Re: [ActiveDir] Bulk of client going to PDC
I'm curious whether there is some consistency in the clients and whether they're the latest version of the OS, what kind of DNS you have, WINS, etc Also, you might want to look at your DHCP and see where the DNS server is that the clients are bouncing against, but that doesn't seem to be the issue, since it's not consistent (that's the thing that seems to be strangest, that the issue seems to hop from site to site) Probably the best place to start is to track back to when the issue started and see if there were some changes that occured around that time, whether it be part of the physical network or something on the clients/servers On 12/2/06, joe [EMAIL PROTECTED] wrote: I would recommend doing a trace of one of the problem clients logging on and watch the whole referral process, etc. Actually I would probably just turn on a sniffer and let it watch everything from one of those machines from boot up for some time so you catch refreshes and everything else. At least then you should be able to nail down whether the clients are being referred to something incorrectly or they are off making their own incorrect decisions. -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm -- *From:* [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED] *On Behalf Of *Kamlesh Parmar *Sent:* Saturday, December 02, 2006 1:55 PM *To:* ActiveDir@mail.activedir.org *Subject:* Re: [ActiveDir] Bulk of client going to PDC Yes checked the correct subnets are attached to correct sites. All clients are connected via Ethernet 100/Full Duplex. Its like mass exodus of swarm of computers, going to PDCe, and in turn choking the WAN links. It happened like once a day.. and everyday it would be random site. Have asked different site people to install netmon on some PCs and keep it running..on Monday..hoping that one of those sites.. and in them.. one of those PCs misbehaves. Anything else, I should look at? -- Kamlesh On 12/2/06, Al Mulnick [EMAIL PROTECTED] wrote: Site definitions - are your site definitions up to date? How are your clients connected - Are they ethernet, 802.11x, tokenring, ?? On 12/2/06, Kamlesh Parmar [EMAIL PROTECTED] wrote: Am sorry, I didn't follow what you are asking.. could you be more specific. On 12/2/06, Al Mulnick [EMAIL PROTECTED] wrote: How are your clients connected? Site definitions? On 12/1/06, Kamlesh Parmar [EMAIL PROTECTED] wrote: Appreciate the efforts taken. AFAIK, this would be more of a DFS issue then authentication, as clients are pulling policies and files from PDCe. When I look into details of DFS link targets for sysvol or netlogon, PDCe is listed as distance 9th in the list of servers which clients should contact in case there primary link target failed. And this happens so randomly, from clients that I am not able to setup a network trace also. -- Kamlesh On 12/1/06, Thomas Michael Heß [EMAIL PROTECTED] wrote: Hi Kamlesh, first of all, iwould enable the logging of the Netlogon Service. I ve found an article in the WindowsITPro *The Netlogon service is one of the key Local Security Authority (LSA) processes that run on every Windows domain controller. When you troubleshoot authentication problems, analyzing the Netlogon service log files can be useful. How do I turn Netlogon service logging on and off, and how do I analyze the content of the Netlogon log files? * To turn on Netlogon service logging, type the following Nltest command at the command line: *nltest /dbflag:2080* Enabling Netlogon service logging requires that you restart the Netlogon service. To do so, use the Net Stop Netlogon and Net Start Netlogon commands. To disable netlogon service logging, type: *nltest /dbflag:0* Then, restart the Netlogon service again. The Netlogon service stores log data in a special log file called netlogon.log, in the %Windir%\debug folder. Two utilities are useful in querying the Netlogon log files: Nlparse.exe and Findstr.exe. Nlparse.exe is a GUI tool that comes with Microsoft Account Lockout tools. You can download Account Lockout tools for free from the Microsoft Web site as part of the Account Lockout and Management Tools ALTools.exe file at http://www.microsoft.com/downloads/details.aspx?FamilyID=7AF2E69C-91F3-4E63-8629-B999ADDE0B9Edisplaylang=en. Figure 1 http://www.winnetmag.com/Files/42850/Figure_01.gif shows the Nlparse GUI, which contains the most common Netlogon error codes and their meaning. Nlparse stores the output of its queries in two files in the %Windir%\debug folder: netlogon.log-out.scv and netlogon.log-summaryout.txt. *. . .* HtH Thomas
Re: [ActiveDir] Bulk of client going to PDC
:-), I forgot to mention, the desktops on which I checked, site DC is always listed as first choice in DFS. So I have to guess feature is already enabled. Also, that KB says, it is applicable to Windows 2003 gold , and we have SP1 on all servers. That also would mean that feature is already included in SP1 and is enabled. -- Kamlesh On 12/2/06, David Cliffe [EMAIL PROTECTED] wrote: Understood :-) But what about the feature that can be used with the more recent versions? It's described at the bottom of the article (you'd have to modify the registry on each applicable DC). I wonder if that would help in your case? -DaveC -- *From:* [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED] *On Behalf Of *Kamlesh Parmar *Sent:* Friday, December 01, 2006 12:29 PM *To:* ActiveDir@mail.activedir.org *Subject:* Re: [ActiveDir] Bulk of client going to PDC I checked the file version of dfssvc.exe and dfs.sys on my site DCs, they are higher than the one mentioned in the KB article. So point in looking at that fix. -- Kamlesh On 12/1/06, David Cliffe [EMAIL PROTECTED] wrote: Hi Kamlesh, I'm not necessarily recommending this as a fix, but wondering if you've seen it yet and if would apply? http://support.microsoft.com/kb/831201/en-us -DaveC -- *From:* [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED] *On Behalf Of *Kamlesh Parmar *Sent:* Thursday, November 30, 2006 2:51 PM *To:* ActiveDir@mail.activedir.org *Subject:* [ActiveDir] Bulk of client going to PDC Hi Guys, We are facing some strange issue, randomly clients from some sites are going to PDCe for group policy refresh,along with screensaver and wallpaper stored in netlogon. Clients are ignoring their nearest DC, and approaching PDCe. All DCs : Win2k3 SP1 All Clients: XP SP2 I verified, 1) DNS entries for site DC are correct. 2) Netlogon and Sysvol folder of site DC are accessible. 3) Verified the clients are authenticating with site DC by : nltest.exe /sc_query:DOMAIN 4) Verified DFS info for netlogon and sysvol on clients is correct : dfsutil.exe /pktinfo I am clueless where else, should I look? -- Kamlesh ~ You teach best what you most need to learn. ~ This email was sent to you by Reuters, the global news and information company. To find out more about Reuters visit www.about.reuters.com Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of Reuters Ltd. -- ~ You teach best what you most need to learn. ~ This email was sent to you by Reuters, the global news and information company. To find out more about Reuters visit www.about.reuters.com Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of Reuters Ltd. -- ~ You teach best what you most need to learn. ~
Re: [ActiveDir] Bulk of client going to PDC
Am sorry, I didn't follow what you are asking.. could you be more specific. On 12/2/06, Al Mulnick [EMAIL PROTECTED] wrote: How are your clients connected? Site definitions? On 12/1/06, Kamlesh Parmar [EMAIL PROTECTED] wrote: Appreciate the efforts taken. AFAIK, this would be more of a DFS issue then authentication, as clients are pulling policies and files from PDCe. When I look into details of DFS link targets for sysvol or netlogon, PDCe is listed as distance 9th in the list of servers which clients should contact in case there primary link target failed. And this happens so randomly, from clients that I am not able to setup a network trace also. -- Kamlesh On 12/1/06, Thomas Michael Heß [EMAIL PROTECTED] wrote: Hi Kamlesh, first of all, iwould enable the logging of the Netlogon Service. I ve found an article in the WindowsITPro *The Netlogon service is one of the key Local Security Authority (LSA) processes that run on every Windows domain controller. When you troubleshoot authentication problems, analyzing the Netlogon service log files can be useful. How do I turn Netlogon service logging on and off, and how do I analyze the content of the Netlogon log files? * To turn on Netlogon service logging, type the following Nltest command at the command line: *nltest /dbflag:2080* Enabling Netlogon service logging requires that you restart the Netlogon service. To do so, use the Net Stop Netlogon and Net Start Netlogon commands. To disable netlogon service logging, type: *nltest /dbflag:0* Then, restart the Netlogon service again. The Netlogon service stores log data in a special log file called netlogon.log, in the %Windir%\debug folder. Two utilities are useful in querying the Netlogon log files: Nlparse.exe and Findstr.exe. Nlparse.exe is a GUI tool that comes with Microsoft Account Lockout tools. You can download Account Lockout tools for free from the Microsoft Web site as part of the Account Lockout and Management Tools ALTools.exe file at http://www.microsoft.com/downloads/details.aspx?FamilyID=7AF2E69C-91F3-4E63-8629-B999ADDE0B9Edisplaylang=en. Figure 1 http://www.winnetmag.com/Files/42850/Figure_01.gif shows the Nlparse GUI, which contains the most common Netlogon error codes and their meaning. Nlparse stores the output of its queries in two files in the %Windir%\debug folder: netlogon.log-out.scv and netlogon.log-summaryout.txt. *. . .* HtH Thomas -- *Von:* [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED] * Im Auftrag von *Kamlesh Parmar *Gesendet:* Donnerstag, 30. November 2006 20:51 *An:* ActiveDir@mail.activedir.org *Betreff:* [ActiveDir] Bulk of client going to PDC Hi Guys, We are facing some strange issue, randomly clients from some sites are going to PDCe for group policy refresh,along with screensaver and wallpaper stored in netlogon. Clients are ignoring their nearest DC, and approaching PDCe. All DCs : Win2k3 SP1 All Clients: XP SP2 I verified, 1) DNS entries for site DC are correct. 2) Netlogon and Sysvol folder of site DC are accessible. 3) Verified the clients are authenticating with site DC by : nltest.exe /sc_query:DOMAIN 4) Verified DFS info for netlogon and sysvol on clients is correct : dfsutil.exe /pktinfo I am clueless where else, should I look? -- Kamlesh ~ You teach best what you most need to learn. ~ -- ~ You teach best what you most need to learn. ~ -- ~ You teach best what you most need to learn. ~
Re: [ActiveDir] Bulk of client going to PDC
Site definitions - are your site definitions up to date? How are your clients connected - Are they ethernet, 802.11x, tokenring, ?? On 12/2/06, Kamlesh Parmar [EMAIL PROTECTED] wrote: Am sorry, I didn't follow what you are asking.. could you be more specific. On 12/2/06, Al Mulnick [EMAIL PROTECTED] wrote: How are your clients connected? Site definitions? On 12/1/06, Kamlesh Parmar [EMAIL PROTECTED] wrote: Appreciate the efforts taken. AFAIK, this would be more of a DFS issue then authentication, as clients are pulling policies and files from PDCe. When I look into details of DFS link targets for sysvol or netlogon, PDCe is listed as distance 9th in the list of servers which clients should contact in case there primary link target failed. And this happens so randomly, from clients that I am not able to setup a network trace also. -- Kamlesh On 12/1/06, Thomas Michael Heß [EMAIL PROTECTED] wrote: Hi Kamlesh, first of all, iwould enable the logging of the Netlogon Service. I ve found an article in the WindowsITPro *The Netlogon service is one of the key Local Security Authority (LSA) processes that run on every Windows domain controller. When you troubleshoot authentication problems, analyzing the Netlogon service log files can be useful. How do I turn Netlogon service logging on and off, and how do I analyze the content of the Netlogon log files? * To turn on Netlogon service logging, type the following Nltest command at the command line: *nltest /dbflag:2080* Enabling Netlogon service logging requires that you restart the Netlogon service. To do so, use the Net Stop Netlogon and Net Start Netlogon commands. To disable netlogon service logging, type: *nltest /dbflag:0* Then, restart the Netlogon service again. The Netlogon service stores log data in a special log file called netlogon.log, in the %Windir%\debug folder. Two utilities are useful in querying the Netlogon log files: Nlparse.exe and Findstr.exe. Nlparse.exe is a GUI tool that comes with Microsoft Account Lockout tools. You can download Account Lockout tools for free from the Microsoft Web site as part of the Account Lockout and Management Tools ALTools.exe file at http://www.microsoft.com/downloads/details.aspx?FamilyID=7AF2E69C-91F3-4E63-8629-B999ADDE0B9Edisplaylang=en. Figure 1 http://www.winnetmag.com/Files/42850/Figure_01.gif shows the Nlparse GUI, which contains the most common Netlogon error codes and their meaning. Nlparse stores the output of its queries in two files in the %Windir%\debug folder: netlogon.log-out.scv and netlogon.log-summaryout.txt. *. . .* HtH Thomas -- *Von:* [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED] *Im Auftrag von *Kamlesh Parmar *Gesendet:* Donnerstag, 30. November 2006 20:51 *An:* ActiveDir@mail.activedir.org *Betreff:* [ActiveDir] Bulk of client going to PDC Hi Guys, We are facing some strange issue, randomly clients from some sites are going to PDCe for group policy refresh,along with screensaver and wallpaper stored in netlogon. Clients are ignoring their nearest DC, and approaching PDCe. All DCs : Win2k3 SP1 All Clients: XP SP2 I verified, 1) DNS entries for site DC are correct. 2) Netlogon and Sysvol folder of site DC are accessible. 3) Verified the clients are authenticating with site DC by : nltest.exe /sc_query:DOMAIN 4) Verified DFS info for netlogon and sysvol on clients is correct : dfsutil.exe /pktinfo I am clueless where else, should I look? -- Kamlesh ~ You teach best what you most need to learn. ~ -- ~ You teach best what you most need to learn. ~ -- ~ You teach best what you most need to learn. ~
Re: [ActiveDir] Bulk of client going to PDC
Yes checked the correct subnets are attached to correct sites. All clients are connected via Ethernet 100/Full Duplex. Its like mass exodus of swarm of computers, going to PDCe, and in turn choking the WAN links. It happened like once a day.. and everyday it would be random site. Have asked different site people to install netmon on some PCs and keep it running..on Monday..hoping that one of those sites.. and in them.. one of those PCs misbehaves. Anything else, I should look at? -- Kamlesh On 12/2/06, Al Mulnick [EMAIL PROTECTED] wrote: Site definitions - are your site definitions up to date? How are your clients connected - Are they ethernet, 802.11x, tokenring, ?? On 12/2/06, Kamlesh Parmar [EMAIL PROTECTED] wrote: Am sorry, I didn't follow what you are asking.. could you be more specific. On 12/2/06, Al Mulnick [EMAIL PROTECTED] wrote: How are your clients connected? Site definitions? On 12/1/06, Kamlesh Parmar [EMAIL PROTECTED] wrote: Appreciate the efforts taken. AFAIK, this would be more of a DFS issue then authentication, as clients are pulling policies and files from PDCe. When I look into details of DFS link targets for sysvol or netlogon, PDCe is listed as distance 9th in the list of servers which clients should contact in case there primary link target failed. And this happens so randomly, from clients that I am not able to setup a network trace also. -- Kamlesh On 12/1/06, Thomas Michael Heß [EMAIL PROTECTED] wrote: Hi Kamlesh, first of all, iwould enable the logging of the Netlogon Service. I ve found an article in the WindowsITPro *The Netlogon service is one of the key Local Security Authority (LSA) processes that run on every Windows domain controller. When you troubleshoot authentication problems, analyzing the Netlogon service log files can be useful. How do I turn Netlogon service logging on and off, and how do I analyze the content of the Netlogon log files? * To turn on Netlogon service logging, type the following Nltest command at the command line: *nltest /dbflag:2080* Enabling Netlogon service logging requires that you restart the Netlogon service. To do so, use the Net Stop Netlogon and Net Start Netlogon commands. To disable netlogon service logging, type: *nltest /dbflag:0* Then, restart the Netlogon service again. The Netlogon service stores log data in a special log file called netlogon.log, in the %Windir%\debug folder. Two utilities are useful in querying the Netlogon log files: Nlparse.exe and Findstr.exe. Nlparse.exe is a GUI tool that comes with Microsoft Account Lockout tools. You can download Account Lockout tools for free from the Microsoft Web site as part of the Account Lockout and Management Tools ALTools.exe file at http://www.microsoft.com/downloads/details.aspx?FamilyID=7AF2E69C-91F3-4E63-8629-B999ADDE0B9Edisplaylang=en. Figure 1 http://www.winnetmag.com/Files/42850/Figure_01.gif shows the Nlparse GUI, which contains the most common Netlogon error codes and their meaning. Nlparse stores the output of its queries in two files in the %Windir%\debug folder: netlogon.log-out.scv and netlogon.log-summaryout.txt. *. . .* HtH Thomas -- *Von:* [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED] * Im Auftrag von *Kamlesh Parmar *Gesendet:* Donnerstag, 30. November 2006 20:51 *An:* ActiveDir@mail.activedir.org *Betreff:* [ActiveDir] Bulk of client going to PDC Hi Guys, We are facing some strange issue, randomly clients from some sites are going to PDCe for group policy refresh,along with screensaver and wallpaper stored in netlogon. Clients are ignoring their nearest DC, and approaching PDCe. All DCs : Win2k3 SP1 All Clients: XP SP2 I verified, 1) DNS entries for site DC are correct. 2) Netlogon and Sysvol folder of site DC are accessible. 3) Verified the clients are authenticating with site DC by : nltest.exe /sc_query:DOMAIN 4) Verified DFS info for netlogon and sysvol on clients is correct : dfsutil.exe /pktinfo I am clueless where else, should I look? -- Kamlesh ~ You teach best what you most need to learn. ~ -- ~ You teach best what you most need to learn. ~ -- ~ You teach best what you most need to learn. ~ -- ~ You teach best what you most need to learn. ~
RE: [ActiveDir] Bulk of client going to PDC
I would recommend doing a trace of one of the problem clients logging on and watch the whole referral process, etc. Actually I would probably just turn on a sniffer and let it watch everything from one of those machines from boot up for some time so you catch refreshes and everything else. At least then you should be able to nail down whether the clients are being referred to something incorrectly or they are off making their own incorrect decisions. -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kamlesh Parmar Sent: Saturday, December 02, 2006 1:55 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Bulk of client going to PDC Yes checked the correct subnets are attached to correct sites. All clients are connected via Ethernet 100/Full Duplex. Its like mass exodus of swarm of computers, going to PDCe, and in turn choking the WAN links. It happened like once a day.. and everyday it would be random site. Have asked different site people to install netmon on some PCs and keep it running..on Monday..hoping that one of those sites.. and in them.. one of those PCs misbehaves. Anything else, I should look at? -- Kamlesh On 12/2/06, Al Mulnick [EMAIL PROTECTED] wrote: Site definitions - are your site definitions up to date? How are your clients connected - Are they ethernet, 802.11x, tokenring, ?? On 12/2/06, Kamlesh Parmar [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Am sorry, I didn't follow what you are asking.. could you be more specific. On 12/2/06, Al Mulnick [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: How are your clients connected? Site definitions? On 12/1/06, Kamlesh Parmar [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Appreciate the efforts taken. AFAIK, this would be more of a DFS issue then authentication, as clients are pulling policies and files from PDCe. When I look into details of DFS link targets for sysvol or netlogon, PDCe is listed as distance 9th in the list of servers which clients should contact in case there primary link target failed. And this happens so randomly, from clients that I am not able to setup a network trace also. -- Kamlesh On 12/1/06, Thomas Michael Heß [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Hi Kamlesh, first of all, iwould enable the logging of the Netlogon Service. I ve found an article in the WindowsITPro The Netlogon service is one of the key Local Security Authority (LSA) processes that run on every Windows domain controller. When you troubleshoot authentication problems, analyzing the Netlogon service log files can be useful. How do I turn Netlogon service logging on and off, and how do I analyze the content of the Netlogon log files? To turn on Netlogon service logging, type the following Nltest command at the command line: nltest /dbflag:2080 Enabling Netlogon service logging requires that you restart the Netlogon service. To do so, use the Net Stop Netlogon and Net Start Netlogon commands. To disable netlogon service logging, type: nltest /dbflag:0 Then, restart the Netlogon service again. The Netlogon service stores log data in a special log file called netlogon.log, in the %Windir%\debug folder. Two utilities are useful in querying the Netlogon log files: Nlparse.exe and Findstr.exe. Nlparse.exe is a GUI tool that comes with Microsoft Account Lockout tools. You can download Account Lockout tools for free from the Microsoft Web site as part of the Account Lockout and Management Tools ALTools.exe file at http://www.microsoft.com/downloads/details.aspx?FamilyID=7AF2E69C-91F3-4E63 -8629-B999ADDE0B9Edisplaylang=en http://www.microsoft.com/downloads/details.aspx?FamilyID=7AF2E69C-91F3-4E63- 8629-B999ADDE0B9Edisplaylang=en . http://www.winnetmag.com/Files/42850/Figure_01.gif Figure 1 shows the Nlparse GUI, which contains the most common Netlogon error codes and their meaning. Nlparse stores the output of its queries in two files in the %Windir%\debug folder: netlogon.log-out.scv and netlogon.log-summaryout.txt. . . . HtH Thomas _ Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Kamlesh Parmar Gesendet: Donnerstag, 30. November 2006 20:51 An: ActiveDir@mail.activedir.org Betreff: [ActiveDir] Bulk of client going to PDC Hi Guys, We are facing some strange issue, randomly clients from some sites are going to PDCe for group policy refresh,along with screensaver and wallpaper stored in netlogon. Clients are ignoring their nearest DC, and approaching PDCe. All DCs : Win2k3 SP1 All Clients: XP SP2 I verified, 1) DNS entries for site DC are correct. 2) Netlogon and Sysvol folder of site DC are accessible. 3) Verified the clients are authenticating with site DC by : nltest.exe /sc_query:DOMAIN 4) Verified DFS info for netlogon and sysvol on clients is correct : dfsutil.exe /pktinfo I am clueless
Re: [ActiveDir] Bulk of client going to PDC
on PDCe I am looking at sessions and open files in fsmgmt.msc, which lists down the client machines with IP, then I am verifying the site of each connecting IP using ATSN.exe from joeware. Also, our network team had complained that network link is getting choked, and as a proof gave list of source and destination IPs with ports. This list contains the remote site client IPs and PDCe IP communicating to each other. ~~ Kamlesh On 12/1/06, David Adner [EMAIL PROTECTED] wrote: How are you determining the clients are utilizing the PDCE for these activities? A network trace from the client may prove useful. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kamlesh Parmar Sent: Thursday, November 30, 2006 1:51 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Bulk of client going to PDC Hi Guys, We are facing some strange issue, randomly clients from some sites are going to PDCe for group policy refresh,along with screensaver and wallpaper stored in netlogon. Clients are ignoring their nearest DC, and approaching PDCe. All DCs : Win2k3 SP1 All Clients: XP SP2 I verified, 1) DNS entries for site DC are correct. 2) Netlogon and Sysvol folder of site DC are accessible. 3) Verified the clients are authenticating with site DC by : nltest.exe /sc_query:DOMAIN 4) Verified DFS info for netlogon and sysvol on clients is correct : dfsutil.exe /pktinfo I am clueless where else, should I look? -- Kamlesh ~ You teach best what you most need to learn. ~ -- ~ You teach best what you most need to learn. ~ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
Re: [ActiveDir] Bulk of client going to PDC
I checked the file version of dfssvc.exe and dfs.sys on my site DCs, they are higher than the one mentioned in the KB article. So point in looking at that fix. -- Kamlesh On 12/1/06, David Cliffe [EMAIL PROTECTED] wrote: Hi Kamlesh, I'm not necessarily recommending this as a fix, but wondering if you've seen it yet and if would apply? http://support.microsoft.com/kb/831201/en-us -DaveC -- *From:* [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED] *On Behalf Of *Kamlesh Parmar *Sent:* Thursday, November 30, 2006 2:51 PM *To:* ActiveDir@mail.activedir.org *Subject:* [ActiveDir] Bulk of client going to PDC Hi Guys, We are facing some strange issue, randomly clients from some sites are going to PDCe for group policy refresh,along with screensaver and wallpaper stored in netlogon. Clients are ignoring their nearest DC, and approaching PDCe. All DCs : Win2k3 SP1 All Clients: XP SP2 I verified, 1) DNS entries for site DC are correct. 2) Netlogon and Sysvol folder of site DC are accessible. 3) Verified the clients are authenticating with site DC by : nltest.exe /sc_query:DOMAIN 4) Verified DFS info for netlogon and sysvol on clients is correct : dfsutil.exe /pktinfo I am clueless where else, should I look? -- Kamlesh ~ You teach best what you most need to learn. ~ This email was sent to you by Reuters, the global news and information company. To find out more about Reuters visit www.about.reuters.com Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of Reuters Ltd. -- ~ You teach best what you most need to learn. ~
Re: [ActiveDir] Bulk of client going to PDC
Appreciate the efforts taken. AFAIK, this would be more of a DFS issue then authentication, as clients are pulling policies and files from PDCe. When I look into details of DFS link targets for sysvol or netlogon, PDCe is listed as distance 9th in the list of servers which clients should contact in case there primary link target failed. And this happens so randomly, from clients that I am not able to setup a network trace also. -- Kamlesh On 12/1/06, Thomas Michael Heß [EMAIL PROTECTED] wrote: Hi Kamlesh, first of all, iwould enable the logging of the Netlogon Service. I ve found an article in the WindowsITPro *The Netlogon service is one of the key Local Security Authority (LSA) processes that run on every Windows domain controller. When you troubleshoot authentication problems, analyzing the Netlogon service log files can be useful. How do I turn Netlogon service logging on and off, and how do I analyze the content of the Netlogon log files?* To turn on Netlogon service logging, type the following Nltest command at the command line: *nltest /dbflag:2080* Enabling Netlogon service logging requires that you restart the Netlogon service. To do so, use the Net Stop Netlogon and Net Start Netlogon commands. To disable netlogon service logging, type: *nltest /dbflag:0* Then, restart the Netlogon service again. The Netlogon service stores log data in a special log file called netlogon.log, in the %Windir%\debug folder. Two utilities are useful in querying the Netlogon log files: Nlparse.exeand Findstr.exe. Nlparse.exe is a GUI tool that comes with Microsoft Account Lockout tools. You can download Account Lockout tools for free from the Microsoft Web site as part of the Account Lockout and Management Tools ALTools.exe file at http://www.microsoft.com/downloads/details.aspx?FamilyID=7AF2E69C-91F3-4E63-8629-B999ADDE0B9Edisplaylang=en. Figure 1 http://www.winnetmag.com/Files/42850/Figure_01.gif shows the Nlparse GUI, which contains the most common Netlogon error codes and their meaning. Nlparse stores the output of its queries in two files in the %Windir%\debug folder: netlogon.log-out.scv and netlogon.log-summaryout.txt. *. . .* HtH Thomas -- *Von:* [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED] *Im Auftrag von *Kamlesh Parmar *Gesendet:* Donnerstag, 30. November 2006 20:51 *An:* ActiveDir@mail.activedir.org *Betreff:* [ActiveDir] Bulk of client going to PDC Hi Guys, We are facing some strange issue, randomly clients from some sites are going to PDCe for group policy refresh,along with screensaver and wallpaper stored in netlogon. Clients are ignoring their nearest DC, and approaching PDCe. All DCs : Win2k3 SP1 All Clients: XP SP2 I verified, 1) DNS entries for site DC are correct. 2) Netlogon and Sysvol folder of site DC are accessible. 3) Verified the clients are authenticating with site DC by : nltest.exe /sc_query:DOMAIN 4) Verified DFS info for netlogon and sysvol on clients is correct : dfsutil.exe /pktinfo I am clueless where else, should I look? -- Kamlesh ~ You teach best what you most need to learn. ~ -- ~ You teach best what you most need to learn. ~
RE: [ActiveDir] Bulk of client going to PDC
Understood :-) But what about the feature that can be used with the more recent versions? It's described at the bottom of the article (you'd have to modify the registry on each applicable DC). I wonder if that would help in your case? -DaveC From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kamlesh Parmar Sent: Friday, December 01, 2006 12:29 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Bulk of client going to PDC I checked the file version of dfssvc.exe and dfs.sys on my site DCs, they are higher than the one mentioned in the KB article. So point in looking at that fix. -- Kamlesh On 12/1/06, David Cliffe [EMAIL PROTECTED] wrote: Hi Kamlesh, I'm not necessarily recommending this as a fix, but wondering if you've seen it yet and if would apply? http://support.microsoft.com/kb/831201/en-us -DaveC From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED] On Behalf Of Kamlesh Parmar Sent: Thursday, November 30, 2006 2:51 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Bulk of client going to PDC Hi Guys, We are facing some strange issue, randomly clients from some sites are going to PDCe for group policy refresh,along with screensaver and wallpaper stored in netlogon. Clients are ignoring their nearest DC, and approaching PDCe. All DCs : Win2k3 SP1 All Clients: XP SP2 I verified, 1) DNS entries for site DC are correct. 2) Netlogon and Sysvol folder of site DC are accessible. 3) Verified the clients are authenticating with site DC by : nltest.exe /sc_query:DOMAIN 4) Verified DFS info for netlogon and sysvol on clients is correct : dfsutil.exe /pktinfo I am clueless where else, should I look? -- Kamlesh ~ You teach best what you most need to learn. ~ This email was sent to you by Reuters, the global news and information company. To find out more about Reuters visit www.about.reuters.com http://www.about.reuters.com/ Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of Reuters Ltd. -- ~ You teach best what you most need to learn. ~ This email was sent to you by Reuters, the global news and information company. To find out more about Reuters visit www.about.reuters.com Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of Reuters Ltd.
Re: [ActiveDir] Bulk of client going to PDC
How are your clients connected? Site definitions? On 12/1/06, Kamlesh Parmar [EMAIL PROTECTED] wrote: Appreciate the efforts taken. AFAIK, this would be more of a DFS issue then authentication, as clients are pulling policies and files from PDCe. When I look into details of DFS link targets for sysvol or netlogon, PDCe is listed as distance 9th in the list of servers which clients should contact in case there primary link target failed. And this happens so randomly, from clients that I am not able to setup a network trace also. -- Kamlesh On 12/1/06, Thomas Michael Heß [EMAIL PROTECTED] wrote: Hi Kamlesh, first of all, iwould enable the logging of the Netlogon Service. I ve found an article in the WindowsITPro *The Netlogon service is one of the key Local Security Authority (LSA) processes that run on every Windows domain controller. When you troubleshoot authentication problems, analyzing the Netlogon service log files can be useful. How do I turn Netlogon service logging on and off, and how do I analyze the content of the Netlogon log files? * To turn on Netlogon service logging, type the following Nltest command at the command line: *nltest /dbflag:2080* Enabling Netlogon service logging requires that you restart the Netlogon service. To do so, use the Net Stop Netlogon and Net Start Netlogon commands. To disable netlogon service logging, type: *nltest /dbflag:0* Then, restart the Netlogon service again. The Netlogon service stores log data in a special log file called netlogon.log, in the %Windir%\debug folder. Two utilities are useful in querying the Netlogon log files: Nlparse.exeand Findstr.exe. Nlparse.exe is a GUI tool that comes with Microsoft Account Lockout tools. You can download Account Lockout tools for free from the Microsoft Web site as part of the Account Lockout and Management Tools ALTools.exe file at http://www.microsoft.com/downloads/details.aspx?FamilyID=7AF2E69C-91F3-4E63-8629-B999ADDE0B9Edisplaylang=en. Figure 1 http://www.winnetmag.com/Files/42850/Figure_01.gif shows the Nlparse GUI, which contains the most common Netlogon error codes and their meaning. Nlparse stores the output of its queries in two files in the %Windir%\debug folder: netlogon.log-out.scv and netlogon.log-summaryout.txt. *. . .* HtH Thomas -- *Von:* [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED] *Im Auftrag von *Kamlesh Parmar *Gesendet:* Donnerstag, 30. November 2006 20:51 *An:* ActiveDir@mail.activedir.org *Betreff:* [ActiveDir] Bulk of client going to PDC Hi Guys, We are facing some strange issue, randomly clients from some sites are going to PDCe for group policy refresh,along with screensaver and wallpaper stored in netlogon. Clients are ignoring their nearest DC, and approaching PDCe. All DCs : Win2k3 SP1 All Clients: XP SP2 I verified, 1) DNS entries for site DC are correct. 2) Netlogon and Sysvol folder of site DC are accessible. 3) Verified the clients are authenticating with site DC by : nltest.exe /sc_query:DOMAIN 4) Verified DFS info for netlogon and sysvol on clients is correct : dfsutil.exe /pktinfo I am clueless where else, should I look? -- Kamlesh ~ You teach best what you most need to learn. ~ -- ~ You teach best what you most need to learn. ~
RE: [ActiveDir] Bulk of client going to PDC
How are you determining the clients are utilizing the PDCE for these activities? A network trace from the client may prove useful. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kamlesh Parmar Sent: Thursday, November 30, 2006 1:51 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Bulk of client going to PDC Hi Guys, We are facing some strange issue, randomly clients from some sites are going to PDCe for group policy refresh,along with screensaver and wallpaper stored in netlogon. Clients are ignoring their nearest DC, and approaching PDCe. All DCs : Win2k3 SP1 All Clients: XP SP2 I verified, 1) DNS entries for site DC are correct. 2) Netlogon and Sysvol folder of site DC are accessible. 3) Verified the clients are authenticating with site DC by : nltest.exe /sc_query:DOMAIN 4) Verified DFS info for netlogon and sysvol on clients is correct : dfsutil.exe /pktinfo I am clueless where else, should I look? -- Kamlesh ~ You teach best what you most need to learn. ~
RE: [ActiveDir] Bulk of client going to PDC
Hi Kamlesh, I'm not necessarily recommending this as a fix, but wondering if you've seen it yet and if would apply? http://support.microsoft.com/kb/831201/en-us -DaveC From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kamlesh Parmar Sent: Thursday, November 30, 2006 2:51 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Bulk of client going to PDC Hi Guys, We are facing some strange issue, randomly clients from some sites are going to PDCe for group policy refresh,along with screensaver and wallpaper stored in netlogon. Clients are ignoring their nearest DC, and approaching PDCe. All DCs : Win2k3 SP1 All Clients: XP SP2 I verified, 1) DNS entries for site DC are correct. 2) Netlogon and Sysvol folder of site DC are accessible. 3) Verified the clients are authenticating with site DC by : nltest.exe /sc_query:DOMAIN 4) Verified DFS info for netlogon and sysvol on clients is correct : dfsutil.exe /pktinfo I am clueless where else, should I look? -- Kamlesh ~ You teach best what you most need to learn. ~ This email was sent to you by Reuters, the global news and information company. To find out more about Reuters visit www.about.reuters.com Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of Reuters Ltd.
