?
Solved

Issue with Child Domain user accessing resources in the parent domain

Posted on 2014-12-31
7
Medium Priority
?
332 Views
Last Modified: 2015-01-03
We have recently run into an issue with one of our child domains in our forest.  Up until last week there was not an issue.  Now when users from the child domain try to access any of our resources in the parent domain, it requests a login.

When they put in the following,

domain\username
password

it will not allow them in.  However when they put

username@childdomainFQDN
password

It allows them to login.

This would not be as big of an issue except that we have now add window authentication to SQL for one of our applications.

When they try to login on machine that are connected to the Parent domain if they use pre-2000 login, it will not let them login.  If they use their normal login, then they get a "password or user name incorrect" error.

We think this is an issue with something with NetBIOS.  When we are in the child domain and try to connect to the ADUC of the parent, we can't type in "CORP", we have to search by Domain.net.   We can however connect to any of the other child domains by NetBIOS name with no issue.

Replication looks like it is working properly from all domains, but I am not sure where else to look.  This is only effecting one child domain.  We have several others that are working correctly.

Thank you
0
Comment
Question by:PLHGroup
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 44

Expert Comment

by:Amit
ID: 40526604
What is the Domain functional level? How is your WINS server? Any patch or change happened recently in your child domain?
0
 

Author Comment

by:PLHGroup
ID: 40527158
Functional level is 2008 R2.
We don't have a WINS server, just using DNS.   The only changes were normal patching, but that was a week before this issues started.
0
 

Author Comment

by:PLHGroup
ID: 40527837
It looks like we have suffered from a USN rollback on one of our Parent level DC's.

I have pulled the bad DC out of the replication trees for all the child domains.  This has corrected the issue of passing the pre-2000 name for fileshares on the child domain DC's but we are still having issues on computers that are joined to the child domain.  

I cannot login on any computers outside the child domain with credentials from that child domain.  We have several child domains, and all others are working.  We are combing through the logs for this domain.
0
Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 44

Accepted Solution

by:
Amit earned 2000 total points
ID: 40527974
That's not good. Check this
http://support.microsoft.com/kb/875495
0
 

Author Comment

by:PLHGroup
ID: 40528034
Yeah.  We are going through that process now.  To get our users from that domain working, we are changing the connections for the application they use from the server name to the server IP.  That is allowing them to pass their credentials properly to SQL.
0
 

Author Closing Comment

by:PLHGroup
ID: 40528638
Amit thank you for your help.  That KB was what we were looking at.  One of my guys followed that down the rabbit hole and found some commands from Repadmin that would allow you restart the replication.

What we ended up doing was the following.

1) Removed the DC from the replication trees of every DC in our forest.  We ensured no one was making any changes in the parent domain so that we wouldn't have to have any replications being missed.
2) We waited a couple of hours making sure all other DC's in the forest were replicating properly (child domains only obviously)
3) We ran Repadmin /options Disable_inbound_repl and Repadmin /options disable_inbound_repl
4) We waiting 15 minutes and the replication restarted with no issues.

Again, Thank you Amit for your help
0
 
LVL 44

Expert Comment

by:Amit
ID: 40529610
Great, thanks for sharing the solution. I also suggest you to put some monitoring for your AD environment...bare minimum you can run repadmin /replsum everyday and email it. You can also implement monitoring script or use scom
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

INTRODUCTION The purpose of this document is to demonstrate the Installation and configuration of the Data Protection Manager product. Note that this demonstration was prepared on the basis of Windows OS is 2008 R2 and DPM 2010. DATA PROTECTI…
Ever notice how you can't use a new drive in Windows without having Windows assigning a Disk Signature?  Ever have a signature collision problem (especially with Virtual Machines?)  This article is intended to help you understand what's going on and…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
Suggested Courses

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question