+ Post New Thread
Results 1 to 4 of 4
Windows Thread, Pulling my hair out - HELP!! in Technical; ...
  1. #1

    Join Date
    Jan 2011
    Location
    Manchester
    Posts
    104
    Thank Post
    21
    Thanked 4 Times in 4 Posts
    Rep Power
    8

    Pulling my hair out - HELP!!

    I have a weird problem that I've been pulling my hair out for 3 days now – one of our remote sites, and JUST this site has authentication issues when the user attempts to log in to the network, it takes around 15 minutes minimum, and then the desktop loads up. When the desktop is loaded, the LAN shows as (unauthenticated). Here is what I've done to troubleshoot the issue, or find what’s going on but to no avail at the moment: -

    General Investigation / Troubleshoot

    • Restarted router at site (/24 IP Subnet)
    • Can ping the DC, other servers by FQDN and via IP
    • Can ping other routers located in other sites – can also ping the machine from the server once booted and got IP address (by machine name)
    • Gets DHCP from server along with DNS details (IPConfig/all)
    • Tried giving it static details and tried again – Also just static DNS (both DHCP and static can ping server and back via FQDN and NSLookup queries)
    • Can gain access to network shares when I browse via \\servername\folder (local account)
    • IPConfig/release, IPConfig/Renew, IPConfig/flushdns, IPConfig/registerdns
    • All client machine services are running normal and fine (DHCP, DNS, Netlogon as obvious services I checked)
    • All machines can get out to the Internet no problem
    • Taken one existing machine out of domain, added to workgroup and try re-adding machine to domain (hangs for 10 minutes and comes up domain name listed is no longer available)

    Other things

    • Re imaged one machine at site via Acronis, and when attempted to add machine to domain via domain credentials, it still hangs for around 10 minutes and comes back with ‘The Domain listed is no longer available’ even though I can ping the servers via FQDN and vice versa, but I can’t still add this machine to the domain after re imaging.
    • After discussion with our network guru, we reverted back to an old config on the routers and still does exactly the same
    • Took off all group policies on the server so the OU which the computers are in have no binding policies to them (just in case it was GP that was affecting the logon times), don’t think it can be as joining a machine to the domain struggles and doesn't confirm joining so I can’t imagine this being GP related, but not binding policies at the moment anyway!

    What’s weird?

    • When I take my laptop to the site, and I plug in using the Ethernet lead from one of the machines, I’m able to authenticate fine with domain user account (existing and new accounts), and domain admins account as normal.
    • When I try to log at the site machines using my domain user account, it does the same for the normal users and I see a ‘Welcome’ message for around 15 minutes minimum and then logs in and LAN show (unauthenticated).
    • Logging in as a local account sees the LAN as normal (domain name and Internet access)

    What I’m going to do today anyway is take a normal workstation laptop to the site and see if I can add this particular workstation to the domain, log in with normal user credentials from the site and see how I get on. From this I can only think of 3 things: -

    • Machine not authenticated to the domain
    • LDAP requests / directory services it can’t see or talk to

    I confirmed with our network guy that router can definitely perform LDAP requests on port 389 and the config is the same on other sites where it works fine no problem – it just seems because whatever reason it is, it's logging in unauthenticated and therefore it can’t perform any LDAP requests / directory services including finding the user's mailbox via Outlook. That’s why I thought I reimage one machine just in case there was anything lingering around but struggles to join machine to domain (hangs and error message).

    Any other ideas? Lol.

  2. #2

    Join Date
    Jan 2011
    Location
    Manchester
    Posts
    104
    Thank Post
    21
    Thanked 4 Times in 4 Posts
    Rep Power
    8
    Also on top of that, there's nothing showing in the client logs, when GP policies were binding to the OU, it came up unable to apply policies but can see the SYSVOL folder when attempting to contact the server to apply the policies.

  3. #3
    JoeBloggs's Avatar
    Join Date
    Jun 2010
    Location
    Manchester
    Posts
    558
    Thank Post
    170
    Thanked 78 Times in 55 Posts
    Rep Power
    36
    I would try taking the desktop off the domain and add to a work group. Look in AD for the computer name and delete. Rename the desktop something different. Put back on the domain and try again.

  4. #4

    Join Date
    Jan 2011
    Location
    Manchester
    Posts
    104
    Thank Post
    21
    Thanked 4 Times in 4 Posts
    Rep Power
    8
    Hi,

    I have done this and fails to find the DC and the machine can't re-join the domain. Looked at the netlogon logs and states there has been logons to this domain that's not in a designated IP subnet but these are setup correctly on Sites and Services.

    I've removed the IP Subnet for the site, and re-created it and assigned it to DC01 but same thing happens. Performed Wireshark at the site and another site which logs on as normal and there are plenty of LDAP requests trying to send to the server but can't find the DC on the slow site, whereas other sites picks up requests, finds the DC and logs on.

    We've reloaded the config on the router, even rolled back a previous firmware (Cisco 877) and no success. As mentioned above it get DHCP and the relevant scope options, is able to update DNS records on the database (tested by registering and clearing old records), just problems with LDAP/contacting the DC for authentication.

    Restarted the DC as well but to no avail.

    Beginning to scratch my head on this one - any other ideas?

    Thanks.
    Mo



SHARE:
+ Post New Thread

Similar Threads

  1. Date? String? Pulling my hair out here! Help!
    By FragglePete in forum Web Development
    Replies: 18
    Last Post: 13th July 2013, 08:38 PM
  2. FTP - Pulling my Hair Out!
    By techyphil in forum Internet Related/Filtering/Firewall
    Replies: 17
    Last Post: 20th May 2011, 01:21 PM
  3. Pulling my hair out - cannot access port on server
    By JPS in forum Internet Related/Filtering/Firewall
    Replies: 8
    Last Post: 14th December 2010, 05:33 PM
  4. Frog - Slow ! Pulling my hair out
    By FragglePete in forum Virtual Learning Platforms
    Replies: 21
    Last Post: 20th September 2010, 08:58 PM
  5. Help needed (before I pull my hair out :) )
    By Talorin in forum General Chat
    Replies: 13
    Last Post: 29th June 2009, 10:26 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •