second domain controller prompting for user credentials

Hey Everyone,

After installing and promoting our second Domain controller (Windows 2008 R2)  I have a couple of users (windows 7) that are being prompted to authenticate to that server and even when they put their info in it still pops back up after about an hour or so.

Both DC's are win 2k8 r2 main DC has all FSMO roles and the secondary is also a GC.

Any thoughts.
jkandrisAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Will SzymkowskiSenior Solution ArchitectCommented:
Have you checked the Directory Service logs on the DC (that was recently promoted) to see if there are any errors?

Also what are they getting prompted for? A specific application, internal website?

Have you made sure that all of the replicaiton is working properly? Use the following commands below...
- repadmin /replsum
- repadmin /showrepl
- repadmin /bridgeheads
- DCDiag /v

Will.
jkandrisAuthor Commented:
The only error I see in Directory services log is 7 days old and is complaining about LDAP over SSL

Test results are in the attached file
TEST-Results.txt
Will SzymkowskiSenior Solution ArchitectCommented:
Based on the logs everything looks good. What is DC2 authenticating to? Is this an application that the users are using?
Do this happen do all machines that are authenticating to DC2?

Will.
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

jkandrisAuthor Commented:
Truthfully.  DC2 was just supposed to be a backup in case the other went down. I don't believe I have it set to authenticate anything..  

I do believe I just figured it out.  I am working on a sharepoint site and I didnt have any users setup except myself.

One of the users All I did was remove automatically detect settings on his browser and his problem went away and I have heard anything back from my other user that was having the same issue.  I did add my users to the sharepoint site at least the ones that were having issues.

Ill keep ya posted.

Thanks
jkandrisAuthor Commented:
side note the one user that was corrected by the browser setting change is not a domain member he just uses our network for internet access.  The other is one of my internal people
Will SzymkowskiSenior Solution ArchitectCommented:
If the machine is not on the domain then you will be promted everytime you access internal network resources. This is by design. I figured it was probably something applicaiton based.

Will.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jkandrisAuthor Commented:
Well the second user still have the same problem.  Back to the drawing board..
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.