I'm curious whether there is some consistency in the clients and whether they're the latest version of the OS, what kind of DNS you have, WINS, etc
Also, you might want to look at your DHCP and see where the DNS server is that the clients are bouncing against, but that doesn't seem to be the issue, since it's not consistent (that's the thing that seems to be strangest, that the issue seems to hop from site to site) Probably the best place to start is to track back to when the issue started and see if there were some changes that occured around that time, whether it be part of the physical network or something on the clients/servers On 12/2/06, joe <[EMAIL PROTECTED]> wrote:
I would recommend doing a trace of one of the problem clients logging on and watch the whole referral process, etc. Actually I would probably just turn on a sniffer and let it watch everything from one of those machines from boot up for some time so you catch refreshes and everything else. At least then you should be able to nail down whether the clients are being referred to something incorrectly or they are off making their own incorrect decisions. -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm ------------------------------ *From:* [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED] *On Behalf Of *Kamlesh Parmar *Sent:* Saturday, December 02, 2006 1:55 PM *To:* ActiveDir@mail.activedir.org *Subject:* Re: [ActiveDir] Bulk of client going to PDC Yes checked the correct subnets are attached to correct sites. All clients are connected via Ethernet 100/Full Duplex. Its like mass exodus of swarm of computers, going to PDCe, and in turn choking the WAN links. It happened like once a day.. and everyday it would be random site. Have asked different site people to install netmon on some PCs and keep it running..on Monday..hoping that one of those sites.. and in them.. one of those PCs misbehaves. Anything else, I should look at? -- Kamlesh On 12/2/06, Al Mulnick <[EMAIL PROTECTED]> wrote: > > Site definitions - are your site definitions up to date? > > How are your clients connected - Are they ethernet, 802.11x, tokenring, > ?? > > > > > On 12/2/06, Kamlesh Parmar <[EMAIL PROTECTED] > wrote: > > > > Am sorry, I didn't follow what you are asking.. could you be more > > specific. > > > > On 12/2/06, Al Mulnick <[EMAIL PROTECTED] > wrote: > > > > > > How are your clients connected? Site definitions? > > > > > > On 12/1/06, Kamlesh Parmar <[EMAIL PROTECTED] > wrote: > > > > > > > > Appreciate the efforts taken. > > > > > > > > AFAIK, this would be more of a DFS issue then authentication, as > > > > clients are pulling policies and files from PDCe. > > > > > > > > When I look into details of DFS link targets for sysvol or > > > > netlogon, PDCe is listed as distance 9th in the list of servers which > > > > clients should contact in case there primary link target failed. > > > > > > > > And this happens so randomly, from clients that I am not able to > > > > setup a network trace also. > > > > > > > > > > > > -- > > > > Kamlesh > > > > > > > > On 12/1/06, Thomas Michael Heß <[EMAIL PROTECTED] > wrote: > > > > > > > > > > Hi Kamlesh, > > > > > > > > > > > > > > > > > > > > first of all, iwould enable the logging of the Netlogon Service. > > > > > > > > > > I ve found an article in the WindowsITPro > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > *The Netlogon service is one of the key Local Security Authority > > > > > (LSA) processes that run on every Windows domain controller. When you > > > > > troubleshoot authentication problems, analyzing the Netlogon service log > > > > > files can be useful. How do I turn Netlogon service logging on and off, and > > > > > how do I analyze the content of the Netlogon log files? * > > > > > > > > > > To turn on Netlogon service logging, type the following Nltest > > > > > command at the command line: > > > > > > > > > > *nltest /dbflag:2080ffff* > > > > > > > > > > Enabling Netlogon service logging requires that you restart the > > > > > Netlogon service. To do so, use the Net Stop Netlogon and Net Start Netlogon > > > > > commands. To disable netlogon service logging, type: > > > > > > > > > > *nltest /dbflag:0* > > > > > > > > > > Then, restart the Netlogon service again. The Netlogon service > > > > > stores log data in a special log file called netlogon.log, in > > > > > the %Windir%\debug folder. > > > > > > > > > > Two utilities are useful in querying the Netlogon log files: > > > > > Nlparse.exe and Findstr.exe. Nlparse.exe is a GUI tool that > > > > > comes with Microsoft Account Lockout tools. You can download Account Lockout > > > > > tools for free from the Microsoft Web site as part of the "Account Lockout > > > > > and Management Tools" ALTools.exe file at > > > > > http://www.microsoft.com/downloads/details.aspx?FamilyID=7AF2E69C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en. Figure > > > > > 1 <http://www.winnetmag.com/Files/42850/Figure_01.gif> shows the > > > > > Nlparse GUI, which contains the most common Netlogon error codes and their > > > > > meaning. Nlparse stores the output of its queries in two files in the > > > > > %Windir%\debug folder: netlogon.log-out.scv and > > > > > netlogon.log-summaryout.txt. *. . .* > > > > > > > > > > HtH > > > > > > > > > > Thomas > > > > > > > > > > > > > > > ------------------------------ > > > > > > > > > > *Von:* [EMAIL PROTECTED] [mailto: > > > > > [EMAIL PROTECTED] *Im Auftrag von *Kamlesh > > > > > Parmar > > > > > *Gesendet:* Donnerstag, 30. November 2006 20:51 > > > > > *An:* ActiveDir@mail.activedir.org > > > > > *Betreff:* [ActiveDir] Bulk of client going to PDC > > > > > > > > > > > > > > > > > > > > Hi Guys, > > > > > > > > > > We are facing some strange issue, randomly clients from some > > > > > sites are going to PDCe for group policy refresh,along with screensaver and > > > > > wallpaper stored in netlogon. > > > > > > > > > > Clients are ignoring their nearest DC, and approaching PDCe. > > > > > > > > > > All DCs : Win2k3 SP1 > > > > > All Clients: XP SP2 > > > > > > > > > > I verified, > > > > > 1) DNS entries for site DC are correct. > > > > > 2) Netlogon and Sysvol folder of site DC are accessible. > > > > > 3) Verified the clients are authenticating with site DC by : > > > > > nltest.exe /sc_query:DOMAIN > > > > > 4) Verified DFS info for netlogon and sysvol on clients is > > > > > correct : dfsutil.exe /pktinfo > > > > > > > > > > I am clueless where else, should I look? > > > > > > > > > > -- > > > > > Kamlesh > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > > > > You teach best what you most need to learn. > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > > > > > > > > > > > > > > > > > > > > -- > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > > > You teach best what you most need to learn. > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > > > > > > > > > > > > > > > -- > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > You teach best what you most need to learn. > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > > > -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ You teach best what you most need to learn. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
