The problem is the IAS server cannot find
any DCs in those domains. Also, I get the following error with the netsh
command: C:\>netsh ras tracing * ENABLED The following command was not found: ras
tracing * ENABLED. From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Guy Teverovsky Are members in those 2
domains having UPN suffix no in the namespace of the forest root ? Example: Child suffixes:
@child.forest.com Are the users trying to
logon using UPN or domain\samaccountname ? Have you tried implicit
Kerberos principal ([EMAIL PROTECTED])
IAS is rather touchy when
it comes to mapping UPNs to correct domains… You can also enable IAS
debugging by issuing on the IAS server: netsh ras tracing *
ENABLED You will find detailed
logs at %SystemRoot%\Tracing From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of No replication errors at
all. Directory Service logs are clean. From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joe Pochedley Hmm... Any replication
problems with those servers in the past (or currently)? Any Kerberos
errors? Joe
Pochedley From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of I ran
DNSLint and it returned SRV records for all DC’s in that domain. I
also ran ntdsutil to do a metadata cleanup of any possible orphaned server an
noticed that I get the following RPC error when trying to connect to one of the
existing DCs: ‘DsBindW error 0x6ba(The RPC server is unavailable.)’ From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joe Pochedley DC's are located by querying
DNS. Check and make sure the proper SRV records for the two domains in
question appears on the server that your IAS is using for DNS. DNSLint
may help you with this task. Joe
Pochedley From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of I have 15 child domains in my AD
forest. When using IAS (Nortel VPN) as a Radius server on my root AD server,
I can get clients to successfully authenticate against all domains but 2.
On these two domains, I get an IAS event id error of 5052, ‘There is no
domain controller available for domain SWSNM’. I’ve ran
DCDIAG and NETDIAG against these domain and the tests passes. How
does IAS locate domain controllers for authentication? How can I
troubleshoot this? Windows
Systems Engineer Southern
Wine & Spirits - BSG 954-602-2469 __________________________________ |
- RE: [ActiveDir] IAS, Radius & AD Harding, Devon
- RE: [ActiveDir] IAS, Radius & AD Guy Teverovsky
- RE: [ActiveDir] IAS, Radius & AD Harding, Devon