[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

Issue with Child Domain user accessing resources in the parent domain

Posted on 2014-12-31
7
Medium Priority
?
372 Views
Last Modified: 2015-01-03
We have recently run into an issue with one of our child domains in our forest.  Up until last week there was not an issue.  Now when users from the child domain try to access any of our resources in the parent domain, it requests a login.

When they put in the following,

domain\username
password

it will not allow them in.  However when they put

username@childdomainFQDN
password

It allows them to login.

This would not be as big of an issue except that we have now add window authentication to SQL for one of our applications.

When they try to login on machine that are connected to the Parent domain if they use pre-2000 login, it will not let them login.  If they use their normal login, then they get a "password or user name incorrect" error.

We think this is an issue with something with NetBIOS.  When we are in the child domain and try to connect to the ADUC of the parent, we can't type in "CORP", we have to search by Domain.net.   We can however connect to any of the other child domains by NetBIOS name with no issue.

Replication looks like it is working properly from all domains, but I am not sure where else to look.  This is only effecting one child domain.  We have several others that are working correctly.

Thank you
0
Comment
Question by:PLHGroup
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 44

Expert Comment

by:Amit
ID: 40526604
What is the Domain functional level? How is your WINS server? Any patch or change happened recently in your child domain?
0
 

Author Comment

by:PLHGroup
ID: 40527158
Functional level is 2008 R2.
We don't have a WINS server, just using DNS.   The only changes were normal patching, but that was a week before this issues started.
0
 

Author Comment

by:PLHGroup
ID: 40527837
It looks like we have suffered from a USN rollback on one of our Parent level DC's.

I have pulled the bad DC out of the replication trees for all the child domains.  This has corrected the issue of passing the pre-2000 name for fileshares on the child domain DC's but we are still having issues on computers that are joined to the child domain.  

I cannot login on any computers outside the child domain with credentials from that child domain.  We have several child domains, and all others are working.  We are combing through the logs for this domain.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 44

Accepted Solution

by:
Amit earned 2000 total points
ID: 40527974
That's not good. Check this
http://support.microsoft.com/kb/875495
0
 

Author Comment

by:PLHGroup
ID: 40528034
Yeah.  We are going through that process now.  To get our users from that domain working, we are changing the connections for the application they use from the server name to the server IP.  That is allowing them to pass their credentials properly to SQL.
0
 

Author Closing Comment

by:PLHGroup
ID: 40528638
Amit thank you for your help.  That KB was what we were looking at.  One of my guys followed that down the rabbit hole and found some commands from Repadmin that would allow you restart the replication.

What we ended up doing was the following.

1) Removed the DC from the replication trees of every DC in our forest.  We ensured no one was making any changes in the parent domain so that we wouldn't have to have any replications being missed.
2) We waited a couple of hours making sure all other DC's in the forest were replicating properly (child domains only obviously)
3) We ran Repadmin /options Disable_inbound_repl and Repadmin /options disable_inbound_repl
4) We waiting 15 minutes and the replication restarted with no issues.

Again, Thank you Amit for your help
0
 
LVL 44

Expert Comment

by:Amit
ID: 40529610
Great, thanks for sharing the solution. I also suggest you to put some monitoring for your AD environment...bare minimum you can run repadmin /replsum everyday and email it. You can also implement monitoring script or use scom
0

Featured Post

Tech or Treat!

Submit an article about your scariest tech experience—and the solution—and you’ll be automatically entered to win one of 4 fantastic tech gadgets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Have you considered what group policies are backwards and forwards compatible? Windows Active Directory servers and clients use group policy templates to deploy sets of policies within your domain. But, there is a catch to deploying policies. The…
Issue: One Windows 2008 R2 64bit server on the network unable to connect to a buffalo Device (Linkstation) with firmware version 1.56. There are a total of four servers on the network this being one of them. Troubleshooting Steps: Connect via h…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question