General discussion

Locked

Child Domain Request Logon

By SpookyGreenway ·
Hi everybody,

I am having problems communicating with the PDC of a child domain. If I try to access from a client workstation to w2k AD server though a network mapping like \\adbsrv1\downloads I recive a logon scream, even if I introduce the administrator account it denies access. In the event viewer I get the following event.

Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event I 40960
Computer: Abcw1
Description:
The Security System detected an attempted downgrade attack for server cifs/Abcsrv1. The failure code from authentication protocol Kerberos was "There are currently no logon servers available to service the logon request.
(0xc000005e)".

If I substitute the server name for the IP address of the server in the mapping \\192.168.1.1\downloads it work fine, I have checked the trust relationship between the two domains and it work?s, the users of the child domain can see all the servers of the parent domain with out a problem. Can any one help me.

This conversation is currently closed to new comments.

8 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by BFilmFan In reply to Child Domain Request Logo ...

From the ROOT PDC Emulator, go to Users and Computers. Browse to the child domain. Right click and choose Operations Masters. See if the domain controller that you think is the PDCE for the child domain really is.

Have you used NETDOM to resynch the secure channel between the 2 domains?

You said that if you use the IP address instead of the server name, it resolves. What if you use the Fully Qualified Domain Name Abcsrv1.mydomain.mycompany.com? (Put your AD internal space in there). If not, that could be DNS issue.

If you run the command REPADMIN /SHOWREPS are you seeing errors?

Run a DCDIAG also.

You can download those tools from the Windows 2000 Resource Kit from Microsoft.

Collapse -

by SpookyGreenway In reply to

Thank you for your help, it has helped me solved the problem.

Collapse -

by SpookyGreenway In reply to Child Domain Request Logo ...

First of all Thank you BFilmFan,

1. It shows up as the PDCE of the child domain.
2. The FQDN does not work.
3. Repadmin /showreps shows that the Replication is working
fine.
4. Secure channel is working
5. All test are passed with DCDIAG
6. I can ping the server with out a problem "FQDN, NetBios, IP"

If it's DNS what could it be? I have also run netdiag on all server, all records show up in DNS

Collapse -

by BFilmFan In reply to Child Domain Request Logo ...

IF the FQDN is not working, then it is definetely DNS.

When you do a PING -a (Server IP address), what are you seeing back?

I am thinking you may want to run the commands:

NBTSTAT -RR
IPCONFIG /REFRESHDNS

Is this a peer-root child domain?
Which server is holding the SOA for the zone?

Collapse -

by SpookyGreenway In reply to

Thank you for your help, it has helped me solved the problem.

Collapse -

by SpookyGreenway In reply to Child Domain Request Logo ...

1. When I Ping using the -a it displays the FQDN and the IP address and it replays

2. I have also run the two commands nbtstat -RR and ipconfig /registerdns No error occurred.

3. What's Peer-Root??? It's Child Domain in the same location, same IP range no routers between them, and with transitive trust.

4. DNS was configured thought dcpromo.

5. If it's DNS what could it be??

I' am very grateful

Collapse -

by SpookyGreenway In reply to Child Domain Request Logo ...

The problem was a porly configured DNS. Thank you for your Help.

Collapse -

by SpookyGreenway In reply to Child Domain Request Logo ...

This question was closed by the author

Back to Windows Forum
8 total posts (Page 1 of 1)  

Related Discussions

Related Forums