No domain controller available

pts.
Tags:
DHCP
DNS
Management
Microsoft Windows
Networking services
OS
Security
Servers
SQL Server
We have 4 locations and are running Windows 2000 Server. Each site has at least one domain controller. About once a month or so, one or two users at one site receives an error when trying to log on that there is no domain controller available or their account was not found. I have to log in to the local machine, disjoin them from the domain, shutdown/restart, log back in to the local machine then add back to the domain. This only affects one or two users (normally) in one location but the location changes from month-to-month and is rarely the same user affected. This problem occurs infrequently and there is never anything in the event log on the local machine nor the server to indicate what the problem may have been. Anyone have any idea what is causing this and how to resolve it? Thanks!

Answer Wiki

Thanks. We'll let you know when a new response is added.

Which ones are global catalog servers? These process log on requests. Are they available to everyone? Also check to see if your RID master is handing out tokens, it could be that your servers can’t get any tokens to update the AD and are re-using pooled ones, thus erasing data.
Are you getting FRS errors on the servers? Have you set bridgehead servers up correctly in Sites and Services? have you used Replmon to check replication is occurring without issue? Have you checked your DNS?

Discuss This Question: 14  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • PTidwell
    Addendum: This issue only began occurring about 4 months ago. These are not new installations - servers have been in place for at least 2 years.
    0 pointsBadges:
    report
  • HumbleNetAdmin
    You stated 4 different sites, is each site a differant domain, if so, then each domain will need a DC that is a Global Catalog, and there should be only one Global Catalog per domain. As stated by the previous poster, if a client attempts to logon and cant reach a GC, they will not be able to logon.
    0 pointsBadges:
    report
  • PTidwell
    We have only one domain but the servers at each remote site are set up as (backup)domain controllers. We may go a month or more without seeing this issue then suddenly a user at one site can't log in, usually followed by one or 2 more users at THAT site over a 2 week period. When the issue reoccurs it usually is at one of the other sites and the cycle repeats itself. The only site that has not been affected is our corporate office where our primary domain controller resides. We have checked DNS and are not getting FRS errors on the servers. We have used Replmon to check replication.
    0 pointsBadges:
    report
  • HumbleNetAdmin
    If all DC's are in one domain, and are geographicaly distributed, and I am assuming that your HQ site has the GC, and your do not ever have the issue occur at the HQ site, then the problem appears to be that clients at other sites periodicaly have troulbe reaching the GC (at the Headquarters site)when logging on. How do the DC's at the other sites communicate with the DC at the HQ office?
    0 pointsBadges:
    report
  • PTidwell
    DC's communicate through TCP/IP
    0 pointsBadges:
    report
  • HumbleNetAdmin
    Sorry about that, Your correct, hmmmmm? Dont know were I got that from ???
    0 pointsBadges:
    report
  • Amigus
    One month is the magic default time interval when machines are set to change their passwords. Could it be that the workstations in question fail to change their passwords and are thus locked out because they are expired? As stated in other posts check out the GC configuration and make sure all the sites can access it. Also turn on auditing of security events (success, failure) and see if the workstations or users are having trouble changing passwords. If you can figure out when it's happening perhaps it's due to VPN troubles or some temporary outage of network connectivity. HTH
    0 pointsBadges:
    report
  • PTidwell
    As previously stated, the issue normally only affect one user - not all users, and not always the same user. When it occurs we are not able to log in to the machine as administrator either so I don't believe it is a password issue.
    0 pointsBadges:
    report
  • Pitt10
    If you cannot log in as the administrator, how are you removing then re-adding it to the domain?
    0 pointsBadges:
    report
  • PTidwell
    To log into the machine, I have to choose the option to log into the local machine as Administrator. Cannot log in to the domain as Administrator.
    0 pointsBadges:
    report
  • HumbleNetAdmin
    Now you say that you cant log onto the machine as the domainadministrator. I assume your are referring to the PC that cant be logged onto at that time. If so, you would be able to log onto the PC even as the domainadministrator. Are the DC,s at each site Global Catalogs, or least is there a GC DC at each site?
    0 pointsBadges:
    report
  • PTidwell
    I am referring to the problem PC when I say I can't log in to the domain as administrator but can log in to the local machine. The DC's at each site are Global Catalogs.
    0 pointsBadges:
    report
  • HumbleNetAdmin
    Would like not make a correction to my last post Where I wrote; Now you say that you cant log onto the machine as the domainadministrator. I assume your are referring to the PC that cant be logged onto at that time. If so, you would be able to log onto the PC even as the domainadministrator. Are the DC,s at each site Global Catalogs, or least is there a GC DC at each site? The line; If so, you would be able to log onto the PC even as the domainadministrator. Should have been; If so, you "would not" be able to log onto the PC even as the domainadministrator. That is provided that its not just a single logon account that is failing, but any logon account failing on that PC at that time.
    0 pointsBadges:
    report
  • Jpdavey
    I just had a problem recently where a workstation added itself to DNS as a Global Catalog server (under the _msdcs area of the domain's DNS zone). Whenever another workstation refreshed its DNS and picked a new GC record, it sometimes picked that workstation, which was obviously not a real GC. You might check your DNS to make sure there aren't odd records like that.
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following