dc can't authenticate

  • Thread starter Thread starter nooshin
  • Start date Start date
N

nooshin

we have 2 DC in our domain.but only one of them can
authenticate users.and without this dc users can not
authenticate in domain.but 2 dc have successful
replication.thank you for any assistance to resolve this
problem
 
-----Original Message-----
we have 2 DC in our domain.but only one of them can
authenticate users.and without this dc users can not
authenticate in domain.but 2 dc have successful
replication.thank you for any assistance to resolve this
problem
.
Click to expand...
Nooshin,

Is it possible that you *HAD* a WINNT 4.0 Domain,
upgraded your clients to WIN2000 Pro and then did an
inplace upgrade to WIN2000 on the WINNT 4.0 PDC? This is
a known issue that these WIN2000 clients will now ONLY
authenticate against that 'inplace upgraded former WINNT
4 PDC now WIN2000 AD Domain Controller'.

Please take a look at the following MSKB Article as there
is a registry fix:

http://support.microsoft.com/default.aspx?scid=kb;en-
us;284937


There is another similar situation. Please take a look
at the following MSKB Article:

http://support.microsoft.com/default.aspx?scid=kb;EN-
US;298713

I have also provided a few links so that you can better
understand how clients locate a WIN2000 DC:

http://support.microsoft.com/default.aspx?scid=KB;en-
us;247811

http://support.microsoft.com/default.aspx?scid=kb;
[LN];314861

HTH,

Cary
 
-----Original Message-----
we have 2 DC in our domain.but only one of them can
authenticate users.and without this dc users can not
authenticate in domain.but 2 dc have successful
replication.thank you for any assistance to resolve this
problem
.
Click to expand...
Nooshin,

In addition to my previous post, I might suggest that you
install the Support Tools on all of your WIN2000
Servers. The Support Tools can be located in two places:
on the WIN2000 Server CD in the Support | Tools folder or
on the WIN2000 Service Pack CD in the Support Tools
folder.

I would then run dcdaig /v and netdiag /v on all of your
Domain Controllers. This might give you / us a better
picture of what is going on ( should it not be solved by
my first post ).

HTH,

Cary
 
Any Windows 2000 DC can authenticate users if it is operating properly.
Is the Netlogon service on the DC that cannot authenticate started? Use
the following article to verify that Active Directory is properly installed
and running on both dcs:

298143 How to Verify an Active Directory Installation
http://support.microsoft.com/?id=298143

Also, run a dcdiag /v command on both DCs to see if any errors return.


David Pharr, (e-mail address removed)

This posting is provided "AS IS" with no warranties, and confers no rights.
 
Back
Top