RE: [ActiveDir] IAS, Radius & AD

[Harding, Devon]

The problem is the IAS server cannot find any DCs in those domains.  Also, I get the following error with the netsh command:   C:\>netsh ras tracing * ENABLED The following command was not found: ras tracing * ENABLED.   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Guy Teverovsky Sent: Thursday, November 17, 2005 4:51 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] IAS, Radius & AD   Are members in those 2 domains having UPN suffix no in the namespace of the forest root ? Example: Forest root suffixes: @company.net Child suffixes: @child.forest.com   Are the users trying to logon using UPN or domain\samaccountname ? Have you tried implicit Kerberos principal ([EMAIL PROTECTED])   IAS is rather touchy when it comes to mapping UPNs to correct domains… You can also enable IAS debugging by issuing on the IAS server: netsh ras tracing * ENABLED   You will find detailed logs at %SystemRoot%\Tracing   Guy From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harding, Devon Sent: Thursday, November 17, 2005 20:15 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] IAS, Radius & AD   No replication errors at all.  Directory Service logs are clean.   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joe Pochedley Sent: Thursday, November 17, 2005 11:24 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] IAS, Radius & AD   Hmm...  Any replication problems with those servers in the past (or currently)?  Any Kerberos errors?  Joe Pochedley A computer terminal is not some clunky old television with a typewriter in front of it. It is an interface where the mind and body can connect with the universe and move bits of it about. -Douglas Adams     From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harding, Devon Sent: Thursday, November 17, 2005 10:50 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] IAS, Radius & AD I ran DNSLint and it returned SRV records for all DC’s in that domain.  I also ran ntdsutil to do a metadata cleanup of any possible orphaned server an noticed that I get the following RPC error when trying to connect to one of the existing DCs: ‘DsBindW error 0x6ba(The RPC server is unavailable.)’   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joe Pochedley Sent: Thursday, November 17, 2005 9:47 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] IAS, Radius & AD   DC's are located by querying DNS.  Check and make sure the proper SRV records for the two domains in question appears on the server that your IAS is using for DNS.  DNSLint may help you with this task. Joe Pochedley A computer terminal is not some clunky old television with a typewriter in front of it. It is an interface where the mind and body can connect with the universe and move bits of it about. -Douglas Adams     From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harding, Devon Sent: Thursday, November 17, 2005 8:47 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] IAS, Radius & AD I have 15 child domains in my AD forest.  When using IAS (Nortel VPN) as a Radius server on my root AD server, I can get clients to successfully authenticate against all domains but 2.  On these two domains, I get an IAS event id error of 5052, ‘There is no domain controller available for domain SWSNM’.  I’ve ran DCDIAG and NETDIAG against these domain and the tests passes.   How does IAS locate domain controllers for authentication?  How can I troubleshoot this?   Devon Harding Windows Systems Engineer Southern Wine & Spirits - BSG 954-602-2469   __________________________________ This message and any attachments are solely for the intended recipient and may contain confidential or privileged information. If you are not the intended recipient, any disclosure, copying, use or distribution of the information included in the message and any attachments is prohibited. If you have received this communication in error, please notify us by reply e-mail and immediately and permanently delete this message and any attachments. Thank You.