Okay, this is something that I've filed in the "I'll live with it" column for awhile:
Windows 2000 Active Directory domain. Still supporting NT4 clients. Using BIND DNS that does -not- have dynamic updates enabled: whenever I create a DC, I am required to manually upload the netlogon.dns into the zone file. (This is usually a one-time upload, since it's done manually.) Whenever I reboot the PDC Emulator, my NT4 clients start throwing the following error: "System can not log you on to the domain because the systems computer account in its primary domain is missing or the password on that account is incorrect"... Or, "System Error 1789 has occurred. The trust relationship between this workstation and the primary domain failed." 2000/XP boxen keep chugging merrily along, this behaviour only happens on NT. The MS KB answer is to drop the machine from the domain and re-add it. (Every NT workstation? Every time I reboot the server? Are you serious? Besides...I tried that and it doesn't work.) The workaround that I've found is to compact the AD database after I reboot the controller. It's a workaround only, and doesn't solve the underlying problem that it just plain shouldn't be happening. Another piece to the anecdote: I had formerly housed the PDC Emulator on a remote subnet, in a different building from my clients. When this was the case, said error would start throwing itself every few days even -without- me rebooting the PDC Emulator. I had to build a DC, install it locally and transfer the PDC FSMO role to get any sleep at all! Laura *waves at Roger & Tony* *********************************** Laura E. Hunter MCSE, MCT, MVP - Windows Networking List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
