none
Some Login Problems

    Question

  • Hi! I'm new here, hope you can help me!

    I have a problem with my AD or something is wrong. When some users type theirs passwords, in some cases, the logon screen freezes for some seconds, and then the error appears saying "Username or password is wrong".

    It is not a big problem, but every day in the last days more and more users have this problem. What can I do?

    Mark.-

    Thursday, September 13, 2012 4:29 AM

Answers

  • Hi Mark! and Welcome! :-)

    In Active Directory you will find 5 FSMO (Flexible Single Master Operations). 1 of them, called "PDC Emulator", have some responsibilities. One of them is that if a logon authentication fails (due a bad password) when a PC wants to authenticate into the Domain, this DC will forward the authentication request to the DC where the PDC emulator is holding, to validate the request against the most current password (because maybe the user change it few minutes ago). If the PDC reports an invalid password to the original DC, the DC will send back a bad password failure message to the user (http://msdn.microsoft.com/en-us/library/cc223752(v=prot.13).aspx).

    If for any reason the DC that hold the PDC Emulator is power off or with a problem, you can experiment these problems, and (for example) problems with Accounts Lockout and time sincronization between DCs.

    For this reason, please check where are your PDC Emulator into your AD. To do it, you can run the following command into a CMD:

    netdom query fsmo

    You must read the line "PDC". And then, please, check that this DC is ok (check the Event Viewer, connectivity, etc).

    If it did not help you, please post here and we will try to help you. Some questions:

    1) How many DCs have you got?
    2) The problem appear only when a user type a wrong password?
    3) Is there some change in your AD in the last days?

    Regards!!


    Pablo Ariel Di Loreto
    IT Consultant

    This posting is provided "AS IS" with no warranties and confers no rights! Always test ANY suggestion in a test environment before implementing!

    Thursday, September 13, 2012 4:48 AM

All replies

  • Hi Mark! and Welcome! :-)

    In Active Directory you will find 5 FSMO (Flexible Single Master Operations). 1 of them, called "PDC Emulator", have some responsibilities. One of them is that if a logon authentication fails (due a bad password) when a PC wants to authenticate into the Domain, this DC will forward the authentication request to the DC where the PDC emulator is holding, to validate the request against the most current password (because maybe the user change it few minutes ago). If the PDC reports an invalid password to the original DC, the DC will send back a bad password failure message to the user (http://msdn.microsoft.com/en-us/library/cc223752(v=prot.13).aspx).

    If for any reason the DC that hold the PDC Emulator is power off or with a problem, you can experiment these problems, and (for example) problems with Accounts Lockout and time sincronization between DCs.

    For this reason, please check where are your PDC Emulator into your AD. To do it, you can run the following command into a CMD:

    netdom query fsmo

    You must read the line "PDC". And then, please, check that this DC is ok (check the Event Viewer, connectivity, etc).

    If it did not help you, please post here and we will try to help you. Some questions:

    1) How many DCs have you got?
    2) The problem appear only when a user type a wrong password?
    3) Is there some change in your AD in the last days?

    Regards!!


    Pablo Ariel Di Loreto
    IT Consultant

    This posting is provided "AS IS" with no warranties and confers no rights! Always test ANY suggestion in a test environment before implementing!

    Thursday, September 13, 2012 4:48 AM
  • To start with I would recommend to check the dns setting on both DC and client.Also verify the health of DC by running dcdiag /q and repadmin /replsum and post the log if error is reported.
    http://abhijitw.wordpress.com/2012/03/03/best-practices-for-dns-client-settings-on-domain-controller/

    Most of the time if it is Win7 client PC you need to select the correct domain name to login domainame\userid.If the domain name is incorrect while login you may recieve Username or password is wrong even if the user is entering correct credentials.

    As Pablo Di Loreto suggest please let us know how many dc you have,what is the client OS version.Post the ipconfig /all details of DC,client.Also post the dcdiag /q and repadmin /replsum output.

    If you have multiple DC ensure that DNS/GC role is configured on all DC.

    Hope this helps


    Best Regards,

    Sandesh Dubey.

    MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator | My Blog

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Thursday, September 13, 2012 5:58 AM
  • Hello,

    please assure all DCs are up and running and that all domain machines use ONLY the domain DNS servers on the NIC. Please post an unedited ipconfig /all from the DC/DNS server and a client with problems.

    Please run "netdom query fsmo" and check that all DCs exist, here especially the PDCEmulator, and the DCs are up and running.


    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    Thursday, September 13, 2012 7:13 AM
  • Hi! I'm new here, hope you can help me!

    I have a problem with my AD or something is wrong. When some users type theirs passwords, in some cases, the logon screen freezes for some seconds, and then the error appears saying "Username or password is wrong".

    It is not a big problem, but every day in the last days more and more users have this problem. What can I do?

    Mark.-

    If it only happens during entering the password then it can be DNS misconfiguration or network to system issues. It may or may not be necessarily a active directory issue because the same problem can be seen during memory leak even where system gets frequently freezes.

    The first thing i would do is try to verify its a system issue or something else using fresh system w/o any apps on it,antivirus & also disable windows firewall service temporarily. This way you can identify where the issue are & accordingly move to DNS->ADD->etc.

    Make sure system is updated with latest hardware drivers,patches,services packs etc.


    Awinish Vishwakarma - MVP

    My Blog: awinish.wordpress.com

    Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    Thursday, September 13, 2012 9:10 AM
    Moderator
  • Hi Pablo!

    I have 2 DCs, and I checked the PDC with netdom query fsmo. The result was "srv-dc1". I rebooted "srv-dc1" because it had connectivity problems (as you said!!). Now, when I enter a bad password, the error appears immediately.

    Just in case, I rebooted the other DC ("srv-dc3).

    Thank you very much Pablo!

    Thursday, September 13, 2012 11:44 AM
  • Thank you Sandesh!
    Thursday, September 13, 2012 11:44 AM
  • Thank you! I had problems with 1 DC!
    Thursday, September 13, 2012 11:45 AM
  • Thank you Awinish! Pablo's answers is right for me, but I will check DNS configuration.
    Thursday, September 13, 2012 11:46 AM