locked
WSS 3 stops authenticating when domain controller is down RRS feed

  • Question

  • I've got an old and small WSS 3.0 install, and I have one domain controller it seems to be married to.  If I reboot that domain controller, or have it down for maintenance, Shareporint WSS won't authenticate. I'm using NTLM with pass through and it works just fine.

    If I take the DC down and restart the WWW Publishing service on this box, I get Service Unavailable until I bright that DC back up and restart the WWW Publishing Service again.

    How can I break up this dependency? I have other DCs in the same subnet, multiple Global Catalogs in fact, and I'm missing how this is happening. Any advice from the gurus out there?  We'll look at MOSS 2010 later when I have time.  

    - Vo

    Tuesday, April 17, 2012 9:40 PM

Answers

  • Hi,

    NTLM requires a domain controller that is able to authenticate users. If the domain is operating in native mode, by default a global catalog is required on the domain controller or on another server.

    Please make sure you have enable GC role on other DC, and make sure your WSS server can find an available GC through DNS.

    For more information about authentication and SharePoint, check out the following articles:

    http://sharepoint.microsoft.com/blogs/cgideon/lists/posts/post.aspx?id=2

    http://technet.microsoft.com/en-us/magazine/ee914605.aspx

    Thanks,

    Rock Wang

    Forum Support

    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    Rock Wang TechNet Community Support

    • Marked as answer by vo243 Friday, April 20, 2012 4:06 PM
    Wednesday, April 18, 2012 3:30 AM

All replies

  • If understand correctly: what you're saying is you have more than one Active Directory DC, however when a single DC is unavailable WSS can no longer authenticate even though other DCs in the domain are functioning fine?

    What does the WSS Server's network configuration look like? What DNS servers does it use? Can it reach the other DCs when the DC life partner goes down? Can you log onto the server?


    Jason Warren
    Infrastructure Specialist
    Habañero Consulting Group
    www.habaneros.com/blog


    Tuesday, April 17, 2012 10:50 PM
  • Hi,

    NTLM requires a domain controller that is able to authenticate users. If the domain is operating in native mode, by default a global catalog is required on the domain controller or on another server.

    Please make sure you have enable GC role on other DC, and make sure your WSS server can find an available GC through DNS.

    For more information about authentication and SharePoint, check out the following articles:

    http://sharepoint.microsoft.com/blogs/cgideon/lists/posts/post.aspx?id=2

    http://technet.microsoft.com/en-us/magazine/ee914605.aspx

    Thanks,

    Rock Wang

    Forum Support

    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    Rock Wang TechNet Community Support

    • Marked as answer by vo243 Friday, April 20, 2012 4:06 PM
    Wednesday, April 18, 2012 3:30 AM
  • Hi,

    Did you have any questions?

    Thanks,

    Rock Wang

    Forum Support

    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.



    Rock Wang TechNet Community Support

    Friday, April 20, 2012 2:54 AM
  • Thanks to both Rock and Jason,

    In my environment, my DCs are also DNS servers. DNS was set up properly on the WSS server, no problem there. The primary DNS server was the DC that would be down and thus NTLM wouldn't work.

    The secondary DNS server was operating properly, as it's another DC. I made sure it was a GC server (it wasn't prior to fixing this issue) and now I can reboot the primary server at will with no ill effects.

    So, for me it was making sure both DCs had the Global Catalog, and now I'm good.

    Thank you guys both!

    - Vo

    Friday, April 20, 2012 4:09 PM