passed test MachineAccount

      Starting test: NCSecDesc

         ......................... COLODC passed test NCSecDesc

      Starting test: NetLogons

         ......................... COLODC passed test NetLogons

      Starting test: ObjectsReplicated

         ......................... COLODC passed test ObjectsReplicated

      Starting test: Replications

         ......................... COLODC passed test Replications

      Starting test: RidManager

         ......................... COLODC passed test RidManager

      Starting test: Services

         ......................... COLODC passed test Services

      Starting test: SystemLog

         A warning event occurred.  EventID: 0x000016AA

            Time Generated: 09/26/2014   12:33:36

            Event String:

            None of the IP addresses (10.10.100.40) of this Domain Controller map to the configured site 'RealIPColo'. While this may be a temporary situation due to IP address changes, it is generally recommended that the IP address of the Domain Controller (accessible to machines in its domain) maps to the Site which it services. If the above list of IP addresses is stable, consider moving this server to a site (or create one if it does not already exist) such that the above IP address maps to the selected site. This may require the creation of a new subnet object (whose range includes the above IP address) which maps to the selected site object.

         ......................... COLODC passed test SystemLog

      Starting test: VerifyReferences

         ......................... COLODC passed test VerifyReferences

   
   Testing server: Paris\FRFILE-PRINT

      Starting test: Advertising

         ......................... FRFILE-PRINT passed test Advertising

      Starting test: FrsEvent

         ......................... FRFILE-PRINT passed test FrsEvent

      Starting test: DFSREvent

         ......................... FRFILE-PRINT passed test DFSREvent

      Starting test: SysVolCheck

         ......................... FRFILE-PRINT passed test SysVolCheck

      Starting test: KccEvent

         ......................... FRFILE-PRINT passed test KccEvent

      Starting test: KnowsOfRoleHolders

         ......................... FRFILE-PRINT passed test KnowsOfRoleHolders

      Starting test: MachineAccount

         ......................... FRFILE-PRINT passed test MachineAccount

      Starting test: NCSecDesc

         ......................... FRFILE-PRINT passed test NCSecDesc

      Starting test: NetLogons

         ......................... FRFILE-PRINT passed test NetLogons

      Starting test: ObjectsReplicated

         ......................... FRFILE-PRINT passed test ObjectsReplicated

      Starting test: Replications

         ......................... FRFILE-PRINT passed test Replications

      Starting test: RidManager

         ......................... FRFILE-PRINT passed test RidManager

      Starting test: Services

         ......................... FRFILE-PRINT passed test Services

      Starting test: SystemLog

         An error event occurred.  EventID: 0x40011006

            Time Generated: 09/26/2014   12:52:37

            Event String:

            The connection was aborted by the remote WINS. Remote WINS may not be configured to replicate with the server.

         An error event occurred.  EventID: 0x40011006

            Time Generated: 09/26/2014   13:22:36

            Event String:

            The connection was aborted by the remote WINS. Remote WINS may not be configured to replicate with the server.

         ......................... FRFILE-PRINT failed test SystemLog

      Starting test: VerifyReferences

         ......................... FRFILE-PRINT passed test VerifyReferences

   
   Testing server: DRSite\DRDC

      Starting test: Advertising

         ......................... DRDC passed test Advertising

      Starting test: FrsEvent

         ......................... DRDC passed test FrsEvent

      Starting test: DFSREvent

         ......................... DRDC passed test DFSREvent

      Starting test: SysVolCheck

         ......................... DRDC passed test SysVolCheck

      Starting test: KccEvent

         ......................... DRDC passed test KccEvent

      Starting test: KnowsOfRoleHolders

         ......................... DRDC passed test KnowsOfRoleHolders

      Starting test: MachineAccount

         ......................... DRDC passed test MachineAccount

      Starting test: NCSecDesc

         ......................... DRDC passed test NCSecDesc

      Starting test: NetLogons

         ......................... DRDC passed test NetLogons

      Starting test: ObjectsReplicated

         ......................... DRDC passed test ObjectsReplicated

      Starting test: Replications

         ......................... DRDC passed test Replications

      Starting test: RidManager

         ......................... DRDC passed test RidManager

      Starting test: Services

            Invalid service type: RpcSs on DRDC, current value

            WIN32_OWN_PROCESS, expected value WIN32_SHARE_PROCESS

         ......................... DRDC failed test Services

      Starting test: SystemLog

         ......................... DRDC passed test SystemLog

      Starting test: VerifyReferences

         ......................... DRDC passed test VerifyReferences

   
   Testing server: Turin\MITDC

      Starting test: Advertising

         ......................... MITDC passed test Advertising

      Starting test: FrsEvent

         The event log File Replication Service on server MITDC.domain.local

         could not be queried, error 0x6ba "The RPC server is unavailable."

         ......................... MITDC failed test FrsEvent

      Starting test: DFSREvent

         ......................... MITDC passed test DFSREvent

      Starting test: SysVolCheck

         ......................... MITDC passed test SysVolCheck

      Starting test: KccEvent

         The event log Directory Service on server MITDC.domain.local could

         not be queried, error 0x6ba "The RPC server is unavailable."

         ......................... MITDC failed test KccEvent

      Starting test: KnowsOfRoleHolders

         ......................... MITDC passed test KnowsOfRoleHolders

      Starting test: MachineAccount

         ......................... MITDC passed test MachineAccount

      Starting test: NCSecDesc

         ......................... MITDC passed test NCSecDesc

      Starting test: NetLogons

         ......................... MITDC passed test NetLogons

      Starting test: ObjectsReplicated

         ......................... MITDC passed test ObjectsReplicated

      Starting test: Replications

         ......................... MITDC passed test Replications

      Starting test: RidManager

         ......................... MITDC passed test RidManager

      Starting test: Services

         ......................... MITDC passed test Services

      Starting test: SystemLog

         The event log System on server MITDC.domain.local could not be

         queried, error 0x6ba "The RPC server is unavailable."

         ......................... MITDC failed test SystemLog

      Starting test: VerifyReferences

         ......................... MITDC passed test VerifyReferences

   
   Testing server: site\WINDC01

      Starting test: Advertising

         ......................... WINDC01 passed test Advertising

      Starting test: FrsEvent

         ......................... WINDC01 passed test FrsEvent

      Starting test: DFSREvent

         ......................... WINDC01 passed test DFSREvent

      Starting test: SysVolCheck

         ......................... WINDC01 passed test SysVolCheck

      Starting test: KccEvent

         ......................... WINDC01 passed test KccEvent

      Starting test: KnowsOfRoleHolders

         ......................... WINDC01 passed test KnowsOfRoleHolders

      Starting test: MachineAccount

         ......................... WINDC01 passed test MachineAccount

      Starting test: NCSecDesc

         ......................... WINDC01 passed test NCSecDesc

      Starting test: NetLogons

         ......................... WINDC01 passed test NetLogons

      Starting test: ObjectsReplicated

         ......................... WINDC01 passed test ObjectsReplicated

      Starting test: Replications

         ......................... WINDC01 passed test Replications

      Starting test: RidManager

         ......................... WINDC01 passed test RidManager

      Starting test: Services

         ......................... WINDC01 passed test Services

      Starting test: SystemLog

         ......................... WINDC01 passed test SystemLog

      Starting test: VerifyReferences

         ......................... WINDC01 passed test VerifyReferences

   
   Testing server: site\WINDC02

      Starting test: Advertising

         ......................... WINDC02 passed test Advertising

      Starting test: FrsEvent

         ......................... WINDC02 passed test FrsEvent

      Starting test: DFSREvent

         ......................... WINDC02 passed test DFSREvent

      Starting test: SysVolCheck

         ......................... WINDC02 passed test SysVolCheck

      Starting test: KccEvent

         ......................... WINDC02 passed test KccEvent

      Starting test: KnowsOfRoleHolders

         ......................... WINDC02 passed test KnowsOfRoleHolders

      Starting test: MachineAccount

         ......................... WINDC02 passed test MachineAccount

      Starting test: NCSecDesc

         ......................... WINDC02 passed test NCSecDesc

      Starting test: NetLogons

         ......................... WINDC02 passed test NetLogons

      Starting test: ObjectsReplicated

         ......................... WINDC02 passed test ObjectsReplicated

      Starting test: Replications

         ......................... WINDC02 passed test Replications

      Starting test: RidManager

         ......................... WINDC02 passed test RidManager

      Starting test: Services

         ......................... WINDC02 passed test Services

      Starting test: SystemLog

         ......................... WINDC02 passed test SystemLog

      Starting test: VerifyReferences

         ......................... WINDC02 passed test VerifyReferences

   
   Testing server: Munich\DEDC02

      Starting test: Advertising

         ......................... DEDC02 passed test Advertising

      Starting test: FrsEvent

         ......................... DEDC02 passed test FrsEvent

      Starting test: DFSREvent

         ......................... DEDC02 passed test DFSREvent

      Starting test: SysVolCheck

         ......................... DEDC02 passed test SysVolCheck

      Starting test: KccEvent

         ......................... DEDC02 passed test KccEvent

      Starting test: KnowsOfRoleHolders

         ......................... DEDC02 passed test KnowsOfRoleHolders

      Starting test: MachineAccount

         ......................... DEDC02 passed test MachineAccount

      Starting test: NCSecDesc

         ......................... DEDC02 passed test NCSecDesc

      Starting test: NetLogons

         ......................... DEDC02 passed test NetLogons

      Starting test: ObjectsReplicated

         ......................... DEDC02 passed test ObjectsReplicated

      Starting test: Replications

         ......................... DEDC02 passed test Replications

      Starting test: RidManager

         ......................... DEDC02 passed test RidManager

      Starting test: Services

         ......................... DEDC02 passed test Services

      Starting test: SystemLog

         ......................... DEDC02 passed test SystemLog

      Starting test: VerifyReferences

         ......................... DEDC02 passed test VerifyReferences

   
   Testing server: Roosendaal\ROOSENDAALDC01

      Starting test: Advertising

         ......................... ROOSENDAALDC01 passed test Advertising

      Starting test: FrsEvent

         ......................... ROOSENDAALDC01 passed test FrsEvent

      Starting test: DFSREvent

         ......................... ROOSENDAALDC01 passed test DFSREvent

      Starting test: SysVolCheck

         ......................... ROOSENDAALDC01 passed test SysVolCheck

      Starting test: KccEvent

         ......................... ROOSENDAALDC01 passed test KccEvent

      Starting test: KnowsOfRoleHolders

         ......................... ROOSENDAALDC01 passed test

         KnowsOfRoleHolders

      Starting test: MachineAccount

         ......................... ROOSENDAALDC01 passed test MachineAccount

      Starting test: NCSecDesc

         ......................... ROOSENDAALDC01 passed test NCSecDesc

      Starting test: NetLogons

         ......................... ROOSENDAALDC01 passed test NetLogons

      Starting test: ObjectsReplicated

         ......................... ROOSENDAALDC01 passed test ObjectsReplicated

      Starting test: Replications

         ......................... ROOSENDAALDC01 passed test Replications

      Starting test: RidManager

         ......................... ROOSENDAALDC01 passed test RidManager

      Starting test: Services

         ......................... ROOSENDAALDC01 passed test Services

      Starting test: SystemLog

         A warning event occurred.  EventID: 0x000016AF

            Time Generated: 09/26/2014   12:54:38

            Event String:

            During the past 4.22 hours there have been 1 connections to this Domain Controller from client machines whose IP addresses don't map to any of the existing sites in the enterprise. Those clients, therefore, have undefined sites and may connect to any Domain Controller including those that are in far distant locations from the clients. A client's site is determined by the mapping of its subnet to one of the existing sites. To move the above clients to one of the sites, please consider creating subnet object(s) covering the above IP addresses with mapping to one of the existing sites.  The names and IP addresses of the clients in question have been logged on this computer in the following log file '%SystemRoot%\debug\netlogon.log' and, potentially, in the log file '%SystemRoot%\debug\netlogon.bak' created if the former log becomes full. The log(s) may contain additional unrelated debugging information. To filter out the needed information, please search for lines which contain text 'NO_CLIENT_SITE:'. The first word after this string is the client name and the second word is the client IP address. The maximum size of the log(s) is controlled by the following registry DWORD value 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\LogFileMaxSize'; the default is 20000000 bytes.  The current maximum size is 20000000 bytes.  To set a different maximum size, create the above registry value and set the desired maximum size in bytes.

         ......................... ROOSENDAALDC01 passed test SystemLog

      Starting test: VerifyReferences

         ......................... ROOSENDAALDC01 passed test VerifyReferences

   
   Testing server: Paris\FRDC01

      Starting test: Advertising

         ......................... FRDC01 passed test Advertising

      Starting test: FrsEvent

         ......................... FRDC01 passed test FrsEvent

      Starting test: DFSREvent

         ......................... FRDC01 passed test DFSREvent

      Starting test: SysVolCheck

         ......................... FRDC01 passed test SysVolCheck

      Starting test: KccEvent

         ......................... FRDC01 passed test KccEvent

      Starting test: KnowsOfRoleHolders

         ......................... FRDC01 passed test KnowsOfRoleHolders

      Starting test: MachineAccount

         ......................... FRDC01 passed test MachineAccount

      Starting test: NCSecDesc

         ......................... FRDC01 passed test NCSecDesc

      Starting test: NetLogons

         ......................... FRDC01 passed test NetLogons

      Starting test: ObjectsReplicated

         ......................... FRDC01 passed test ObjectsReplicated

      Starting test: Replications

         ......................... FRDC01 passed test Replications

      Starting test: RidManager

         ......................... FRDC01 passed test RidManager

      Starting test: Services

         ......................... FRDC01 passed test Services

      Starting test: SystemLog

         ......................... FRDC01 passed test SystemLog

      Starting test: VerifyReferences

         ......................... FRDC01 passed test VerifyReferences

   
   
   
   
   
   
   
   
   
   
   
   
   Running partition tests on : domain

      Starting test: CheckSDRefDom

         ......................... domain passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... domain passed test CrossRefValidation

   
   Running enterprise tests on : domain.local

      Starting test: LocatorCheck

         ......................... domain.local passed test LocatorCheck

      Starting test: Intersite

         Doing intersite inbound replication test on site site:
         Doing intersite inbound replication test on site RealIPColo:
         Doing intersite inbound replication test on site Cumbernauld:
         Doing intersite inbound replication test on site Roosendaal:
         Doing intersite inbound replication test on site Paris:
         Doing intersite inbound replication test on site DRSite:
         Doing intersite inbound replication test on site Turin:
         Doing intersite inbound replication test on site Munich:
         ......................... domain.local passed test Intersite
0
 
LVL 21

Accepted Solution

by:
mcsween earned 500 total points
Comment Utility
COLODC is not in the correct site or the subnet is not assigned to the correct site.  It has an IP of 10.10.100.40 but that doesn't match the subnet of the site it's supposedly in.  Either give it an IP for the site it resides at or move it to the correct site in AD Sites and Services.
MITDC.domain.local has RPC errors, may just need a reboot but could have other issues.  You can re-run dcdiag with no switches from that server to test only the local system
I can see not all of your domain controllers are in the Domain Controllers OU in ADUC.  This will cause major issues as the correct policies are not being applied to the server.  Please make sure all of your domain controllers are in the domain controllers OU then restart any that had to be moved.
You have errors that indicate your sites and subnets are not correctly or fully configured.  Open AD Sites and Services and make sure you have every subnet and site defined in your organization.  Also make sure the correct subnets are assigned to the correct sites and the site links are configured (which sites are directly connected to which sites).  Please read through this entire documentation before configuring if you are not familiar with AD Sites and Services - http://technet.microsoft.com/en-us/library/cc730868.aspx

Any one of these errors could be causing your problem and there may be more underlying (let's fix these first).  If I had to guess I would suspect it's either Sites and Services misconfiguration or the RPC errors on MITDC.
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Join & Write a Comment

Learn about cloud computing and its benefits for small business owners.
You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
In this Micro Tutorial viewers will learn how to use Windows Server Backup to create full image of their system. Tutorial shows how to install Windows Server Backup Feature on Windows 2012R2 and how to configure scheduled Bare Metal Recovery backup.…
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now