Strange Problem with Authentication Has anyone ever run across thi

  • Thread starter Thread starter David Lausten
  • Start date Start date
D

David Lausten

I have 3 DC lets call them Main, Exchange and Util.

Until recently everything has been working great. the strange issue is I can
log into the domain just fine It maps all the drives except for one of the
DC's which is Main.

Main is the Infastructure Master and first DC. whenever it tries to map the
drive on the server it asks for a username and password. this hapens on a
couple of different computers on different accounts but not all. and it seems
to roam.

The permisions on the share are set to everyone Read Write etc. and the file
security is the same. if I input my username and password it will connect but
for some reason it is prompting me. Almost like it does not recognize my
Ticket. but when I do input username and password it works fine.

Also when I open up Group Policy managmment it says Logon failure: unknown
user name or bad password.. My account is in the administrator's group.
Selecting the domain controler with the Operations master token for the PDC
emulator does not work I.E. Main. but if I select another DC I will either
get Unable to update the password. The value provided as the current password
is incorrect.
or access denied.

Checked my Account and it is not locked...... if I access \\main\netlogon it
prompts for Username and password.. if I type in \\exchange\netlogon it comes
up.... I have no idea what is going on.

No red X's in the Event viewer anywhere. DNS is correct

AD users and computers and Sites and Services come up. only connecting to
the Exchange computer. but I get Access denied trying to go to Util or Main.
its almost as if I am out of Sync. I also checked the time on the servers
compared to my time. and they are both synced.

I am at a complete loss. I even tried using Kerbtray to purge my tickets.

Main is my Operations Master and when I connect to another DC and select
change it says the Operations Master is Offline.

I will add in the DC and Net Diags. Thanks.
 
Its hard to tell from what you have said. I would run a replmon and force a
replication to check for errors. Then double check the DNS. Is everything
resolving correctly when you use the FQDN? Are the DC's all on the same
site?
Anthony, http://www.airdesk.com

"David Lausten" <DavidLausten@discussions.microsoft.com> wrote in message
news:4AFA0548-4C3C-4744-8B01-213E6A601591@microsoft.com...
> Diag's too big :) I can email them by request. Thank you VERY Much in
> Advance.
 
Re: Strange Problem with Authentication Has anyone ever run across

When I use \\pbcdf-main\netlogon it requests login... when I use
\\pbcdf-main.pbcdf.com\netlogon it also requests login.

checked DNS and it seems to be functioning correctly.

All DC's are in the same site. Ran Replmon and no errors in replication I
will post the NetDiag and DcDiags in the next post.

Thank you VERY Much Anthony for helping with this !!!! I am at my wits end.

"Anthony" wrote:

> Its hard to tell from what you have said. I would run a replmon and force a
> replication to check for errors. Then double check the DNS. Is everything
> resolving correctly when you use the FQDN? Are the DC's all on the same
> site?
> Anthony, http://www.airdesk.com
>
> "David Lausten" <DavidLausten@discussions.microsoft.com> wrote in message
> news:4AFA0548-4C3C-4744-8B01-213E6A601591@microsoft.com...
> > Diag's too big :) I can email them by request. Thank you VERY Much in
> > Advance.
>
>
>
 
RE: Strange Problem with Authentication Has anyone ever run across

Main NetDiag
Gathering IPX configuration information.
Querying status of the Netcard drivers... Passed
Testing IpConfig - pinging the Primary WINS server... Passed
Testing Domain membership... Passed
Gathering NetBT configuration information.
Testing for autoconfiguration... Passed
Testing IP loopback ping... Passed
Testing default gateways... Passed
Enumerating local and remote NetBT name cache... Passed
Testing the WINS server
Internal
Sending name query to primary WINS server 10.25.240.15 - Passed
There is no secondary WINS server defined for this adapter.
Gathering Winsock information.
Testing DNS
PASS - All the DNS entries for DC are registered on DNS server
'10.25.240.15' and other DCs also have some of the names registered.
PASS - All the DNS entries for DC are registered on DNS server
'10.25.240.6' and other DCs also have some of the names registered.
Testing redirector and browser... Passed
Testing DC discovery.
Looking for a DC
Looking for a PDC emulator
Looking for a Windows 2000 DC
Gathering the list of Domain Controllers for domain 'SITE2'
Testing trust relationships... Skipped
Testing Kerberos authentication... Passed
Testing LDAP servers in Domain SITE2 ...
Gathering routing information
Gathering network statistics information.
Gathering configuration of bindings.
Gathering RAS connection information
Gathering Modem information
Gathering Netware information
Gathering IP Security information

Tests complete.


Computer Name: PBCDF-MAIN
DNS Host Name: PBCDF-MAIN.Pbcdf.Com
DNS Domain Name: Pbcdf.Com
System info : Windows 2000 Server (Build 3790)
Processor : x86 Family 15 Model 4 Stepping 1, GenuineIntel
Hotfixes :
Installed? Name
Yes KB909520
Yes KB911564
Yes KB921503
Yes KB925398_WMP64
Yes KB925876
Yes KB925902
Yes KB926122
Yes KB927891
Yes KB929123
Yes KB930178
Yes KB931768
Yes KB931784
Yes KB931836
Yes KB932168
Yes KB933360
Yes KB933566
Yes KB933729
Yes KB933854
Yes KB935839
Yes KB935840
Yes KB935966
Yes KB936021
Yes KB936357
Yes KB936782
Yes KB937143
Yes KB938127
Yes KB939653
Yes KB941202
Yes KB941672
Yes KB943460
Yes Q147222
No ServicePackUninstall


Netcard queries test . . . . . . . : Passed

Information of Netcard drivers:


---------------------------------------------------------------------------
Description: Intel(R) PRO/1000 MT Network Connection
Device: \DEVICE\{4ED79BDF-0F71-48FE-B693-2ABB5E6C12DC}

Media State: Connected

Device State: Connected
Connect Time: 17 days, 03:10:24
Media Speed: 100 Mbps

Packets Sent: 259548925
Bytes Sent (Optional): 0

Packets Received: 138327330
Directed Pkts Recd (Optional): 136918100
Bytes Received (Optional): 0
Directed Bytes Recd (Optional): 0


---------------------------------------------------------------------------
[PASS] - At least one netcard is in the 'Connected' state.



Per interface results:

Adapter : Internal
Adapter ID . . . . . . . . : {4ED79BDF-0F71-48FE-B693-2ABB5E6C12DC}

Netcard queries test . . . : Passed

Adapter type . . . . . . . : Ethernet
Host Name. . . . . . . . . : PBCDF-MAIN.pbcdf.com
Description. . . . . . . . : Intel(R) PRO/1000 MT Network Connection
Physical Address . . . . . : 00-11-43-E4-38-90
Dhcp Enabled . . . . . . . : No
DHCP ClassID . . . . . . . :
Autoconfiguration Enabled. : Yes
IP Address . . . . . . . . : 10.25.240.15
Subnet Mask. . . . . . . . : 255.255.248.0
Default Gateway. . . . . . : 10.25.240.1
Primary WINS Server. . . . : 10.25.240.15
Dns Servers. . . . . . . . : 10.25.240.15
10.25.240.6

IpConfig results . . . . . : Passed
Pinging the Primary WINS server 10.25.240.15 - reachable

AutoConfiguration results. . . . . . : Passed
AutoConfiguration is not in use.

Default gateway test . . . : Passed
Pinging gateway 10.25.240.1 - reachable
At least one gateway reachable for this adapter.

NetBT name test. . . . . . : Passed
NetBT_Tcpip_{4ED79BDF-0F71-48FE-B693-2ABB5E6C12DC}
PBCDF-MAIN <00> UNIQUE REGISTERED
SITE2 <00> GROUP REGISTERED
SITE2 <1C> GROUP REGISTERED
PBCDF-MAIN <20> UNIQUE REGISTERED
SITE2 <1B> UNIQUE REGISTERED
SITE2 <1E> GROUP REGISTERED
SITE2 <1D> UNIQUE REGISTERED
..__MSBROWSE__.<01> GROUP REGISTERED
[WARNING] At least one of the <00> 'WorkStation Service', <03>
'Messenger Service', <20> 'WINS' names is missing.

NetBios Resolution : Enabled

Netbios Remote Cache Table
Name Type HostAddress Life [sec]
---------------------------------------------------------------
PBCDF-SMSEND <20> UNIQUE 10.25.240.11 442
PBCDF-ORO.PBCDF<2E> UNIQUE 10.1.1.5 442
PBCDF-EXS01.PBC<44> UNIQUE 10.25.240.6 442
PBCDF-NTS032.PB<43> UNIQUE 10.25.240.14 442
PBCDF-DOC <20> UNIQUE 10.25.240.7 427
PBCDF-ORO <20> UNIQUE 10.1.1.5 12
SITE2 <1C> GROUP 10.25.240.15 442


WINS service test. . . . . : Passed
Sending name query to primary WINS server 10.25.240.15 - Passed
There is no secondary WINS server defined for this adapter.
The test was successful. At least one WINS server was found.
IPX test : IPX is not installed on this machine.
 
RE: Strange Problem with Authentication Has anyone ever run across

David,

Have you checked the requirements for authentication to the machine, for
instance the LAN Manager Authentication Level, the minimum session security
that is allowed etc? It sounds like it falls back to a lower method because
higher methods fail. You'll find the settings in the local (or DC) policies.
Easiest is to check if you see differences with other machines.

Kind regards,
Michel

"David Lausten" wrote:

> Actually this is easyer.
>
> Main Netdiag
>
> https:\\www.pbcdf.com\main-netdiag.txt
>
> Main DcDiag
>
> https:\\www.pbcdf.com\main-dcdiag.txt
>
> Exchange Netdiag
>
> https:\\www.pbcdf.com\exch-netdiag.txt
>
> Exchange DcDiag
>
> https:\\www.pbcdf.com\exch-dcdiag.txt
>
 
Re: Strange Problem with Authentication Has anyone ever run across

David,
You have four DC's. What happened to the other one?
You have another subnet 10.1.1.0. Is that on a separate site? How is it
connected?
You have a route to a 192.168.12.0 subnet. Is one of the DC's multihomed?
Your Netbios domain name is SITE2. Is this an upgrade from Windows NT? Do
you have a problem with new accounts as well as with old accounts?
You are using the same domain name for AD as you are for your web service.
Can you show an ipconfig /all from one of the clients where you are having a
problem?
I don't quite follow your description of the problem, though I get the
general idea. Is this a problem from one or two specific clients? Do you
have any general client problems? Do you have any errors in the client event
logs? Is this only a problem when mapping drives, and only from your own
client?
Anthony, http://www.airdesk.com



"David Lausten" <DavidLausten@discussions.microsoft.com> wrote in message
news:DD12FC89-A114-4D5E-8D1E-35A116EFAFA1@microsoft.com...
> When I use \\pbcdf-main\netlogon it requests login... when I use
> \\pbcdf-main.pbcdf.com\netlogon it also requests login.
>
> checked DNS and it seems to be functioning correctly.
>
> All DC's are in the same site. Ran Replmon and no errors in replication I
> will post the NetDiag and DcDiags in the next post.
>
> Thank you VERY Much Anthony for helping with this !!!! I am at my wits
> end.
>
> "Anthony" wrote:
>
>> Its hard to tell from what you have said. I would run a replmon and force
>> a
>> replication to check for errors. Then double check the DNS. Is everything
>> resolving correctly when you use the FQDN? Are the DC's all on the same
>> site?
>> Anthony, http://www.airdesk.com
>>
>> "David Lausten" <DavidLausten@discussions.microsoft.com> wrote in message
>> news:4AFA0548-4C3C-4744-8B01-213E6A601591@microsoft.com...
>> > Diag's too big :) I can email them by request. Thank you VERY Much in
>> > Advance.
>>
>>
>>
 

Similar threads

L
Completely stuck with forgotten administrator password
Replies
0
Views
24
Longon007
L
AWS
Importing your passwords from third-party password managers to Microsoft Edge
Replies
0
Views
140
AWS
AWS
I
Gain enhanced security and performance with Windows Server 2025—now in preview
Replies
0
Views
67
Ian LeGrow
I
AWS
Skilling snack: Windows LAPS
Replies
0
Views
136
AWS
AWS
M
My windows 8 can't run exe files aven after using regedit. Is it a software related problem?
Replies
0
Views
19
Matheus Rodrigues da Silva1
M
Back
Top