Solved Domain Logon Issues
-
Might be network errors. The workstations in question definitely are pointing to the AD DC as their DNS server?
-
@Reid-Cooper said in Domain Logon Issues:
Might be network errors. The workstations in question definitely are pointing to the AD DC as their DNS server?
Yes. I checked and it was Domain3.
-
What does the DC say? Its logs may be overflowing with useful info
-
@momurda said in Domain Logon Issues:
What does the DC say? Its logs may be overflowing with useful info
I checked the logs and the only errors I see are sync errors with Domain1--which is expected because it doesn't actually exist as stated above
-
@wirestyle22 said in Domain Logon Issues:
@momurda said in Domain Logon Issues:
What does the DC say? Its logs may be overflowing with useful info
I checked the logs and the only errors I see are sync errors with Domain1--which is expected because it doesn't actually exist as stated above
So you should rip it out. Even if it doesn't exist you can remove it from your domain.
https://technet.microsoft.com/en-us/library/cc781245(v=ws.10).aspx
-
@coliver said in Domain Logon Issues:
@wirestyle22 said in Domain Logon Issues:
@momurda said in Domain Logon Issues:
What does the DC say? Its logs may be overflowing with useful info
I checked the logs and the only errors I see are sync errors with Domain1--which is expected because it doesn't actually exist as stated above
So you should rip it out. Even if it doesn't exist you can remove it from your domain.
https://technet.microsoft.com/en-us/library/cc781245(v=ws.10).aspx
I will but I can't imagine that would cause this issue
-
In your OP, by ADSync do you mean the Azure AD Sync tool?
-
@momurda said in Domain Logon Issues:
In your OP, by ADSync do you mean the Azure AD Sync tool?
Directory Link/ADSync
-
On metadata cleanup: LDAP extended error message 0000208F: NameErr -- Object Name had bad syntax. ??? why
-
Is your email working correctly? Are all your domain computers authenticated correctly with your dc?
-
@momurda said in Domain Logon Issues:
Is your email working correctly? Are all your domain computers authenticated correctly with your dc?
E-mail has been shakey as of late with syncing.Not all domain computers are working correctly. I cannot log into domain accounts on some PC's. It's weird. The local accounts works. I disconnected from domain, deleted local profile and reconnectted. Still nothing.
-
Local accounts would be expected to work.
-
And this Domain1 you mention, used to be a domain hosted on this dc but has been renamed or removed??
-
@momurda said in Domain Logon Issues:
And this Domain1 you mention, used to be a domain hosted on this dc but has been renamed or removed??
I took over here a few weeks ago and BartleyDS1 was removed before I was here. It's still listed among the domains, but it doesnt exist.
-
@wirestyle22
Ok, you need to get on your DCs and look at the DNS. I bet that in your dns under Forward lookup zones for at least one of the DC is listed that non existent domain. Further i think that within that non existent dns domain is listed the pcs which are not available for logon. -
@momurda said in Domain Logon Issues:
@wirestyle22
Ok, you need to get on your DCs and look at the DNS. I bet that in your dns under Forward lookup zones for at least one of the DC is listed that non existent domain. Further i think that within that non existent dns domain is listed the pcs which are not available for logon.I did find a bunch of entries. I'll test to see. Give ma a few minutes.
-
Just be careful here; dont go around deleting things if you arent sure. If the non existent domain is only listed on one of the DCs, shut down the dns server service(or the whole dc) on that dc, reboot the pcs that cant login and they should be available again.
-
Did you manage to get this fixed?
-
I wouldn't say I fixed it. I still don't know what actually happened but the PC's are functional. I tested it with my own laptop on an account I've never logged into and it worked. I ended up re-imaging because i didn't have any time
-
Do the PCs show the same time as the Domain Controllers? If they're more than 5 or 10 minutes off, the DC won't allow anyone to log in.