Bingo. The failing ones are auth'ing against the R2 DC. The working ones are doing it against the 2008 servers. So I have gotten caught up in a new NTLM setting on R2 that I have just started reading about.
From: Raper, Jonathan - Eagle [mailto:jra...@eaglemds.com] Sent: Friday, December 03, 2010 1:58 PM To: NT System Admin Issues Subject: RE: Intermittant IIS logon issues. Hmmm....what DC(s) are the failing machine accounts authenticating against? Jonathan L. Raper, A+, MCSA, MCSE Technology Coordinator Eagle Physicians & Associates, PA jra...@eaglemds.com<BLOCKED::mailto:%20jra...@eaglemds.com> www.eaglemds.com<BLOCKED::http://www.eaglemds.com/> ________________________________ From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Friday, December 03, 2010 1:54 PM To: NT System Admin Issues Subject: RE: Intermittant IIS logon issues. Ok, DC name resolution was red herring. Maybe. The issue is desktop related. XP workstations.....on some they fail and on others they are just fine using the same user account. They all have the same group policies and same service pack (3). Now to check the desktop patch levels. From: Raper, Jonathan - Eagle [mailto:jra...@eaglemds.com] Sent: Friday, December 03, 2010 12:46 PM To: NT System Admin Issues Subject: RE: Intermittant IIS logon issues. Cool, please do update us either way. Since you still have one DC that is not @ R2, I would not at all be surprised if that is the culprit or at least part of it. Happy Friday! Jonathan L. Raper, A+, MCSA, MCSE Technology Coordinator Eagle Physicians & Associates, PA jra...@eaglemds.com<BLOCKED::mailto:%20jra...@eaglemds.com> www.eaglemds.com<BLOCKED::http://www.eaglemds.com/> ________________________________ From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Friday, December 03, 2010 12:21 PM To: NT System Admin Issues Subject: RE: Intermittant IIS logon issues. I think you nailed it. I still have one 2008 DC running....and it is my primary DNS/Wins server for the IIS server in question. NBLookups from the IIS server to one of the DC's is failing....got lots of bad WINS records in it. It was going to be decommissioned next week, I have moved that up to the end of the day today and I bet that gets it. I will certainly post a resolution if that is it. From: Raper, Jonathan - Eagle [mailto:jra...@eaglemds.com] Sent: Friday, December 03, 2010 11:14 AM To: NT System Admin Issues Subject: RE: Intermittant IIS logon issues. Shot in the dark, since you say the failed attempts are being rejected locally... Are all of your DCs talking to each other and updating/replicating with each other properly since you did the upgrade? Jonathan L. Raper, A+, MCSA, MCSE Technology Coordinator Eagle Physicians & Associates, PA jra...@eaglemds.com<BLOCKED::mailto:%20jra...@eaglemds.com> www.eaglemds.com<BLOCKED::http://www.eaglemds.com/> ________________________________ From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Friday, December 03, 2010 11:05 AM To: NT System Admin Issues Subject: Intermittant IIS logon issues. App on a 2003 IIS server that uses the IIS integrated authentication. The app does not do the authentication, the IIS website does. Authentication is back to 2008 R2 DC's. And I think that is the issue, this seems to have just started when I updated the DC's from 2008 to 2008 R2. It is very odd, some users can hit it with integrated authentication and others cannot. For a couple of days at a time those that cannot sometimes can. When the users fail I can see it in the security log, that the user is being checked against the local server account list...rather than the domain. If the user hits the popup with domain/user at that point it authenticates them just fine. Authentication methods on the website appear correct, and have not been changed since the app was setup. Anonymous is allowed and the IUSR account is valid and synced up correctly. Then only Integrated Windows Auth is checked. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ________________________________ Any medical information contained in this electronic message is CONFIDENTIAL and privileged. It is unlawful for unauthorized persons to view, copy, disclose, or disseminate CONFIDENTIAL information. This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and/or entity named as recipients in the message. If you are not an intended recipient of this message, please notify the sender immediately and delete this material from your computer. Do not deliver, distribute or copy this message, and do not disclose its contents or take any action in reliance on the information that it contains. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin