Appreciate the efforts taken. AFAIK, this would be more of a DFS issue then authentication, as clients are pulling policies and files from PDCe.
When I look into details of DFS link targets for sysvol or netlogon, PDCe is listed as distance 9th in the list of servers which clients should contact in case there primary link target failed. And this happens so randomly, from clients that I am not able to setup a network trace also. -- Kamlesh On 12/1/06, Thomas Michael Heß <[EMAIL PROTECTED]> wrote:
Hi Kamlesh, first of all, iwould enable the logging of the Netlogon Service. I ve found an article in the WindowsITPro *The Netlogon service is one of the key Local Security Authority (LSA) processes that run on every Windows domain controller. When you troubleshoot authentication problems, analyzing the Netlogon service log files can be useful. How do I turn Netlogon service logging on and off, and how do I analyze the content of the Netlogon log files?* To turn on Netlogon service logging, type the following Nltest command at the command line: *nltest /dbflag:2080ffff* Enabling Netlogon service logging requires that you restart the Netlogon service. To do so, use the Net Stop Netlogon and Net Start Netlogon commands. To disable netlogon service logging, type: *nltest /dbflag:0* Then, restart the Netlogon service again. The Netlogon service stores log data in a special log file called netlogon.log, in the %Windir%\debug folder. Two utilities are useful in querying the Netlogon log files: Nlparse.exeand Findstr.exe. Nlparse.exe is a GUI tool that comes with Microsoft Account Lockout tools. You can download Account Lockout tools for free from the Microsoft Web site as part of the "Account Lockout and Management Tools" ALTools.exe file at http://www.microsoft.com/downloads/details.aspx?FamilyID=7AF2E69C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en. Figure 1 <http://www.winnetmag.com/Files/42850/Figure_01.gif> shows the Nlparse GUI, which contains the most common Netlogon error codes and their meaning. Nlparse stores the output of its queries in two files in the %Windir%\debug folder: netlogon.log-out.scv and netlogon.log-summaryout.txt. *. . .* HtH Thomas ------------------------------ *Von:* [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED] *Im Auftrag von *Kamlesh Parmar *Gesendet:* Donnerstag, 30. November 2006 20:51 *An:* ActiveDir@mail.activedir.org *Betreff:* [ActiveDir] Bulk of client going to PDC Hi Guys, We are facing some strange issue, randomly clients from some sites are going to PDCe for group policy refresh,along with screensaver and wallpaper stored in netlogon. Clients are ignoring their nearest DC, and approaching PDCe. All DCs : Win2k3 SP1 All Clients: XP SP2 I verified, 1) DNS entries for site DC are correct. 2) Netlogon and Sysvol folder of site DC are accessible. 3) Verified the clients are authenticating with site DC by : nltest.exe /sc_query:DOMAIN 4) Verified DFS info for netlogon and sysvol on clients is correct : dfsutil.exe /pktinfo I am clueless where else, should I look? -- Kamlesh ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ You teach best what you most need to learn. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ You teach best what you most need to learn. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
