Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations John Tel on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Potentially big problem... Some users are not authenticating to domain

Status
Not open for further replies.
1LUV1T

1LUV1T

IS-IT--Management
Nov 6, 2006
231
US
First thing that happend this morning was 2 users said they cannot get into Windows. I tried their username/pass to domain, no go. I then tried my domain admin account and could not login either. It gave the regular error message of unable to contact domain (usually happens if you are trying to sign in with a new domain account but you don't have ethernet on).

I thought it was strange so I signed into their machine with a local account, was able to browse web no problem. The fix was I unjoined them from domain, then joined them back. After reboots, they were able to successfully log in.

I am worried this is a *potential* problem because I think everyone is really logged in with cached credentials and the DC is really not authenticating anyone. There's too many errors in Event Viewer, some are normal, so I am not sure how to troubleshoot this one?
 
Sort by date Sort by votes
At a command prompt try echo %logonserver% that should tell you if they authenticated to a domain controller and which one.

RoadKi11
 
Upvote 0 Downvote
Ok thanks. Tried that on a machine I authenticated on. What about the ones that are not authenticating? For those I am unjoining them from Domain with Local Account then rejoining to Domain (and it fixes it). I just feel like this is an escalating issue.

I ran dcdiag /test:dns, it passed Connectivity test but
it failed DNS test saying
Warning: DNS server: dc.domainA.com. IP: <unavailable> Failure: Missing glue A record.

BTW the "domainA.com" it lsited is not the name of my domain anymore so that's why test most likely failed. Still I think there's something going on...
 
Upvote 0 Downvote
Any sort of dns errors can produce flaky behavior in a domain. if you logon locally with one of the machines that wont authenticate to AD and you do an nslookup domaincontroller what does it report back? im doing a little fishing here, just trying to help narrow down the problem.

RoadKi11
 
Upvote 0 Downvote
Did nslookup to dc and the results were correct. I think I can unjoin and join it back and all will be well for that workstation, but it's just fishy, that this is happening. I know that accounts are not authenticating properly.

Thanks for your help though.
 
Upvote 0 Downvote
Are the computer accounts intact? What happens when you right-click on the computer account in AD Users and Computers and select "Reset"?
 
Upvote 0 Downvote
i unjoined and joined account back which fixed it... maybe it's just Monday, bad technology day or something :)
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

ravalos
  • Locked
  • Question
Problem with PDFs in IIS
Replies
1
Views
1K
gbaughma
gbaughma
microsGuy16
  • Locked
  • Question
Can not copy files to Mapped drive
Replies
0
Views
626
microsGuy16
microsGuy16
goombawaho
  • Locked
  • Question
Domain join from wifi connected laptop
Replies
4
Views
967
goombawaho
goombawaho
mangentle
  • Locked
  • Question
What are the key advantages of using Microsoft Windows Servers for businesses?
Replies
1
Views
988
gbaughma
gbaughma
rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
847
suncit
suncit

Part and Inventory Search

Sponsor

Back
Top