Second DC cannot authenticate to other DC

Second DC cannot authenticate to other DC: Posted by Zef on March 2nd, 2004; Got a strange one. . .

Running 2003 Small Business Server with a 2003 Standard
Server set-up as a second domain controller. All
connectivity tests are good, can ping, browse, and even
replication is working correctly.

The problem is that if you are on the second domain
controller using Active Directory, any communication with
the SBS domain controller results in a logon prompt. No
matter what logon credentials you use, it will not allow
authentication.

This is primarily manifesting when workstations
authenticate to the second domain controller. They get
no logon scripts, no group policy and cannot map drives
or otherwise connect to the SBS file system, although
Outlook runs just fine.

I have also seen the problem on the second DC using
Active DIrectory Management Console. When I attempt to
logon to the SBS DC, I get the logon prompt and no
credentials will work.

Hoping to at least get some idea on how to move forward
on this.

Thank You
Bret Jones; Posted by David Everett [MSFT] on March 5th, 2004; Hi Brett,

1. Disconnect any mapped drives that might already exist between the two DCs
and then try and connect. If it still fails to connect open the command
line on both DCs and type the following command:

net share <enter>

2. Verify both DCs list the IPC$ share in the output. If the ADMIN shares
are not listed then make sure "AutoShareServer" is not under
HKLM\SYSTEM\CurrentControlSet\Services\LanmanServe r\Parameters and
"AutoShareWks" is not under
HKLM\SYSTEM\CurrentControlSet\Services\LanmanServe r\Parameters. If these
are present, delete them and reboot. After the reboot verify they do not
get added back into the registry.

3. If the IPC$ shares do exist then verify you can connect to the other DC's
IPC$ by typing the following command:

net use \\dcname\ipc$

4. See if the CrashOnAuditFail is enabled on either DC. If the value is 2
on either system do the following:
a. Save and clear the Security log.
b. Delete the CrashOnAuditFail value, recreate the REG_DWORD value and set
it to 0 or 1
c. Reboot.

--
David Everett
Microsoft Corporation

This posting is provided "AS IS" with no warranties, and confers no rights.
"Manfred" <simonet@cdiglobal.com> wrote in message
news:174401c384cf$cca46b50$a301280a@phx.gbl...

"Zef" <anonymous@discussions.microsoft.com> wrote in message
news:5b1001c400a5$fcc613e0$a501280a@phx.gbl...; Posted by Bret Jones on March 5th, 2004; Thank You for your post. I went through the items you mentioned.
Removed all mappings referencing the other server on both servers.
There were no registry entries for AutoShareServer or AutoShareWks on
either domain controller. The crashonauditfail value was 0 on both
servers. IPC$ and Admin shares appeared on both servers.

The one odd thing that occurred was using the net use
\\servername\ipc$ command. The command completed normally from the
secondary DC, but when ran on the Small Business Server DC it prompted
for logon credentials, but did not accept known good administrator
credentials.

Since the problem is showing up in the other direction, Second DC
cannot authenticate to Small Business Server, having this
authentication problem show up going from SBS-->Second DC surprised
me.

Any further thoughts would be very appreciated.

Thank you
Bret

"David Everett [MSFT]" <deverett@online.microsoft.com> wrote in message news:<#YlusVtAEHA.1420@TK2MSFTNGP11.phx.gbl>...

Similar Posts

xp pro disc won't authenticate (Home and office) by dave
VPN - Connect & Authenticate, then nothing... (Help and Support) by Desi
Could not Authenticate to Server (Microsoft Windows) by MP81
NuB: Authenticate everything on Eth thru Radius??? (Routers) by Targa
can't authenticate to W2k domain (Windows NT) by DC Gringo

ppc company