General discussion

Locked

Domain authentication w/ only BDCs

By ktamayo ·
I attempted to upgrade our corporate domain to Windows 2000 earlier (it failed for reasons not pertinent to this question). We had 1 PDC (the one being upgraded, obviously) and 2 BDCs on the network. One of the BDCs was taken offline in order to be able to roll back to NT if need be.

During the upgrade process (keep in mind only one BDC is now servicing authentication requests), some users were not able to log in to the domain, receiving the error that a domain controller could not be contacted. Is it possible these computers are trying to establish a secure channel with one of the domain controllers that was no longer online? Is there something I need to do on the domain or the client computers themselves in order to 'force' them to use this BDC for authentication?

Again, this happened on some workstations and not others. There didn't seem to be any particular patterns (i.e. particular OSes, specific IPs, etc.)

This conversation is currently closed to new comments.

4 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Domain authentication w/ only BDCs

by Davis, Gary In reply to Domain authentication w/ ...

You need to upgrade the BDC to a PDC. You do this in server manager. We had a similar situstion and this solved it

Collapse -

Domain authentication w/ only BDCs

by komara69 In reply to Domain authentication w/ ...

YOu dont upgrade from PDC to BDC. What you do is promote BDC to PDC. That all you need.

Collapse -

Domain authentication w/ only BDCs

by @lberto In reply to Domain authentication w/ ...

Hello there,

What I would do is:

.- Disconnect the damaged PDC (DC on W2K) of the network
.- Remove the connected BDC on the network as well
.- attached the BCD that was not connected to the network when you tried to upgrade to W2K.
.- run DCPromo from the BDC, that will make it PDC
.- Attached the old (damaged) PDC, re-install it and make it BDC
the same as the old BDC (Damaged as well)
when all of them are sincronized again then disconnect the current PDC and bring the actuall BDCas PCT (DCPROMO again), then you will have your old working situation.

If you get lost please email me back

Good luck,
@lberto

Collapse -

Domain authentication w/ only BDCs

by Woody H In reply to Domain authentication w/ ...

There is no need to upgrade your BDC to a PDC. You could have 2 issues going on here.

First issue is it could be that the BDC is too busy to answer logon/authentication requests. This could happen is alot of users are trying to logon at the same time. Try having only a few at a time logon and see if that solves your problem.

Second issue could be that the pcs just aren't finding the BDC. You can fix this 2 ways. First way you can use the SETPRFDC command to tell the pc which dc to authenticate to. Ex: setprfdc DOMAIN BDCNAME (ie. setprfdc mydoman primary-bdc) It should tell you that primary-bdc is now the preferred domain controller for the mydomain domain. Second way to fix this is using the LMHOST.sam file. You can tell itwhich bdc to try first, also you can tell it to "preload" the one you want them to authenticate to first, so its the first that is tried. Ex.

xxx.xxx.xxx.xxx primary-bdc #PRE #DOM

#PRE preloads it on bootup, and #DOM sets it as the first bdc in the domain to attempt to authenticate to.

I hope this helps you out. If you have any questions on what I have said here, feel free to email me or ask in here.

Repectfully,
Woody

Back to Windows Forum
4 total posts (Page 1 of 1)  

Related Discussions

Related Forums