Add to that: output of netdiag and dcdiag from the DC's would be a good addition.
-Al -----Original Message----- From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Monday, May 03, 2004 4:35 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Active Directory/DNS weirdness Hey Laura... Two things come to mind here. First, do the NT4 clients have the DSClient installed, and if so, does it make a difference? Second, are you still running WINS in the environment? What it sounds like is that you're having a LOT of NetBIOS name resolution issues. Remember pre-Win2k, you pretty much had to have WINS, and its an absolute requirenment for multisegment LANs and WANs. When the clients stop being able to log in, have you run NLTest or NetDom to verify the secure channel? I'd be interested in seeing the output of that. -------------------------------------------------------------- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. > -----Original Message----- > From: Hunter, Laura E. [mailto:[EMAIL PROTECTED] > Sent: Monday, May 03, 2004 3:36 PM > To: '[EMAIL PROTECTED]' > Subject: [ActiveDir] Active Directory/DNS weirdness > > Okay, this is something that I've filed in the "I'll live with it" > column for awhile: > > > Windows 2000 Active Directory domain. > > Still supporting NT4 clients. > > Using BIND DNS that does -not- have dynamic updates enabled: > whenever I > create a DC, I am required to manually upload the netlogon.dns into > the zone file. (This is usually a one-time upload, since it's done > manually.) > > Whenever I reboot the PDC Emulator, my NT4 clients start throwing the > following error: > > "System can not log you on to the domain because the systems computer > account in its primary domain is missing or the password on that > account is incorrect"... > > Or, > > "System Error 1789 has occurred. The trust relationship between this > workstation and the primary domain failed." > > 2000/XP boxen keep chugging merrily along, this behaviour only happens > on NT. > > The MS KB answer is to drop the machine from the domain and re-add it. > (Every NT workstation? Every time I reboot the server? Are you > serious? > Besides...I tried that and it doesn't work.) > > The workaround that I've found is to compact the AD database after I > reboot the controller. It's a workaround only, and doesn't solve the > underlying problem that it just plain shouldn't be happening. > > Another piece to the anecdote: I had formerly housed the PDC Emulator > on a remote subnet, in a different building from my clients. When > this was the case, said error would start throwing itself every few > days even -without- me rebooting the PDC Emulator. I had to build a > DC, install it locally and transfer the PDC FSMO role to get any sleep > at all! > > Laura > > *waves at Roger & Tony* > > *********************************** > Laura E. Hunter > MCSE, MCT, MVP - Windows Networking > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
