Announcement

Collapse
No announcement yet.

SBS 2008 suddenly asking for credentials randomly

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • SBS 2008 suddenly asking for credentials randomly

    This is a pretty urgent request for assistance, and I'm really not sure what is wrong or how to resolve the issue at this time, as per my poking around nothing has changed, and everything is effectively working as it should.

    That being said, I was on vacation all last week and over the long weekend (labor day weekend) there apparently were some connectivity issues and one of my backups had to come in and physically reboot the server (cold boot) along with the backup server (providing secondary dns and active directory), and a storage server.

    After that, off and on, and still continuing today, users are randomly asked to provide creds to login to either outlook and/or file shares on the primary (and sometimes other servers). The other servers asking for credentials seems to make sense since AD is coming from either the pimary or secondary server, but what would suddenly start causing this? We are nowhere near the 75 user/device limit (no way do we have 75 machines all connected at once) and I can't see that multiple users are connected on mulitple machines, so I really have 0 explanation for what is going on. It doesn't seem like its a issue with the workstations sudddenly losing cred cachine either as what would have caused it? Rebooting seems to more or less resolve the issue , at least temporarily.

    I'm not seeing anythign specific in windows event logs for apps, system, security, etc. I did notice the following in the Directory SErvice log:

    "During the previous 24 hour period, some clients attempted to perform LDAP binds that were either:
    (1) A SASL (Negotiate, Kerberos, NTLM, or Digest) LDAP bind that did not request signing (integrity validation), or
    (2) A LDAP simple bind that was performed on a cleartext (non-SSL/TLS-encrypted) connection

    This directory server is not currently configured to reject such binds. The security of this directory server can be significantly enhanced by configuring the server to reject such binds. For more details and information on how to make this configuration change to the server, please see
    Summary information on the number of these binds received within the past 24 hours is below.

    You can enable additional logging to log an event each time a client makes such a bind, including information on which client made the bind. To do so, please raise the setting for the "LDAP Interface Events" event logging category to level 2 or higher.

    Number of simple binds performed without SSL/TLS: 3
    Number of Negotiate/Kerberos/NTLM/Digest binds performed without signing: 2

    Event ID: 2887"

    That was in the last 24 hours.,

    I then see on 9-6:
    "Active Directory Domain Services could not use DNS to resolve the IP address of the source domain controller listed below. To maintain the consistency of Security groups, group policy, users and computers and their passwords, Active Directory Domain Services successfully replicated using the NetBIOS or fully qualified computer name of the source domain controller.

    Invalid DNS configuration may be affecting other essential operations on member computers, domain controllers or application servers in this Active Directory Domain Services forest, including logon authentication or access to network resources.

    You should immediately resolve this DNS configuration error so that this domain controller can resolve the IP address of the source domain controller using DNS.

    Alternate server name:
    PARIS
    Failing DNS host name:
    3db7f57d-2d1c-4ed0-9566-b53444d5e086._msdcs.ATS.local

    NOTE: By default, only up to 10 DNS failures are shown for any given 12 hour period, even if more than 10 failures occur. To log all individual failure events, set the following diagnostics registry value to 1:

    Registry Path:
    HKLM\System\CurrentControlSet\Services\NTDS\Diagno stics\22 DS RPC Client

    User Action:

    1) If the source domain controller is no longer functioning or its operating system has been reinstalled with a different computer name or NTDSDSA object GUID, remove the source domain controller's metadata with ntdsutil.exe, using the steps outlined in MSKB article 216498.

    2) Confirm that the source domain controller is running Active Directory Domain Services and is accessible on the network by typing "net view \\" or "ping ".

    3) Verify that the source domain controller is using a valid DNS server for DNS services, and that the source domain controller's host record and CNAME record are correctly registered, using the DNS Enhanced version of DCDIAG.EXE available on
    dcdiag /test:dns

    4) Verify that this destination domain controller is using a valid DNS server for DNS services, by running the DNS Enhanced version of DCDIAG.EXE command on the console of the destination domain controller, as follows:

    dcdiag /test:dns

    5) For further analysis of DNS error failures see KB 824449:

    Additional Data
    Error value:
    11001 No such host is known.

    Event ID is 2088"

    On that same date earlier in the morning:

    "Active Directory Domain Services was unable to establish a connection with the global catalog.

    Additional Data
    Error value:
    1355 The specified domain either does not exist or could not be contacted.
    Internal ID:
    3200d50

    User Action:
    Make sure a global catalog is available in the forest, and is reachable from this domain controller. You may use the nltest utility to diagnose this problem.

    Event ID is 1126"

    There is also some sort of error on 9-5 for event ID: 1863 for ActiveDirectory_DomainService ..



    Obviously everyone is able to otherwise login and use resources without any issues, so I really have NO idea what the heck is going on. I have yet to reboot and do a disk check becuse of time and scheduling limitations (really dont have the ability to stay after work hours to fix things this week) and I want to resolve this as soon as possible, but dont want to go on a wild goose chase either.

    Feedback and thoughts please!
    ---
    Edit 1:
    Just connected from home on my personal notebook + vpn and am getting the issue.
    Seems like its just the main server ... I can't access \\server or \\server.domain but I CAN access the shares via ip address...

    When trying to connect via FQDN Win 7 reports 'unknown username or bad password'..

    ---
    Edit 2:
    And oddly enough either after waiting a minute or two or having accessed it by IP address, its now letting me in via FQDN...

    So what would cause that?

    Almost seems like the creds from the workstation aren't propegating properly to the server..or like there is a delay. Yet the Event Viewer shows no signs of things running afoul in this respect.

    Very strange, and I hope to solve this soon!

    I do very much appreciate any and all feedback
    Last edited by chewie; 13th September 2010, 23:38. Reason: thread subscription, updated info

  • #2
    Re: SBS 2008 suddenly asking for credentials randomly

    Quick addendum:

    BPA says:

    1: "DNS A resource record points to incorrect IP address"
    The host a resource points to 192.168.73.10192.168.73.44169.254.104.199 and the correct record is 192.168.73.10

    I for the life of me can't see the incorrect entry in DNS management...

    2. DNS client is not configured:
    The dns client is not configured to point only to the internal IP address of the server. .... HUH?

    I think these two have existed for a while so not sure why they suddenly (after working since ~July) would cause the issues?

    Comment


    • #3
      Re: SBS 2008 suddenly asking for credentials randomly

      Do you use root hints for DNS?

      Also, your post is a wall of Text, IP numbers are forced up next to each other, making them really hard to read.
      Can you please use the Code and Quote commands to make your posts alittle neater, as it will mean alot more people will be able to read it without getting a sore head.

      Anyhow, I would say 90% chance that the problem is DNS (Anyone else notice that 90% of the problems in SBS2008 are DNS and DHCP).

      Please correct any of the following if mistaken(In brakets are Questions).
      A user logged onto a Domain Workstation is "randomly" asked to provied there Username and Password for Server access. (What happens if they input incorrect details, do they just lose access to a single service (DNS, File Sharing), or the whole network).

      The Network consists of a SBS machine and 2 domain member servers, The 2ndaryServer (2nd DNS and AD (Is this a replicated AD, or does the SBS NOT have AD on it)) and a Storage server (For the purpose of this, I am going to call it a NAS and ignore it, if you believe it could interact at all, please let me know and why).

      Can you please Confirm this, or claraify your server Configuration (a list of how meny servers and the Roles deployed on each would be golden) and get back to us.

      Also, as this looks like a problem in DNS, you ahve reinstalled the DNS roles....?

      Wofen
      Good to be back....

      Comment


      • #4
        Re: SBS 2008 suddenly asking for credentials randomly

        Hello everyone.

        I believe I have located the issue. After doing some research last night and then re-scouring the DHCP leases and DNS entries, it looks like our NAS box somehow ended up with the same IP address as the secondary NIC of our primary server.

        This would support the issue where I connect to the server.local and then am informed that I am using an unknown username or bad password (NAS has its own method of authentication). I just flushed out the DNS and DHCP entries and re-configured the NAS with a static IP (which I thought it had before..hmm), and am monitoring things.

        Should this still be an issue, any further thoughts would be great!

        Comment


        • #5
          Re: SBS 2008 suddenly asking for credentials randomly

          Ummm, intresting as we have had a problem with a Wireless AP taking the IP of a Servers NIC as well.

          Well, glade you found the error.

          Wofen
          Good to be back....

          Comment

          Working...
          X