Pulling my hair out - HELP!!
I have a weird problem that I've been pulling my hair out for 3 days now – one of our remote sites, and JUST this site has authentication issues when the user attempts to log in to the network, it takes around 15 minutes minimum, and then the desktop loads up. When the desktop is loaded, the LAN shows as (unauthenticated). Here is what I've done to troubleshoot the issue, or find what’s going on but to no avail at the moment: -
General Investigation / Troubleshoot
• Restarted router at site (/24 IP Subnet)
• Can ping the DC, other servers by FQDN and via IP
• Can ping other routers located in other sites – can also ping the machine from the server once booted and got IP address (by machine name)
• Gets DHCP from server along with DNS details (IPConfig/all)
• Tried giving it static details and tried again – Also just static DNS (both DHCP and static can ping server and back via FQDN and NSLookup queries)
• Can gain access to network shares when I browse via \\servername\folder (local account)
• IPConfig/release, IPConfig/Renew, IPConfig/flushdns, IPConfig/registerdns
• All client machine services are running normal and fine (DHCP, DNS, Netlogon as obvious services I checked)
• All machines can get out to the Internet no problem
• Taken one existing machine out of domain, added to workgroup and try re-adding machine to domain (hangs for 10 minutes and comes up domain name listed is no longer available)
• Re imaged one machine at site via Acronis, and when attempted to add machine to domain via domain credentials, it still hangs for around 10 minutes and comes back with ‘The Domain listed is no longer available’ even though I can ping the servers via FQDN and vice versa, but I can’t still add this machine to the domain after re imaging.
• After discussion with our network guru, we reverted back to an old config on the routers and still does exactly the same
• Took off all group policies on the server so the OU which the computers are in have no binding policies to them (just in case it was GP that was affecting the logon times), don’t think it can be as joining a machine to the domain struggles and doesn't confirm joining so I can’t imagine this being GP related, but not binding policies at the moment anyway!
• When I take my laptop to the site, and I plug in using the Ethernet lead from one of the machines, I’m able to authenticate fine with domain user account (existing and new accounts), and domain admins account as normal.
• When I try to log at the site machines using my domain user account, it does the same for the normal users and I see a ‘Welcome’ message for around 15 minutes minimum and then logs in and LAN show (unauthenticated).
• Logging in as a local account sees the LAN as normal (domain name and Internet access)
What I’m going to do today anyway is take a normal workstation laptop to the site and see if I can add this particular workstation to the domain, log in with normal user credentials from the site and see how I get on. From this I can only think of 3 things: -
• Machine not authenticated to the domain
• LDAP requests / directory services it can’t see or talk to
I confirmed with our network guy that router can definitely perform LDAP requests on port 389 and the config is the same on other sites where it works fine no problem – it just seems because whatever reason it is, it's logging in unauthenticated and therefore it can’t perform any LDAP requests / directory services including finding the user's mailbox via Outlook. That’s why I thought I reimage one machine just in case there was anything lingering around but struggles to join machine to domain (hangs and error message).
Any other ideas? Lol.