Troubleshooting Netlogon Service Problems
ID: Q62363
|
The information in this article applies to:
-
Microsoft LAN Manager, versions 2.0, 2.1, 2.1a, 2.2
SUMMARY
This article lists some common items to check if the Netlogon service is
not working properly.
MORE INFORMATION- What is the accounts security setting in NET ADMIN?
Netlogon does not operate on servers that declare themselves as
STANDALONE.
- Is there a group called SERVERS?
The group must be called SERVERS; there is no choice.
- If this is the primary domain controller, is there already a domain
controller for this domain?
Check this by doing a NET WHO, which searches for a domain
controller. A domain can have only ONE domain controller.
- If this is not the primary, be careful. On the primary, the group
SERVERS must contain every server that participates in the domain
That means adding an account for each server with the server's name and
password (not required). Also, each member and backup machine must add
the primary's name and its own name to the group SERVERS.
IMPORTANT NOTE: The password that was used at the primary for the
primary's account and each member account must be the SAME password
used on each member and backup machine. Even though Netlogon works
within OS/2 LAN Manager, it uses passwords for its validation schemes.
In fact, Netlogon changes the passwords for the backup, member, and
primary about once a week for an extra layer of security. Therefore,
it is NOT recommended that you use your machine account as your own
personal account because the password is frequently changed.
Example
On the primary, enter these commands:
net user Primary_machine password /add
net user Member_machine newpass /add
net user Backup_machine raquelpass /add
net group servers /add
net group servers Primary_machine Member_machine Backup_machine /add
On the backup, enter these commands:
net user Primary_machine password /add
net user Backup_machine raquelpass /add
net group servers /add
net group servers Primary_machine Backup_machine /add
On the member, enter these commands:
net user Primary_machine password /add
net user Member_machine newpass /add
net group servers /add
net group servers Primary_machine Member_machine /add
- Check the times between the primary and the rest of the domain.
Netlogon does not propagate the NET.ACC file if the machines have
a time difference of more than 10 minutes.
This item is not necessary under LAN Manager 2.1A and later.
- If none of these solutions works, rename the NET.ACC file and use
the MAKEACC utility to create new user accounts. The syntax for
MAKEACC is:
MAKEACC <number of users> <lanman root>
where <number of users> is the maximum number of users for which
you are able to create accounts, and <lanman root> is the path
where your OS/2 LAN Manager software resides (for example, C:\LANMAN).
Please note that MAKEACC is available only to OEMs, so it is not
included on packaged product disks.
- Another way to create a new NET.ACC file is to install OS/2 LAN Manager
from scratch. Please note that it is dangerous to simply copy a new
NET.ACC file onto a server, since security information also resides in
local ACLs. You need to use the BACKACC and RESTACC utilities to
periodically back up and restore the NET.ACC file, since these utilities
also handle ACLs that exist on files. See the "Microsoft Operating
System /2 LAN Manager Administrator's Guide" for more information on
how to use these utilities.
You can also look n the \LANMAN\ACCOUNTS directory for the NETACC.BAK
file---an older copy of your NET.ACC file. You can rename this file to
NET.ACC and use it for the NETLOGON service.
It is more convenient than the original NET.ACC on the diskette as it
probably contains most of your UAS.
Additional query words:
2.00 2.10 2.10a 2.20
Keywords :
Version : :2.0,2.1,2.1a,2.2
Platform :
Issue type :
|