Link to home
Start Free TrialLog in
Avatar of Roccat
RoccatFlag for United States of America

asked on

macs not able to login to AD

Just yesterday morning about 50 macs on our domain are not working properly.  Users can not log into their computers.  I was able to re-join then to the domain and this fixed the issue for the computers I rejoined. Some were not able to rejoin the domain.  When I tried to rejoin them we get a few different error messages depending on which domain controller they contact.  "unable to connect to server make sure that this computer is setting date and time automatically using the same network time server as the active directory server" They are all the same exact time and sync their time to the same place. "   Or they might get the error message ""Authentication server encountered an error while attempting the requested operation." when I attempt to rejoin the domain.  Any ideas. Some that I rejoined to the domain yesterday are not working again today.
Avatar of Ganesamoorthy S
Ganesamoorthy S
ASKER CERTIFIED SOLUTION
Avatar of Tim Lapin
Tim Lapin
Flag of Canada image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of rindi
rindi
Flag of Switzerland image
Something else that could also be have happened, with patch-Tuesday a buggy apdate could have been installed on the servers. So check your patches.
Avatar of Roccat
Roccat
Flag of United States of America image

ASKER

I am getting an event viewer message "The attempt to establish a replication link for the following writable directory partition failed. "  This came up on on the domain controllers referencing another domain controller.
Avatar of Roccat
Roccat
Flag of United States of America image

ASKER

All the PC's seem to be doing fine at this time.
Avatar of Tim Lapin
Tim Lapin
Flag of Canada image
Roccat wrote:
I am getting an event viewer message "The attempt to establish a replication link for the following writable directory partition failed. "  This came up on on the domain controllers referencing another domain controller.

Was one of the affected domain controllers the one used by the Macs or are they all load balanced, making such granularity impossible to detect?
Avatar of Roccat
Roccat
Flag of United States of America image

ASKER

They are load balanced.
Avatar of Tim Lapin
Tim Lapin
Flag of Canada image
Have a look at the logs anyway.  They might indicate which server was used for authentication.  If it was one of the ones affected by that error message, then perhaps you have found your problem.

Then, try the remove - add cycle on a machine and have a look at the AD logs.  Again, look at the logs.

It could be that Mac joins are more susceptible to such fluctuations.
Avatar of Roccat
Roccat
Flag of United States of America image

ASKER

We can only rebind the macs if they are connecting to a certain domain controller.  Looking through the event viewer to learn more about the issue.
Avatar of serialband
serialband
Flag of Ukraine image
Also, check the Date and Time if there is too much clock skew, you can't join the domain.
Avatar of Roccat
Roccat
Flag of United States of America image

ASKER

Yeah I am paying close attention to the time.
Avatar of Roccat
Roccat
Flag of United States of America image

ASKER

Spot on. One of the DC's was not replicating with the others. After a restart it came back.  Thanks!