We have seen the problem where the Domain Controllers could not handle the
load of a large group of machines trying to authenticate at the same time.
We have an application network of 20,000 machines (servers and workstations
in multiple domains) that are rebooted nightly to apply any outstanding
application updates. If a large number of them reboot at the same time,
the Domain Controllers cannot handle the authentication load. Remember,
even though no one is logging in, some of the system services might be
using domain accounts.
MS has spent many hours on-site on this and one of the solutions was to
just try and spread out the reboot times. I also recall there is also
something about the authentication of the machine accounts that might
affect this problem. Something like the configuration of how often they
change the handshake password under the covers?? I can't remember the
exact details and I think the setting was not changed because the corporate
guys who would change the DC's didn't want to pursue that if the
"spreading out the reboots" worked (especially since the reboot time fix
was to be done by the application support people, not them!)
If the authentication fails, then one of the system services takes an
error. They run a job first thing every morning to scan all the servers
and reboot the ones with the authentication error so they retry the
authentication. That usually does the trick. Not really fixing the root
cause, but MS could not come up with an exact solution that the corporate
guys were willing to try. And I could easily understand the problem being
with WINS, but the corporate guys are defensive on that one too. It would
not be the first time WINS was the root cause of problem in that network,
or the last.
"Duane Purcell"
<duanepurcell@skill T
ed.com.au> To: "NT 2000 Discussions"
<[EMAIL PROTECTED]>
cc:
Sent by:
bounce-nt2000-42092 bcc:
@ls.swynk.com Subject: RE: NT
4.0 Domain Logon
Problems
08/28/01 11:23 PM
Please respond to
"NT 2000
Discussions"
We had a similar problem where the WINS servers were missing the [1CH]
Domain Controller entry - restarting WINS seemed to fix the problem.
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Paul Timmerman
Sent: Wednesday, 29 August 2001 4:39 AM
To: NT 2000 Discussions
Subject: NT 4.0 Domain Logon Problems
Can anyone explain why we would be getting the following error on some
machines, at random times. This is not happenning on all machines, but
enough to where I think we can rule out it being a PC specific problem:
"No domain controller to authenticate the login, and cached information
will
be used."
The only fix as of now is to continually try logging in until it finally
accepts the request.
Any ideas?
_________________________________________________________________
Get your FREE download of MSN Explorer at
http://explorer.msn.com/intl.asp
------
You are subscribed as [EMAIL PROTECTED]
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe send a blank email to [EMAIL PROTECTED]
------
You are subscribed as [EMAIL PROTECTED]
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe send a blank email to [EMAIL PROTECTED]
------
You are subscribed as [email protected]
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe send a blank email to [EMAIL PROTECTED]
