Help to Find out Which W2K DC the XP client authenticate

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Hi,

I need some help for finding out which DC in my domain is not
synchronize the user authentication information.

What happen is I have 2 W2K DCs in my LAN and 2 DCs in remote site
connected via WAN. One of DC in my LAN is a GC. What happen is
recently, I trigger the passwor d policy which force every user change
their password.

The user has no issue change their password and logon to the domain
from their XP. However, occasionally, some user encounter problem for
the Outlook. We are using POP3 service for the Outlook 2000 which
connected to the Exchange 2000 in the backend. The sympton is user
experience the Outlook client keep popping up the screen and ask for
W2K logon password.

I managed to figure out a short-term solution to address sympton
which is to restart the whole XP client.

I suspect one of the DCs was not synchronize the AD information
properly, however, when I use the Repadmin from the W2K Support Tools,
they is no report shown any AD synchronization issue.

My question is does Microsoft provide any tools to check which DC used
by the XP and Exchange 2000 for authentication?

Alternative, anyone know what's wrong for this?

Regards.
2 answers Last reply
More about help find client authenticate
  1. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    "Danny" <dannylai2000@yahoo.com> wrote in message
    news:7311b2c9.0503252132.73597ff1@posting.google.com...
    > Hi,
    >
    > I need some help for finding out which DC in my domain is not
    > synchronize the user authentication information.

    The standard tools are (in Support Tools):

    DCDiag.exe
    RepAdmin.exe
    ReplMon.exe


    > What happen is I have 2 W2K DCs in my LAN and 2 DCs in remote site
    > connected via WAN. One of DC in my LAN is a GC. What happen is
    > recently, I trigger the passwor d policy which force every user change
    > their password.

    In such a small domain/forest it is best to just make
    all DCs into GCs.

    > The user has no issue change their password and logon to the domain
    > from their XP. However, occasionally, some user encounter problem for
    > the Outlook. We are using POP3 service for the Outlook 2000 which
    > connected to the Exchange 2000 in the backend. The sympton is user
    > experience the Outlook client keep popping up the screen and ask for
    > W2K logon password.

    Exchange 2000 depends on the GC (in place of the Exchange x.y
    Global Address List) so finding a GC is very important to Exchange
    2000+.

    > I managed to figure out a short-term solution to address sympton
    > which is to restart the whole XP client.

    That is unlikely to be reliable unless you are just
    randomly getting the DC with the GC or with the
    correct info.


    > I suspect one of the DCs was not synchronize the AD information
    > properly, however, when I use the Repadmin from the W2K Support Tools,
    > they is no report shown any AD synchronization issue.

    Most AD replication problems resolve to a DNS problem.

    (A few, especially with WANS as you have, might be due
    to firewall filters and other network connectivity issues
    though.)

    > My question is does Microsoft provide any tools to check which DC used
    > by the XP and Exchange 2000 for authentication?

    That's different than your question above, the standard
    tool for that is NLTest.exe (also from support tools.)

    Although you can get the name of the LogonServer by
    checking the environment for that variable:

    set logonserver

    ....NLTest let's you not only test it, but reset or change
    the server that provides the authentication secure channel
    for the client.

    > Alternative, anyone know what's wrong for this?

    Probably DNS or connectivity issues so here's the scoop
    on DNS:


    DNS for AD
    1) Dynamic for the zone supporting AD
    2) All internal DNS clients NIC\IP properties must specify SOLELY
    that internal, dynamic DNS server (set.)
    3) DCs and even DNS servers are DNS clients too -- see #2
    4) If you have more than one Domain, every DNS server must
    be able to resolve ALL domains (either directly or indirectly)

    netdiag /fix

    ....or maybe:

    dcdiag /fix

    (Win2003 can do this from Support tools):
    nltest /dsregdns /server:DC-ServerNameGoesHere
    http://support.microsoft.com/kb/q260371/

    Ensure that DNS zones/domains are fully replicated to all DNS
    servers for that (internal) zone/domain.

    Also useful may be running DCDiag on each DC, sending the
    output to a text file, and searching for FAIL, ERROR, WARN.

    Single Label domain zone names are a problem Google:
    [ "SINGLE LABEL" domain names DNS 2000 | 2003 microsoft: ]
  2. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    using SET in command prompt you'll see a variable called LOGONSERVER


    --
    Andrei Ungureanu
    www.eventid.net
    Free Windows event logs reports
    http://www.altairtech.ca/evlog/

    "Danny" <dannylai2000@yahoo.com> wrote in message
    news:7311b2c9.0503252132.73597ff1@posting.google.com...
    > Hi,
    >
    > I need some help for finding out which DC in my domain is not
    > synchronize the user authentication information.
    >
    > What happen is I have 2 W2K DCs in my LAN and 2 DCs in remote site
    > connected via WAN. One of DC in my LAN is a GC. What happen is
    > recently, I trigger the passwor d policy which force every user change
    > their password.
    >
    > The user has no issue change their password and logon to the domain
    > from their XP. However, occasionally, some user encounter problem for
    > the Outlook. We are using POP3 service for the Outlook 2000 which
    > connected to the Exchange 2000 in the backend. The sympton is user
    > experience the Outlook client keep popping up the screen and ask for
    > W2K logon password.
    >
    > I managed to figure out a short-term solution to address sympton
    > which is to restart the whole XP client.
    >
    > I suspect one of the DCs was not synchronize the AD information
    > properly, however, when I use the Repadmin from the W2K Support Tools,
    > they is no report shown any AD synchronization issue.
    >
    > My question is does Microsoft provide any tools to check which DC used
    > by the XP and Exchange 2000 for authentication?
    >
    > Alternative, anyone know what's wrong for this?
    >
    > Regards.
Ask a new question

Read More

Windows XP Active Directory Windows