Users are unable to logon to domain

[scrsadmin]

Primary DC (DC1) crashed but DC2 is still up. Users are not able to log onto domain.
What could be the problem? I thought as long as there is a DC up the users would be fine while we work on DC1.

 

[Davetoo]

Is the 2nd DC a GC?

I'm Certifiable, not cert-ified.
It just means my answers are from experience, not a book.

There are no more PDC's! There are DC's with FSMO roles!

 

[scrsadmin]

Yes the second DC is a GC and the Replication is successfull

 

[alfa2008]

I used to have this issues with one of my DCs. I had two in that site. For any reason when I restarted one, I noticed that the other couldn't authenticate users. I removed its role as a GC, restarted, put the role back. It fixed. I don't know what will happen in your case if you don't have other DCs in other sites, if you have any.

 

[Roadki11]

You second DC should be a dns server also.


RoadKi11

"This apparent fear reaction is typical, rather than try to solve technical problems technically, policy solutions are often chosen." - Fred Cohen

 

[scrsadmin]

The second DC is a DNS server also. And i have tried removing the GC role from the DC2 in question and then add the role back in after the reboot. But still no fix. Should i try to remove the GC from DC1 and then re-add it?

 

[Titleist]

You need to seize the PDC emulator role on DC2 to enable logons again.

http://support.microsoft.com/kb/255504

John

 

[scrsadmin]

Titleist I respectfully disagree. The PDC role is for updating accounts. I understand that while the DC that has the PDC role is down you can’t add users or modify them but the design of backup DC is to allow users to continue to authenticate to a DC while another one may be down among other reasons. So if the PDC DC is down the users should still be able to log on and be authenticating by the backup DC as long as there is one that is running. At least that is the way I understood it but I could be wrong.

I can’t figure out why if the first DC goes down users can’t logon to the domain. I’m new in this shop and didn’t build these DCs but I am here now and have inherited this problem. They tell me this problem has always been there but no one could or would figure it out. So I thought I would give it a try.

I will keep searching and looking for an answer.

 

[Davetoo]

Are you advertising the 2nd DC in DHCP as a DNS server?

I'm Certifiable, not cert-ified.
It just means my answers are from experience, not a book.

There are no more PDC's! There are DC's with FSMO roles!

 

[lhuegele]

What error are your users receiving when they try to log-in? Is there anything in the event logs of the client machines or the server itself that would indicate where the problem is?

Good luck,

 

[bookouri]

Every problem I ever encountered like this always seemed to be related to DNS. I think someone mentioned it above, but I'd check DHCP to make sure you're remaining DNS server is being pushed out.

Better yet, Id put a static IP address and the correct DNS server on a workstation and test it for a quick test.

 

[Zelandakh]

Login as local admin and ping the DC that works.