I would recommend doing a trace of one of the problem clients logging on and watch the whole referral process, etc. Actually I would probably just turn on a sniffer and let it watch everything from one of those machines from boot up for some time so you catch refreshes and everything else. At least then you should be able to nail down whether the clients are being referred to something incorrectly or they are off making their own incorrect decisions. -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm
_____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kamlesh Parmar Sent: Saturday, December 02, 2006 1:55 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Bulk of client going to PDC Yes checked the correct subnets are attached to correct sites. All clients are connected via Ethernet 100/Full Duplex. Its like mass exodus of swarm of computers, going to PDCe, and in turn choking the WAN links. It happened like once a day.. and everyday it would be random site. Have asked different site people to install netmon on some PCs and keep it running..on Monday..hoping that one of those sites.. and in them.. one of those PCs misbehaves. Anything else, I should look at? -- Kamlesh On 12/2/06, Al Mulnick <[EMAIL PROTECTED]> wrote: Site definitions - are your site definitions up to date? How are your clients connected - Are they ethernet, 802.11x, tokenring, ?? On 12/2/06, Kamlesh Parmar <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > wrote: Am sorry, I didn't follow what you are asking.. could you be more specific. On 12/2/06, Al Mulnick <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > wrote: How are your clients connected? Site definitions? On 12/1/06, Kamlesh Parmar <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > wrote: Appreciate the efforts taken. AFAIK, this would be more of a DFS issue then authentication, as clients are pulling policies and files from PDCe. When I look into details of DFS link targets for sysvol or netlogon, PDCe is listed as distance 9th in the list of servers which clients should contact in case there primary link target failed. And this happens so randomly, from clients that I am not able to setup a network trace also. -- Kamlesh On 12/1/06, Thomas Michael Heß <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > wrote: Hi Kamlesh, first of all, iwould enable the logging of the Netlogon Service. I ve found an article in the WindowsITPro The Netlogon service is one of the key Local Security Authority (LSA) processes that run on every Windows domain controller. When you troubleshoot authentication problems, analyzing the Netlogon service log files can be useful. How do I turn Netlogon service logging on and off, and how do I analyze the content of the Netlogon log files? To turn on Netlogon service logging, type the following Nltest command at the command line: nltest /dbflag:2080ffff Enabling Netlogon service logging requires that you restart the Netlogon service. To do so, use the Net Stop Netlogon and Net Start Netlogon commands. To disable netlogon service logging, type: nltest /dbflag:0 Then, restart the Netlogon service again. The Netlogon service stores log data in a special log file called netlogon.log, in the %Windir%\debug folder. Two utilities are useful in querying the Netlogon log files: Nlparse.exe and Findstr.exe. Nlparse.exe is a GUI tool that comes with Microsoft Account Lockout tools. You can download Account Lockout tools for free from the Microsoft Web site as part of the "Account Lockout and Management Tools" ALTools.exe file at <http://www.microsoft.com/downloads/details.aspx?FamilyID=7AF2E69C-91F3-4E63 -8629-B999ADDE0B9E&displaylang=en> http://www.microsoft.com/downloads/details.aspx?FamilyID=7AF2E69C-91F3-4E63- 8629-B999ADDE0B9E&displaylang=en . <http://www.winnetmag.com/Files/42850/Figure_01.gif> Figure 1 shows the Nlparse GUI, which contains the most common Netlogon error codes and their meaning. Nlparse stores the output of its queries in two files in the %Windir%\debug folder: netlogon.log-out.scv and netlogon.log-summaryout.txt. . . . HtH Thomas _____ Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Kamlesh Parmar Gesendet: Donnerstag, 30. November 2006 20:51 An: ActiveDir@mail.activedir.org Betreff: [ActiveDir] Bulk of client going to PDC Hi Guys, We are facing some strange issue, randomly clients from some sites are going to PDCe for group policy refresh,along with screensaver and wallpaper stored in netlogon. Clients are ignoring their nearest DC, and approaching PDCe. All DCs : Win2k3 SP1 All Clients: XP SP2 I verified, 1) DNS entries for site DC are correct. 2) Netlogon and Sysvol folder of site DC are accessible. 3) Verified the clients are authenticating with site DC by : nltest.exe /sc_query:DOMAIN 4) Verified DFS info for netlogon and sysvol on clients is correct : dfsutil.exe /pktinfo I am clueless where else, should I look? -- Kamlesh ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ You teach best what you most need to learn. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ You teach best what you most need to learn. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ You teach best what you most need to learn. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ You teach best what you most need to learn. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
