Help to Find out Which W2K DC the XP client authenticate

Danny

Distinguished
Dec 31, 2007
411
0
18,780
Archived from groups: microsoft.public.win2000.active_directory (More info?)

Hi,

I need some help for finding out which DC in my domain is not
synchronize the user authentication information.

What happen is I have 2 W2K DCs in my LAN and 2 DCs in remote site
connected via WAN. One of DC in my LAN is a GC. What happen is
recently, I trigger the passwor d policy which force every user change
their password.

The user has no issue change their password and logon to the domain
from their XP. However, occasionally, some user encounter problem for
the Outlook. We are using POP3 service for the Outlook 2000 which
connected to the Exchange 2000 in the backend. The sympton is user
experience the Outlook client keep popping up the screen and ask for
W2K logon password.

I managed to figure out a short-term solution to address sympton
which is to restart the whole XP client.

I suspect one of the DCs was not synchronize the AD information
properly, however, when I use the Repadmin from the W2K Support Tools,
they is no report shown any AD synchronization issue.

My question is does Microsoft provide any tools to check which DC used
by the XP and Exchange 2000 for authentication?

Alternative, anyone know what's wrong for this?

Regards.
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

"Danny" <dannylai2000@yahoo.com> wrote in message
news:7311b2c9.0503252132.73597ff1@posting.google.com...
> Hi,
>
> I need some help for finding out which DC in my domain is not
> synchronize the user authentication information.

The standard tools are (in Support Tools):

DCDiag.exe
RepAdmin.exe
ReplMon.exe


> What happen is I have 2 W2K DCs in my LAN and 2 DCs in remote site
> connected via WAN. One of DC in my LAN is a GC. What happen is
> recently, I trigger the passwor d policy which force every user change
> their password.

In such a small domain/forest it is best to just make
all DCs into GCs.

> The user has no issue change their password and logon to the domain
> from their XP. However, occasionally, some user encounter problem for
> the Outlook. We are using POP3 service for the Outlook 2000 which
> connected to the Exchange 2000 in the backend. The sympton is user
> experience the Outlook client keep popping up the screen and ask for
> W2K logon password.

Exchange 2000 depends on the GC (in place of the Exchange x.y
Global Address List) so finding a GC is very important to Exchange
2000+.

> I managed to figure out a short-term solution to address sympton
> which is to restart the whole XP client.

That is unlikely to be reliable unless you are just
randomly getting the DC with the GC or with the
correct info.


> I suspect one of the DCs was not synchronize the AD information
> properly, however, when I use the Repadmin from the W2K Support Tools,
> they is no report shown any AD synchronization issue.

Most AD replication problems resolve to a DNS problem.

(A few, especially with WANS as you have, might be due
to firewall filters and other network connectivity issues
though.)

> My question is does Microsoft provide any tools to check which DC used
> by the XP and Exchange 2000 for authentication?

That's different than your question above, the standard
tool for that is NLTest.exe (also from support tools.)

Although you can get the name of the LogonServer by
checking the environment for that variable:

set logonserver

....NLTest let's you not only test it, but reset or change
the server that provides the authentication secure channel
for the client.

> Alternative, anyone know what's wrong for this?

Probably DNS or connectivity issues so here's the scoop
on DNS:


DNS for AD
1) Dynamic for the zone supporting AD
2) All internal DNS clients NIC\IP properties must specify SOLELY
that internal, dynamic DNS server (set.)
3) DCs and even DNS servers are DNS clients too -- see #2
4) If you have more than one Domain, every DNS server must
be able to resolve ALL domains (either directly or indirectly)

netdiag /fix

....or maybe:

dcdiag /fix

(Win2003 can do this from Support tools):
nltest /dsregdns /server:DC-ServerNameGoesHere
http://support.microsoft.com/kb/q260371/

Ensure that DNS zones/domains are fully replicated to all DNS
servers for that (internal) zone/domain.

Also useful may be running DCDiag on each DC, sending the
output to a text file, and searching for FAIL, ERROR, WARN.

Single Label domain zone names are a problem Google:
[ "SINGLE LABEL" domain names DNS 2000 | 2003 microsoft: ]
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

using SET in command prompt you'll see a variable called LOGONSERVER


--
Andrei Ungureanu
www.eventid.net
Free Windows event logs reports
http://www.altairtech.ca/evlog/

"Danny" <dannylai2000@yahoo.com> wrote in message
news:7311b2c9.0503252132.73597ff1@posting.google.com...
> Hi,
>
> I need some help for finding out which DC in my domain is not
> synchronize the user authentication information.
>
> What happen is I have 2 W2K DCs in my LAN and 2 DCs in remote site
> connected via WAN. One of DC in my LAN is a GC. What happen is
> recently, I trigger the passwor d policy which force every user change
> their password.
>
> The user has no issue change their password and logon to the domain
> from their XP. However, occasionally, some user encounter problem for
> the Outlook. We are using POP3 service for the Outlook 2000 which
> connected to the Exchange 2000 in the backend. The sympton is user
> experience the Outlook client keep popping up the screen and ask for
> W2K logon password.
>
> I managed to figure out a short-term solution to address sympton
> which is to restart the whole XP client.
>
> I suspect one of the DCs was not synchronize the AD information
> properly, however, when I use the Repadmin from the W2K Support Tools,
> they is no report shown any AD synchronization issue.
>
> My question is does Microsoft provide any tools to check which DC used
> by the XP and Exchange 2000 for authentication?
>
> Alternative, anyone know what's wrong for this?
>
> Regards.