RE: [ActiveDir] Logging into a disconnected DC

[McCall, Iain]

Title: Logging into a disconnected DC

Roger – are you no longer at Inovis>?   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Roger Seielstad Sent: 12 August 2004 15:43 To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Logging into a disconnected DC   Yup. That would do it. No GC, log login. At least not pre Win2k3 forst funtional mode (IIRC).   Roger -------- Roger Seielstad E-mail Geek & MS-MVP     From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joe Pochedley Sent: Thursday, August 12, 2004 5:33 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Logging into a disconnected DC Roger,   Yes, the site is configured correctly, proper subnet and all....  We do have a child domain here, but all the accounts in question (and server itself) are part of the parent domain...   The site's back up this morning...  While looking through the event logs, I found a couple events on the server complaining about not being able to reach the Global Catalog during the outage period...  Despite the configuration notes to the contrary, this server was NOT configured as a Global Catalog server...  I'm assuming that this was the root of the problem?  Will not being able to connect to a GC, even though the accounts are part of the local AD, cause the problems I've experienced?   Thanks again to everyone who already responded, and to those who can confirm that not being a GC was most certainly the root of the problem...    Joe Pochedley A computer terminal is not some clunky old television with a typewriter in front of it. It is an interface where the mind and body can connect with the universe and move bits of it about. -Douglas Adams     From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 11, 2004 10:38 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Logging into a disconnected DC I'd wonder if the issue isn't caused by a misconfigured site and subnet. Have you verfied that the local network exists as its own Site in AD?   Also, are we talking multi-domain forests or a single flat domain? That makes a big diff too..   -------- Roger Seielstad E-mail Geek & MS-MVP     From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joe Pochedley Sent: Wednesday, August 11, 2004 10:54 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Logging into a disconnected DC Good afternoon..  Hoping someone can give me some pointers here… We have an office in the UK that is connected back to our US HQ via a VPN link (over the Internet).  At that site, they have a AD DC which is also a GC and DNS server.  This afternoon their VPN link is down (Internet issue) and for some reason they can not authenticate against their local DC for logins…  All clients are Win 2kPro or Win XP Pro and receive an error similar to 'Unable to contact the domain' when they attempt to login…  the users at the site can't even log into the DC machine itself with an administrative domain account (error: Please check that the username and password are entered correctly…  I've verified that the name and password they have are correct and can log into DC's in our site - they've used the credentials in the past and I'm pretty sure that with the number of times they've tried they should've typed the info correctly at least once) I do check AD replication on a semi-regular basis and have never noticed anything out of the ordinary with that site (dcdiag, netdiag, replmon, and the AD Replication Monitor app)…  The domain is a Win2k Native domain…  I know I've tested disconnected sites before and they've always been able to authenticate locally while the VPN link was down (we have other sites that operate like this) and have never seen this problem…  At this point I'm just looking for some possibilities or pointers on things to check until the site is back up and I can take a look at that server, Event Logs, etc…  TIA Joe Pochedley A computer terminal is not some clunky old television with a typewriter in front of it. It is an interface where the mind and body can connect with the universe and move bits of it about. -Douglas Adams