Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » KC8.2 authentication and DC problems (Authentication of domain users failed after changing DCs )
  •  
bitwalker

Messages: 9
Karma: 1
Send a private message to this user
Hello!

background: I was changing my DCs from WS2008 to WS2012R2; two new WS2012r2 server were installed in the existing domain, and I transferred to the new server the Pdc role (and also all the other operations master roles). The other new ws2012 server is the secondary DC and dns. All the other computers (workstations with DHCP) on the network were configured to use the new DCs (and also DNS)as primary and secondary DNS, and the older (formerly the PDC) remained online and was configured as the 3rd DNS and DC. So far so good, everything worked fine. The KC 8.2 was installed in this environment, with the same settings: the new servers as primary and secondary DNS, and the old server as a third.

problem: After 2 weeks I shut down the old WS2008 DC. The users could log on the network and to the computers, but the KC had problems with authenticating the users. I deleted the old DNS (which was the third DNS anyway), and tested the connection on the domain page of the KC administration: test was OK. So connection was OK, I could see the domain users in the users tab, but the KC logged failures like this:

Authentication: HTTP Proxy: Client: 192.168.0.59: Invalid password for NT/Kerberos user "XY"
Authentication: HTTP Proxy: Client: 192.168.0.18: Unsuccessful authentication, user None not found

The problem was solved after turning back on the old WS2008 DC. However, KC is no more configured to use this DC and DNS, but authentication is working again.

Any ideas? I want to remove this older WS2008 from the domain (demote) in the future, but if the KC stops working I don't dare to touch it Smile
  •  
Petr Dobry (Kerio)

Messages: 782
Karma: 61
Send a private message to this user
I'd remove and join back KC into the domain. That will force Control to update it's list of domain controllers and failover should work correctly.

Petr Dobry
Product Development Manager | Kerio
  •  
bitwalker

Messages: 9
Karma: 1
Send a private message to this user
Hello,

thanks for the advice, I just did what you suggested. Since then it works fine.
Previous Topic: Problem with Active directory
Next Topic: change hardware mac address permanently
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Mon Oct 23 04:23:52 CEST 2017

Total time taken to generate the page: 0.00445 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.