Domain login taking loads of attempts

What was the actual error you were getting on the client when they couldn't log in?

I'd say the issue is with one DC but DCDIAG would normally pick something up. When it happens again just shut down the DC that doesn't hold the FSMOs and see if the user can then log on.

Also make sure Sites and Services is set up correctly. Are users always logging in from the same site (same subnet)?
 
If dcdiag and repadmin are reporting that your dc's are healthy, I'd just get them replaced with 2008 R2 or 2012 R2 dc's pronto.

It's only a 30 minute job.
 
For the record it was the issue I described above and the registry change seems to have cured it.

The 7 client is attempting to use AES encryption but the 2003DC doesn't support it. For whatever reason, sometimes it fails to fall-back to a supported encryption type and the authentication fails. The registry change fixes the issue.

It does seem to be only one of the DCs and only some machines at some times. It's bizarre. None of my checks have revealed any issues with this DC.
 
Sounds like you have/had a 2012 R2 DC in the mix? Any 2012 R2 DCs in an environment with 2003 DCs need to have a KB applied to them before they are promoted to DC or this issue occurs. This issue goes away once you demote the final 2003 DC.
 
You must log in or register to reply here.
Back
Top Bottom