Announcement

Collapse
No announcement yet.

DC authentication

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • DC authentication

    I have One domain with two domain controllers win2k with two DNS servers
    in two sites (HQ and Factory)
    the two sites are connected with E1 connection
    I have a problem when the link is down ..
    the users in HQ can login and access resources easly without any problems
    but users in the factory can't access anything, while the domain contoller is working well and the DNS ... they are trying to login and it takes alot of time with no response ...
    can any one help me
    I need to instruct factory users to authenticate their domain account from the factory's domain controller.

    Note
    I enabled the global catalog, and when i tried to test what I did by disconect the HQ DC I found that I can browes the network as you can say the remote DNS is working but still can't login, and I tried by a remote administration program I can connect to the remote computers but I can't login which it meens I the remote PC can't authenticate my domain account. but the remote DC is working
    \can u please help

  • #2
    Are both DC's a Global Catalog??

    Are your DC's pointing to themselves for DNS resolution and the other as a secondary??

    Comment


    • #3
      Do the remote workstations have both DNS servers in their TCP/IP settings.

      Comment


      • #4
        Are your DC's pointing to themselves for DNS resolution and the other as a secondary??

        and how can I do that?

        Comment


        • #5
          If both are DNS servers then change the TCPIP settings in your network card settings for each server so that they are there own DNS servers.
          Server 2000 MCP
          Development: ASP, ASP.Net, PHP, VB, VB.Net, MySQL, MSSQL - Check out my blog http://tonyyeb.blogspot.com

          ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

          Comment


          • #6
            I did it and still looping in my problem

            Comment


            • #7
              Originally posted by tatasys
              I did it and still looping in my problem
              What exactly is 'it'? Did you follow both Tony's and my advice?

              Comment


              • #8
                Originally posted by tatasys
                I did it and still looping in my problem
                Basically what you need to ensure is that the services required to run a network (DNS, AD, DHCP etc...) are available on both sites when the link is down. Plus clients on both sides need to be aware of the services. So site A clients need to know about DNS on Site A & B. Likewise for site B clients.
                Server 2000 MCP
                Development: ASP, ASP.Net, PHP, VB, VB.Net, MySQL, MSSQL - Check out my blog http://tonyyeb.blogspot.com

                ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

                Comment


                • #9
                  Basically I have two sites each of them having DHCP, DNS, DC in two servers one for each site

                  I found when the link between the two sites is down. The users in site B canít logon to machines (canít authenticate their accounts) while the DC is online and everything is OK
                  I enabled Global Catalog setting for the site B DC and still have the problem.
                  Thatís it.
                  All I need that when the link is down (DC for Site A is off-line) the users in site B can login and make their life easy

                  Comment


                  • #10
                    Anything in the eventlogs?
                    Server 2000 MCP
                    Development: ASP, ASP.Net, PHP, VB, VB.Net, MySQL, MSSQL - Check out my blog http://tonyyeb.blogspot.com

                    ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

                    Comment


                    • #11
                      In theory having the GC on both sites should resolve your logon issues.

                      Description from Microsoft

                      the global catalog contains a partial replica of every Windows 2000 domain in the directory. The GC lets users and applications find objects in an Active Directory domain tree given one or more attributes of the target object. It also contains the schema and configuration of directory partitions. This means the global catalog holds a replica of every object in the Active Directory, but with only a small number of their attributes. The attributes in the global catalog are those most frequently used in search operations (such as a userís first and last names, logon names, and so on), and those required to locate a full replica of the object. The GC allows users to find objects of interest quickly without knowing what domain holds them and without requiring a contiguous extended namespace in the enterprise. The global catalog is built automatically by the Active Directory replication system.
                      Are they both on the same domain??

                      What is the primary and secondary DNS for both sites.

                      Site 1 should have the local DNS server as primary and the remote DNS server for secondary.

                      Site 2 Site 1 should have the local DNS server as primary and the remote DNS server for secondary.

                      This should also happen on the client machines.

                      Do they use the same IP range??

                      Is replication working??

                      Comment


                      • #12
                        1- The two DCs are in the same Domain
                        2- Site A have his local DNS as a primary DNS (SOA) and the remote site (site B) have his local DNS as a primary DNS
                        3- The two DNS serve the same zone and the two are active-directory integrated
                        4- The replication is taken place
                        5- The range of IP is difference Site A (172.22.10.X) Site B (172.22.11.X)

                        Comment


                        • #13
                          Is DC02 set as a Global Catalog??

                          1. Open AD Sites and Services.
                          2. Browse to the relevant site.
                          3. Open up the site and right click on NTDS settings.
                          4. Ensure the check box marked Global Catalog is checked.
                          5. Reboot server.

                          The Global Catalog should allow you to authenticate the users on that site regardless of whether there is a connection or not.

                          Do your clients point to the local DNS server for??

                          i.e Site B should point to 172.22.11.xx primarily and 172.22.10.xx as its secondary.

                          What are your DHCP scope options??

                          Comment


                          • #14
                            it's already GC, but only the needing now is reastarting the server

                            Comment


                            • #15
                              Originally posted by tatasys
                              it's already GC, but only the needing now is reastarting the server
                              I can't remember if a reboot is required but as i say if in doubt reboot.

                              Comment

                              Working...
                              X