Hello all, I have a question that is probably simple but for the life of me I cant resolve it. One of the users in our domain is authenticating to our backup dc instead of our dc, for the life of me I cant figure out what to do to get him to resolve our "primary" dc, when I ping the domain name itself it resolves the budc ip so I tried the whole flushdns cmd and renabling his nic, also tried unjoining it from the domain, getting rid of his machine in the containers and rejoining, and that didnt work and now I am at a loss for what to do. He is the only one having these issues so its got to be something specific with his particular case. Any help is appreciated
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Only 1 user authenticating to the wrong Domain
- Thread starter Cstorms
- Start date
monsterjta
IS-IT--Management
That DC is probably the "closest" to authenticate to, considering all metrics. Is there a reason behind wanting to authenticate to a particular DC?
Hope This Helps,
Good Luck!
Hope This Helps,
Good Luck!
- Thread starter
- #3
I think the issue lies in some of the user profile settings that are associated with the PDC and I know that in 2003 there are no real such things as BDC other than one holding specific FSMO roles but conflicts have come up when this same sort of thing happened to another user.. I am not the one who set up the network so I dont know what the exact issue is at the moment but it seems like its become a problem since our DC went down last Friday, although it has been extremely isolated and as of right now this seems to be the only user having these problems. Man I hope this doesnt sound to confusing to you and me. Thanks for the replies
- Thread starter
- #4
- Thread starter
- #6
No such thing as PDC and BDC in 2003. One of the reasons that you can have more than one DC is so that users can authenticate to them. Putting replication delays aside, there should be no difference if a user authenticates to one DC or another, assuming same location, blah blah blah.
The only issue I can see that might come up is you're mapping something using the %logonserver% variable, and that resource only exists on one DC, and not the other (in which case, you shouldn't be using %logonserver%).
Where users get DNS and other IP related resources from is not a DC issue, it's a DHCP issue (assuming nothing in hosts as mentioned above).
Pat Richard, MCSE MCSA:Messaging CNA
Microsoft Exchange MVP
Want to know how email works? Read for yourself -
The only issue I can see that might come up is you're mapping something using the %logonserver% variable, and that resource only exists on one DC, and not the other (in which case, you shouldn't be using %logonserver%).
Where users get DNS and other IP related resources from is not a DC issue, it's a DHCP issue (assuming nothing in hosts as mentioned above).
Pat Richard, MCSE MCSA:Messaging CNA
Microsoft Exchange MVP
Want to know how email works? Read for yourself -
- Thread starter
- #8
Just another note to this whole thing, it displayed under ipconfig for the connection specific dns, "domain.invalid". I have checked the DHCP setup on the DC and noticed that it seemed to be setup correctly so that when issued the address the machines would be pointed to our 4.4 and not our 4.5 dns server, so I assume this is not the problem.
Also that could be an issue Pat with the logonserver variable, but in my basic understanding of this particular overall setup I think the intention was to have it only auth to the "Primary" (i know, no backup thats why I have been quoting
) machine and that has been nothing but successful for everyone else, so I am at a loss why we cant get this one to do the same. Thank you for the replies I appreciate everything
Also that could be an issue Pat with the logonserver variable, but in my basic understanding of this particular overall setup I think the intention was to have it only auth to the "Primary" (i know, no backup thats why I have been quoting
) machine and that has been nothing but successful for everyone else, so I am at a loss why we cant get this one to do the same. Thank you for the replies I appreciate everything - Thread starter
- #10
Ok yes, sorry I the "Primary" meaning the one holding fsmo roles, I will just say DC1 and DC2 if I need to reference them again. Ok the machine can log in succesfully but it is pointing to our 4.5 which is our DC2, and we want it to hit DC1 with 4.4, but it gets goofy because his connection specific DNS is domain.invalid, it should still be company.local since he is apparently able to login but it is referencing dc2 yet not listing company.local, I havent been witness to most of the setup of the servers but I do know that when our DC1 went down for unrelated issues and was eventually brought back online one of the employees machine was resolving DC2 just fine but some of his shortcuts were messed up.
As a side note, this troublesome machine had ICS enabled at one point and was disable yesterday succesfully and restarted and logged back on, (still domain.invalid) I dont know if this could have any effect, and do you think it could possibly be something with the NIC. I wont be able to get to dink with it until this afternoon so as for now I am gathering ideas for the 2nd round.
Again, thank you very much for all your replies, this community is truly great.
Cory
As a side note, this troublesome machine had ICS enabled at one point and was disable yesterday succesfully and restarted and logged back on, (still domain.invalid) I dont know if this could have any effect, and do you think it could possibly be something with the NIC. I wont be able to get to dink with it until this afternoon so as for now I am gathering ideas for the 2nd round.
Again, thank you very much for all your replies, this community is truly great.
Cory
- Status
Similar threads
- Locked
- Question