Announcement

Collapse
No announcement yet.

AD 2003 can't access NETLOGON on one DC

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • AD 2003 can't access NETLOGON on one DC

    Hey everyone,

    We have 4 DC's: DC1, DC2, DC3 & DC4. DC3 & DC4 are at a remote site.

    Running dcdiag on DC1 results in this:

    Starting test: NetLogons
    * Network Logons Privileges Check
    Unable to connect to the NETLOGON share! (\\DC1\netlogon)
    [DC1] An net use or LsaPolicy operation failed with error 1203, No network provider accepted the given network path..
    ......................... DC1 failed test NetLogons
    All other tests pass, including the netdiag tests. All tests in netdiag and dcdiag pass on the other DC's.

    I have verified that there is a NETLOGON share on DC1 and in fact if I make a change to a file in the SCRIPTS folder on DC1 it is replicated throughout the other DC's in the NETLOGON share.

    I compared the permissions to the share on DC1 to the other DC's and do not notice any difference. I compared some registry entries and they also seem to be set the same.

    Also, I am unable to connect to the SYSVOL share on DC1, even though it shows a SYSVOL share existing on DC1 with the same permissions as the SYSVOL share on other DC's.

    Do you know of any other checks I can make? I feel it might be something simple but can't seem to figure it out.


    Thanks,
    Major

  • #2
    Re: AD 2003 can't access NETLOGON on one DC

    Do you get any related events in application / security log ?
    Thanks & Regards
    v-2nas

    MCTS 2008, MCTIP, MCSE 2003, MCSA+Messaging E2K3, MCP, E2K7
    Sr. Wintel Eng. (Investment Bank)
    Independent IT Consultant and Architect
    Blog: http://www.exchadtech.blogspot.com

    Show your appreciation for my help by giving reputation points

    Comment


    • #3
      Re: AD 2003 can't access NETLOGON on one DC

      Ok Just did some search. First Check out this
      on cmd line
      issue this command

      net share

      Then Follow this

      Stop the Netlogon service
      Rename the Netlogon.dns file to Netlogon.dns.old, and then rename the Netlogon.dnb
      file to Netlogon.dnb.old
      Note: By default both the Netlogon.dns and Netlogon.dnb are located in the
      <system_root>\System32\Config folder.
      Start the Netlogon service or restart your computer
      NET SHARE should now list both SYSVOL and NETLOGON

      Let me know if that helped you
      Thanks & Regards
      v-2nas

      MCTS 2008, MCTIP, MCSE 2003, MCSA+Messaging E2K3, MCP, E2K7
      Sr. Wintel Eng. (Investment Bank)
      Independent IT Consultant and Architect
      Blog: http://www.exchadtech.blogspot.com

      Show your appreciation for my help by giving reputation points

      Comment


      • #4
        Re: AD 2003 can't access NETLOGON on one DC

        Originally posted by v-2nas View Post
        Ok Just did some search. First Check out this
        on cmd line
        issue this command

        net share

        Then Follow this

        Stop the Netlogon service
        Rename the Netlogon.dns file to Netlogon.dns.old, and then rename the Netlogon.dnb
        file to Netlogon.dnb.old
        Note: By default both the Netlogon.dns and Netlogon.dnb are located in the
        <system_root>\System32\Config folder.
        Start the Netlogon service or restart your computer
        NET SHARE should now list both SYSVOL and NETLOGON

        Let me know if that helped you
        Tried your suggestion but get the same error when running dcdiag.

        FYI: Running net share before stopping the Net Logon service showed NETLOGON and SYSVOL as a Logon server share.


        Thanks,
        Major

        Comment


        • #5
          Re: AD 2003 can't access NETLOGON on one DC

          Originally posted by v-2nas View Post
          Do you get any related events in application / security log ?
          Nothing in the Security or Application log that references NetLogon.

          I do receive 5805, failed to authenticate, access is denied, errors in the System log.


          Thanks,
          Major

          Comment


          • #6
            Re: AD 2003 can't access NETLOGON on one DC

            Can you copy paste that event along with the description ?
            Thanks & Regards
            v-2nas

            MCTS 2008, MCTIP, MCSE 2003, MCSA+Messaging E2K3, MCP, E2K7
            Sr. Wintel Eng. (Investment Bank)
            Independent IT Consultant and Architect
            Blog: http://www.exchadtech.blogspot.com

            Show your appreciation for my help by giving reputation points

            Comment


            • #7
              Re: AD 2003 can't access NETLOGON on one DC

              Originally posted by v-2nas View Post
              Can you copy paste that event along with the description ?

              Here you go:

              Event Type: Error
              Event Source: NETLOGON
              Event Category: None
              Event ID: 5805
              Date: 11/20/2008
              Time: 2:00:10 PM
              User: N/A
              Computer: DC1
              Description:
              The session setup from the computer XXXX failed to authenticate. The following error occurred:
              Access is denied.

              For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
              Data:
              0000: 22 00 00 c0 "..
              Thanks,
              Major

              Comment


              • #8
                Re: AD 2003 can't access NETLOGON on one DC

                The session setup from the computer XXXX failed to authenticate. The following error occurred:
                Access is denied.

                is that XXXX DC1 or I mean i need to know that machine. Don't worry i will not hack into your network : )
                Thanks & Regards
                v-2nas

                MCTS 2008, MCTIP, MCSE 2003, MCSA+Messaging E2K3, MCP, E2K7
                Sr. Wintel Eng. (Investment Bank)
                Independent IT Consultant and Architect
                Blog: http://www.exchadtech.blogspot.com

                Show your appreciation for my help by giving reputation points

                Comment


                • #9
                  Re: AD 2003 can't access NETLOGON on one DC

                  Originally posted by v-2nas View Post
                  The session setup from the computer XXXX failed to authenticate. The following error occurred:
                  Access is denied.

                  is that XXXX DC1 or I mean i need to know that machine. Don't worry i will not hack into your network : )
                  No it is a client machine.


                  Major

                  Comment


                  • #10
                    Re: AD 2003 can't access NETLOGON on one DC

                    If it's not a DC i think then you don't worry too much about it or is it causing some service failure

                    Netlogons Test is to check the replication
                    NetLogons - Checks that the appropriate logon priviledges allow replication to proceed.

                    replication happens between DC

                    So not sure why that client is coming into picture or if that client (is it member server or xp/vista machine) running a dns

                    and run dcdiag /test:netlogons > c:\dcdiag.txt
                    dcdiag /v /test:netlogons > c:\dcdiagV.txt

                    upload both the files
                    Thanks & Regards
                    v-2nas

                    MCTS 2008, MCTIP, MCSE 2003, MCSA+Messaging E2K3, MCP, E2K7
                    Sr. Wintel Eng. (Investment Bank)
                    Independent IT Consultant and Architect
                    Blog: http://www.exchadtech.blogspot.com

                    Show your appreciation for my help by giving reputation points

                    Comment


                    • #11
                      Re: AD 2003 can't access NETLOGON on one DC

                      Originally posted by v-2nas View Post
                      If it's not a DC i think then you don't worry too much about it or is it causing some service failure

                      Netlogons Test is to check the replication
                      NetLogons - Checks that the appropriate logon priviledges allow replication to proceed.

                      replication happens between DC

                      So not sure why that client is coming into picture or if that client (is it member server or xp/vista machine) running a dns

                      and run dcdiag /test:netlogons > c:\dcdiag.txt
                      dcdiag /v /test:netlogons > c:\dcdiagV.txt

                      upload both the files
                      Here you go.


                      Thanks for your help,
                      Major
                      Attached Files

                      Comment


                      • #12
                        Re: AD 2003 can't access NETLOGON on one DC

                        Hi,

                        I am leaving for the day today. Will come and research more on this issue.

                        can you check for FRS errors on DC1 and let me know if you get some?

                        and tell me what happens when you try to xs \\DC1\netlogon(S) thru unc path
                        Thanks & Regards
                        v-2nas

                        MCTS 2008, MCTIP, MCSE 2003, MCSA+Messaging E2K3, MCP, E2K7
                        Sr. Wintel Eng. (Investment Bank)
                        Independent IT Consultant and Architect
                        Blog: http://www.exchadtech.blogspot.com

                        Show your appreciation for my help by giving reputation points

                        Comment


                        • #13
                          Re: AD 2003 can't access NETLOGON on one DC

                          any updates ???
                          Thanks & Regards
                          v-2nas

                          MCTS 2008, MCTIP, MCSE 2003, MCSA+Messaging E2K3, MCP, E2K7
                          Sr. Wintel Eng. (Investment Bank)
                          Independent IT Consultant and Architect
                          Blog: http://www.exchadtech.blogspot.com

                          Show your appreciation for my help by giving reputation points

                          Comment


                          • #14
                            Re: AD 2003 can't access NETLOGON on one DC

                            Please post the errors from the File replication Event log (EventView) from DC1, it seems your DC might entered a Journal Warping State.
                            the easiest way to fix this problem would be to Dis join & rejoin the DC from the FRS replication set, That would also fix the Shares.
                            once you post the errors I would guide you through.
                            Last edited by Akila; 23rd November 2008, 09:37.

                            Comment


                            • #15
                              Re: AD 2003 can't access NETLOGON on one DC

                              I don't have any errors in the FRS log, at least not any since June. The share exists and items in the SCRIPTS folder are updated when changed on another DC.

                              When I try to connect to the NETLOGON share I get:

                              \\DC1\NETLOGON is not accessible. You might not have permission to use this network resource. Contact the adminsitrator of this server to find out if you have access permissions

                              The operation completed successfully
                              I am thinking this is a permission issue but it appears the shares are setup the same on all DC's and I am using a Domain Admin account to connect.


                              Sorry for the lateness of my reply, thanks for helping me.
                              Major

                              Comment

                              Working...
                              X