Well since I rebooted the servers I havn't had any more reports of login script errors, but I'm still seeing errors in client event logs along with a new one:
And also a new one on the PDC:
No Domain Controller is available for domain STOWMARKETM due to the following:
There are currently no logon servers available to service the logon request. .
Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
I've run dcdiag /test:dns for each DC and they both pass, I've done an nslookup of ff31245a-8c0f-433c-baca-0cfc893f855f._msdcs.stowmarketmiddle.suffolk.sch.u k from all 4 DNS IP's, all return
Active Directory could not resolve the following DNS host name of the source domain controller to an IP address. This error prevents additions, deletions and changes in Active Directory from replicating between one or more domain controllers in the forest. Security groups, group policy, users and computers and their passwords will be inconsistent between domain controllers until this error is resolved, potentially affecting logon authentication and access to network resources.
Source domain controller:
Failing DNS host name:
NOTE: By default, only up to 10 DNS failures are shown for any given 12 hour period, even if more than 10 failures occur. To log all individual failure events, set the following diagnostics registry value to 1:
HKLM\System\CurrentControlSet\Services\NTDS\Diagnostics\22 DS RPC Client
1) If the source domain controller is no longer functioning or its operating system has been reinstalled with a different computer name or NTDSDSA object GUID, remove the source domain controller's metadata with ntdsutil.exe, using the steps outlined in MSKB article 216498.
2) Confirm that the source domain controller is running Active directory and is accessible on the network by typing "net view \\<source DC name>" or "ping <source DC name>".
3) Verify that the source domain controller is using a valid DNS server for DNS services, and that the source domain controller's host record and CNAME record are correctly registered, using the DNS Enhanced version of DCDIAG.EXE available on http://www.microsoft.com/dns
4) Verify that that this destination domain controller is using a valid DNS server for DNS services, by running the DNS Enhanced version of DCDIAG.EXE command on the console of the destination domain controller, as follows:
5) For further analysis of DNS error failures see KB 824449:
11004 The requested name is valid, but no data of the requested type was found.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
net view \\thor, net view \\odin, all work.
Addresses: 10.169.194.106, 10.163.4.106
Just to add to my confusion, we're now getting a very odd problem. User logs on with no errors, opens mapped network drive and gets asked to reauthenticate, and the authentication dialog always has the same user listed regardless of what user account and machine is being used (even machines they've never used). I've no idea if it's related, but it's confusing the hell out of me.