Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Need another domain controller?

Status
Not open for further replies.
snootalope

snootalope

IS-IT--Management
Jun 28, 2001
1,706
US
Hello

We're not a huge shop here but we do have about 20 servers and 80+ dumb terminals/thin clients.

At the moment we have two domain controllers up and running. Both in the same subnet sitting right next to each other. Recently, things have began to kind of slow down from time to time and I'm seeing this error show up on alot of the servers:

Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1110
Date: 10/3/2006
Time: 8:15:01 AM
User: NT AUTHORITY\SYSTEM
Computer: F1
Description:
Attempt to determine whether user and machine accounts are in the same forest failed (There are currently no logon servers available to service the logon request. ).

I'm trying to decide if it's nessacary to add another domain controller..?? Any advice??
 
Sort by date Sort by votes
No, for 20 servers, 2 DCs is fine. Are there any Kerberos Event 7s?

From I found that this error was related to EventID 7 from source Kerberos. In spite of what Microsoft says about this Kerberos error, the domain controller was not down. Running nltest.exe on the domain controller also found no problems. What appears to have caused the problem was a policy setting in Group policy objects. If in either the domain controller policy or the domain policy - Security Settings -> Local policies -> Security options, "Domain Member: Digitally encrypt or sign secure channel (always)" is enabled, it will cause this problem. If you disable this policy in both areas, this problem will go away. (Note: it may take up to 2 hours to notice if it has taken).
 
Upvote 0 Downvote
no.. no kerberos errors. I'll disable that "Digitally enncrypt or sign secure channel (always)" and see what that does, but it was already set to "Not Configured"

Everyhing on the server this error shows up on seems to freeze up for a minute or two when this happens. It's almost like it's losing it's network connection for a moment. I'll try and get more info..

thanks
 
Upvote 0 Downvote
2 domain controllers should be able to easily handle 20 servers (thin clients don't count - but even if they did, again, EASILY handle 100 clients. I had 3 DCs (2 at the main site with 400 PCs + 30 servers, and 1 at the secondary site with 200 PCs + 5 servers (and throw another 400 Macs and Linux machines that occasionally authenticated against AD for file sharing) and no problems whatsoever.
 
Upvote 0 Downvote
yeah.. I figured that 2 should be plenty but that error following strange network slow downs just kind of gave me the idea that the two might not be able to keep up.

netdiag returns no errors at all and the AD event log on the DC's isn't showing nothing but normal behaviour.

maybe I'm just getting a litle paranoid..
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

goombawaho
  • Locked
  • Question
Domain join from wifi connected laptop
Replies
4
Views
1K
goombawaho
goombawaho
Teo En Ming
  • Locked
  • Question
Actions taken during Disaster Recovery for client whose IBM Megaraid controller has failed
Replies
2
Views
670
fightaccording
fightaccording
MattM1975
  • Locked
  • Question
Domain Admin Logon 1
Replies
2
Views
376
ADB100
ADB100
fredmartinmaine
  • Locked
  • Question
Domain Controller without DNS Server
Replies
4
Views
869
fredmartinmaine
fredmartinmaine
Sequeira69
  • Locked
  • Question
Server cant connect to another afeter url
Replies
0
Views
242
Sequeira69
Sequeira69

Part and Inventory Search

Sponsor

Back
Top