Remote sites cannot log on

[TheStressFactor]

Ok here is the isse...

One domain controller in main office

the two remote sites are connected to us via frame relay...when they log on in the morning they authenticate with the server in headquarters(no other domain controllers in remote sites)....this scenario has been working ever since we implemented BUT all of a sudden today they cannot...however they can access a unix server in headquarters via an emulation program that connects via IP..they can also connect to the groupwise server here in headquarters(also connects via ip)....I am stumped..any insight, information, or assistance would be greatly appreciated.

Patrick

 

[brontosaurus]

DNS changes? Where are these clients getting DNS info from? What is the error message you're getting?

 

[TheStressFactor]

Hi Bronto,

no dns changes have been made...they are getting the message that states the system could not log you in because the password was invalid or no domain server could be found...the users are using win 98 both have wins and dns entries that point to the ad server(which is our internal dns and wins server as well)

Patrick

 

[brontosaurus]

Since your clients are Win98, we should be concentrating on WINS. I will assume that the clients can ping the AD server (by name as well)? Are you using static IP or DHCP?

 

[TheStressFactor]

static in the remote the sites
dhcp in main site

i just asked the user in remote site to ping by name..she says it says unknown host

thanks for your help buddy

patrick

 

[brontosaurus]

Can they ping the AD server by IP? If so, you've most likely got some kind of WINS issue, whether it be that the clients don't have the correct IP configuration (unlikely, since it's everyone), or the AD server is choking on providing WINS resolution. If they can't ping the server by IP, obviously you've got some network problems...

 

[TheStressFactor]

hmmm..they cant ping it by ip either..this is weird as they can get access to the mail server which connects via ip and the unix box which also connects via ip..any suggestions as to where to look...its weird because they were working fine yesterday...im baffled

 

[brontosaurus]

the mailserver and the unix box are on the same subnet as the AD server? Is there a firewal between locations?

 

[TheStressFactor]

yes the mailserver and unix and ad all have .3.X addresses...remote sites are .1.x and .5.x....there is a pix firewall as well..the pix has been there for awhile also...

 

[brontosaurus]

I guess clients at the same location as the AD server are not having a problem, right? so, let's do a traceroute to see where the failure is, then we can troubleshoot the source. I don't know what kind of routing/switching you have in place, or how many hops there are between the AD server and the clients in remote sites, but the failure has to be somewhere in-between....

 

[TheStressFactor]

Thats a great call..ill try it out now...btw 1 router at each site all using rip

 

[TheStressFactor]

hmmm...i cant seem traceroute to them...but ican ping and telnet to them via inside my router...this is all very strange...maybe re-boot the firewall and /or router?

 

[brontosaurus]

So, the router at the remote site is able to ping and telnet the AD server, or the main site's router? I suppose rebooting the routers wouldn't hurt...just make sure you have your configs saved...

 

[TheStressFactor]

the router at the remote sites can ping the ad server and the main site router...re-booted the router and nothing...will wait for after hours and reboot the ad server, the main site router and firewall...see if that helps

 

[brontosaurus]

then it sounds like packets coming from the remote clients are either not reaching the router, or the router is not forwarding them properly. Check the default gateway settings on a couple of the remote clients just in case...