This may not be as big a concern as you fear. When a machine tries to
authenticate to your domain it'll take whomever responds first with the
correct credentials. The fact that one of your BDCs is responding is a good
thing! It's helping distribute the load off of your PDC.

Our PDC is also our virus distribution server, our time synchronization
server, the primary file & print server, and the backup server. It's pretty
busy =) Our BDC pretty much sits idle. So, the fact that it's responding
to network login requests is understandable. It's not that your PDC doesn't
want to; maybe it's just too busy and the BDC is beating it to the punch.

Bill Mote

-----Original Message-----
From: Evan Mann [mailto:emannquestinc.org]
Sent: Wednesday, December 26, 2001 3:10 PM
To: focus-mssecurityfocus.com
Subject: domain authentication

Today I noticed a potentially large problem. My network is a hybrid with an
NT4.0 SP6a PDC and 8 NT4.0 SP6a BDCs as well as a # of Win2000 Servers just
as members to the network. 95% of my workstation are Windows 2000 Pro SP2
and this issue concerns the Win2000 computers.

It appears that not one single Windows 2000 machine on my network is
actually authenticating on the domain with the PDC . I've checked a dozen
machines and so far every one of them has a LOGONSERVER that was a BDC, and
it seems to always vary as to which BDC that is.

I've searched the KB about this and can't come up with anything that seems
to address this issue, only an issue of Win2000 machines still hitting BDC's
have a PDC has been upgaded to Win2000 Server, which is not the case here.

I'm worried this may cause problems when we do kick our PDC to Win2000
Server+AD in the next few months and would like to at least resolve the
issue while I'm on NT4 and get my workstations actually authenticating with
the PDC.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]