General discussion

Locked

Clients can't validate to BDC????

By MCSE75 ·
I am having a bit of an issue with my BDC validating user logons.

My site configuration is as follows.

Single domain PDC and Exchange server in 1 location, BDC, SQL, IIS, NT4.0 dev and WIN2K Development servers in 2nd location connected via 1.5mbps T1 vpn.

Problem:

all clients in location 2 don't validate to local BDC, they validate to PDC across WAN link, unless netlogon service on PDC is stopped, then they will log in to BDC.

I have tried using an lmhosts file, but this does not work. BDC and member server resources are available after logon.

just a thought!!! Is there a way to disable netlogon service on PDC only for clients in location 2???

Any help will be appreciated

This conversation is currently closed to new comments.

16 total posts (Page 2 of 2)   Prev   01 | 02
Thread display: Collapse - | Expand +

All Comments

Collapse -

Clients can't validate to BDC????

by termiNaTor In reply to Clients can't validate to ...

I think what you need is force your clients to log on your PDC so , best way is make sure they run the logon script from your BDC, so go to user manager for domain, pick a user on your brank domain and under logon sript, change the path to you BDCserver netlgon share and it would do the trick

How are your clients logging on your network?

Make sure the sript is running on the BDC,

R u sure your BDC netlogon service is not too busy too validate users?


Good luck

Collapse -

Clients can't validate to BDC????

by MCSE75 In reply to Clients can't validate to ...
Collapse -

Clients can't validate to BDC????

by wayne.maples In reply to Clients can't validate to ...

Available as a hotfix utility after SP3 and included in SP4 and later, SetPrfDC.exe allows you to control the order the workstation (or server) attempts to establish a secure channel connection for login. Normally NT makes a secure channel connection with the first domain control in its domain which responds. This is a race condition. Normally this is the closest domain controller but should the closest be busy momentarily, a remote BDC across a WAN connection could answer first. When this happens, the login process is slow. In some cases VERY slow. SP3 added the ability to direct the NETLOGON process to a preferred DC for the secure channel. SetPrfDC.exe is a commandline utility you can set in the user profile. The syntax is:

SETPRFDCDomain ListOfDCsInOrderofPreference(DC1,DC2,DC3,...)

Example:

setprfdc accntdom accsanfran1,accsanfran2,acclosang1

....
taken from my tip:
http://is-it-true.org/nt/atips/atips236.shtml

Windows NT's SetPrfDC controls login domain controller in WAN environ

Collapse -

Clients can't validate to BDC????

by MCSE75 In reply to Clients can't validate to ...
Collapse -

Clients can't validate to BDC????

by sbolton4211 In reply to Clients can't validate to ...

you really did not get into the configuration of your wan or lan. Is there a router hop count issue to contend with? Just because the BDC is on the client side of the wan link does not mean it is the shortest hop count, therefore the pdc could be getting the request and responding quicker then the bdc.

Also, client os may make a difference. Someone correct me if i am wrong, but i believe NTWS establishes a channel connection to the pdc.

Collapse -

Clients can't validate to BDC????

by MCSE75 In reply to Clients can't validate to ...
Back to Windows Forum
16 total posts (Page 2 of 2)   Prev   01 | 02

Related Discussions

Related Forums