Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

BDC doing most of the authentification - can't log in when it's iff

Status
Not open for further replies.
Gareth1978

Gareth1978

IS-IT--Management
Apr 19, 2002
218
GB
Hi. I have recently discovered that the BDC on our NT network is doing nearly 65% of the login validations. To make things worse when it's shut down no one (except those previously being validated by the PDC) can login. Most users are using login scripts but these are located on both servers. About 35% of users are on roaming profiles which are located on the BDC, however I am not roaming and my login on my PC was being validated by the BDC. When I shut it down I couldn't get in so don't suspect roaming profiles of being the issue.

We are using DHCP and the workstations also have Netbeui installed on them (required so remote support software can see them). Most workstations are NT4 with about 25 2k and 1 xp pro.

Not sure how long this has been going on for as I luckily have reliable servers (so far)

If anyone could advise me on this matter it would be much apreciated. In case it makes a difference the BDC is also the exchange server running 5.5 though I would suspect the issue is with the PDC not doing it's job. It's running SQL server 6.5 if thats of any relevance !

Thank you

Gareth

**One day, I will find a question that no one else has answered........and will also know the answer to it ! **
 
Sort by date Sort by votes
Is it possible that the two are out of sync?
Could you promote the BDC to PDC and then sync the two - (Server Manager, on BDC's name select sync with PDC - if I remember correctly)
Not been in this environment for a while so this is just an idea to try.
 
Upvote 0 Downvote
Thank you Gerschwin. I'm worried about doing that but if anyone can advise me if it's perilous or relatively safe then I will give it a go. Neither I nor my supervisor have ever done demoting/promoting before - never needed to !

**One day, I will find a question that no one else has answered........and will also know the answer to it ! **
 
Upvote 0 Downvote
Promotion and demotion is done through server manager - easy enough to do but I have seen things go wrong before. Like I said, I'm not currently working with this setup so would prefer someone who is to give advice :) but MS site has all the info you need....

In theory you would promote the BDC and the PDC would be automatically demoted, then you can sync the 2 and keep the configuration or promote the other one back to PDC (and do a sync again)

Was the PDC ever off for any length of time btw - because you can run on just a BDC but will need to sync when PDC was back online...

Remember this may not be the answer to your problem! Some NT expert will be along shortly I'm sure lol ;)
 
Upvote 0 Downvote
Thank you again. No neither server has ever been off for more than about 10 minutes in the 3 years they've been running. The whole thing only came to light by chance. I've got a NT pocket companion so will have a read of that as well.

Thanks again

**One day, I will find a question that no one else has answered........and will also know the answer to it ! **
 
Upvote 0 Downvote
Just a side thought...or 2

Can the users log in locally on the PDC?
Also SQL takes a massive amount of resource time, try stopping that and see if it makes a difference....
 
Upvote 0 Downvote
Are these servers both on the same subnet? Sounds like not. Are they both registering with the same WINS server and are all of your clients set up to use WINS?

Also check for any messages in event logs relating to SAM updates being successful or failing.
 
Upvote 0 Downvote
Spoke to a colleague today who has seen a similar problem where they appeared to synchronise but the sam db's hadn't copied accross.
I will get details from him but I reckon he would have just manually moved them....
 
Upvote 0 Downvote
I shut them both down last night. Switched the PDC on and let it start NT. Logged on with a new user account onto my workstation and it was validated by the PDC - previously all validations for my workstation were being done by the BDC and when it was offline not being done at all. I then put the BDC back on. I will have a roam around today and see which machines are being validated by what.

And yes both servers are on the same subnet ;-)

Thank you all for your advice.

Gareth

**One day, I will find a question that no one else has answered........and will also know the answer to it ! **
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

ravalos
  • Locked
  • Question
Problem with PDFs in IIS
Replies
1
Views
454
gbaughma
gbaughma
mangentle
  • Locked
  • Question
What are the key advantages of using Microsoft Windows Servers for businesses?
Replies
1
Views
375
gbaughma
gbaughma
nukeinfer
  • Locked
  • Question
Internet restrictions for isolated PCs in the Network
Replies
1
Views
199
mangentle
mangentle
Aquiles Vidal
  • Locked
  • Question
Web Browsers in Windows Server or Terminal Server
Replies
0
Views
255
Aquiles Vidal
Aquiles Vidal
DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
266
DrB0b
DrB0b

Part and Inventory Search

Sponsor

Back
Top