Hi Everyone, The other day, I had a user unable to log into his laptop when connection to a W2K DC was not available. Our network is a Windows 2000 AD domain in mixed mode. There are 2 AD DCs on one subnet and one NT 4.0 BDC on the corporate user subnet. The router between the subnets went down so only an NT 4.0 BDC was available for authentication. The user was unable to access network resources so he rebooted his machine. When it came back up, he wasn't even able to log in. W2K gave him a computer account missing or incorrect password error. He was not putting in an incorrect password and I was not able to log in as myself or domain admin to his machine. When the router came back up, he was fine.
We are confused because when we are unable to contact a domain controller with W2K or XP, the OS just logs us in with our local profile and files an error in the Event Log and NT lets you know. I am thinking that since there was a valid network connection in our domain, just that the AD DC was not available caused this, but why isn't my NT 4.0 BDC authenticating anyway? Does the RDC have to be available at all times? Does an AD domain not allow NT 4.0 DCs to authenticate users? I was under the impression that if Kerberos failed, NTLM would be used next and the NT 4.0 DC should respond to that. I have Netlogon successes on that DC so it still has to be doing something. We are planning for a W2K DC on the corporate subnet within the next month when we are able to retire the NT 4.0 BDC which is our Exchange Server. Any thoughts are greatly appreciated. Thanks in advance. LORI EBY Information Systems Administrator Atoga Systems, Inc. 49026 Milmont Drive Fremont, CA 94538 VOICE - (510) 743-0223 FAX - (510) 687-9710 www.atoga.com List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
