Hello All,
I have installed and configured 2 new DCs, I have no errors when I run
dcdiag /q and netdiag/q on both of the servers, but when I checked the Event
Viewer / System of the DC1 I have the following warning, and this error is
reproduced every one hour:
The Security System detected an authentication error for the server
DNS/DC1.mygroup.com. The failure code from authentication protocol Kerberos
was "The attempted logon is invalid. This is either due to a bad username or
authentication information.
(0xc000006d)".

Also Please note that on DC1 is the server where the DNS is configured.
Can somebody I need to be sure of my DCs before proceeding with joining
machines.

Thanks,
SSR

Hello SSR,

Please post an unedited ipconfig /all from both machines.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** us YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

> Hello All,
> I have installed and configured 2 new DCs, I have no errors when I run
> dcdiag /q and netdiag/q on both of the servers, but when I checked the
> Event
> Viewer / System of the DC1 I have the following warning, and this
> error is
> reproduced every one hour:
> The Security System detected an authentication error for the server
> DNS/DC1.mygroup.com. The failure code from authentication protocol
> Kerberos
> was "The attempted logon is invalid. This is either due to a bad
> username or
> authentication information.
> (0xc000006d)".
> Also Please note that on DC1 is the server where the DNS is
> configured.
> Can somebody I need to be sure of my DCs before proceeding with
> joining
> machines.
> Thanks,
> SSR

Hello Again,

Below are the results for the ipconfig /all for both DCs (DC1 and DC2)

For DC1
Windows IP Configuration
Host Name . . . . . . . . . . . . : DC1
Primary Dns Suffix . . . . . . . : mygroup.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : mygroup.com

Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE
(NDIS
VBD Client)
Physical Address. . . . . . . . . : 00-1D-09-1A-24-08
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.1.10.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.1.10.4
DNS Servers . . . . . . . . . . . : 10.1.10.1


FOR DC2
Windows IP Configuration
Host Name . . . . . . . . . . . . : DC2
Primary Dns Suffix . . . . . . . : mygroup.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : mygroup.com

Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
Physical Address. . . . . . . . . : 00-19-B9-F9-7C-FE
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.1.10.10
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.1.10.4
DNS Servers . . . . . . . . . . . : 10.1.10.1


Regards,
SSR



"Meinolf Weber" wrote:

> Hello SSR,
>
> Please post an unedited ipconfig /all from both machines.
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and confers
> no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** us YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
> > Hello All,
> > I have installed and configured 2 new DCs, I have no errors when I run
> > dcdiag /q and netdiag/q on both of the servers, but when I checked the
> > Event
> > Viewer / System of the DC1 I have the following warning, and this
> > error is
> > reproduced every one hour:
> > The Security System detected an authentication error for the server
> > DNS/DC1.mygroup.com. The failure code from authentication protocol
> > Kerberos
> > was "The attempted logon is invalid. This is either due to a bad
> > username or
> > authentication information.
> > (0xc000006d)".
> > Also Please note that on DC1 is the server where the DNS is
> > configured.
> > Can somebody I need to be sure of my DCs before proceeding with
> > joining
> > machines.
> > Thanks,
> > SSR
>
>
>

This seems to pop up a lot, not a real clear cut error. Check to make sure
the two dc's are within 5 minutes of one another for time.

Here is a link with other users who have run into this issue.
http://www.eventid.net/display.asp?e...LsaSrv&phase=1

--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.

"SSR" <SSR@discussions.microsoft.com> wrote in message
news:C85A3074-6C15-4C04-8EA8-E1ADFDAD7E71@microsoft.com...
> Hello All,
> I have installed and configured 2 new DCs, I have no errors when I run
> dcdiag /q and netdiag/q on both of the servers, but when I checked the
> Event
> Viewer / System of the DC1 I have the following warning, and this error is
> reproduced every one hour:
> The Security System detected an authentication error for the server
> DNS/DC1.mygroup.com. The failure code from authentication protocol
> Kerberos
> was "The attempted logon is invalid. This is either due to a bad username
> or
> authentication information.
> (0xc000006d)".
>
> Also Please note that on DC1 is the server where the DNS is configured.
> Can somebody I need to be sure of my DCs before proceeding with
> joining
> machines.
>
> Thanks,
> SSR

Hello,
My both machines are well synchronized on time.
The is an ignorable difference of time: Less than one SECOND.

Thank you,
SSR

"Paul Bergson [MVP-DS]" wrote:

> This seems to pop up a lot, not a real clear cut error. Check to make sure
> the two dc's are within 5 minutes of one another for time.
>
> Here is a link with other users who have run into this issue.
> http://www.eventid.net/display.asp?e...LsaSrv&phase=1
>
> --
> Paul Bergson
> MVP - Directory Services
> MCT, MCSE, MCSA, Security+, BS CSci
> 2003, 2000 (Early Achiever), NT
>
> http://www.pbbergs.com
>
> Please no e-mails, any questions should be posted in the NewsGroup
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
> "SSR" <SSR@discussions.microsoft.com> wrote in message
> news:C85A3074-6C15-4C04-8EA8-E1ADFDAD7E71@microsoft.com...
> > Hello All,
> > I have installed and configured 2 new DCs, I have no errors when I run
> > dcdiag /q and netdiag/q on both of the servers, but when I checked the
> > Event
> > Viewer / System of the DC1 I have the following warning, and this error is
> > reproduced every one hour:
> > The Security System detected an authentication error for the server
> > DNS/DC1.mygroup.com. The failure code from authentication protocol
> > Kerberos
> > was "The attempted logon is invalid. This is either due to a bad username
> > or
> > authentication information.
> > (0xc000006d)".
> >
> > Also Please note that on DC1 is the server where the DNS is configured.
> > Can somebody I need to be sure of my DCs before proceeding with
> > joining
> > machines.
> >
> > Thanks,
> > SSR
>
>
>

Hello Mr SSR,

Have you created a Reverse Lookup Zone on the DNS server? If not create one
and check again, best after a restart.

Only a suggestion:
Also you should think about making the second Dc also a DNS server/Global
catalog server for redundancy. Also it will be easier if you use Active directory
integrated zones, you can add records at any time if one DNS is down, instead
of primary and secondary zone, where the secondary only stores a copy to
which can not be written if the primary is down.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** us YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

> Hello,
> My both machines are well synchronized on time.
> The is an ignorable difference of time: Less than one SECOND.
> Thank you,
> SSR
> "Paul Bergson [MVP-DS]" wrote:
>
>> This seems to pop up a lot, not a real clear cut error. Check to
>> make sure the two dc's are within 5 minutes of one another for time.
>>
>> Here is a link with other users who have run into this issue.
>> http://www.eventid.net/display.asp?e...o=787&source=L
>> saSrv&phase=1
>>
>> --
>> Paul Bergson
>> MVP - Directory Services
>> MCT, MCSE, MCSA, Security+, BS CSci
>> 2003, 2000 (Early Achiever), NT
>> http://www.pbbergs.com
>>
>> Please no e-mails, any questions should be posted in the NewsGroup
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights.
>>
>> "SSR" <SSR@discussions.microsoft.com> wrote in message
>> news:C85A3074-6C15-4C04-8EA8-E1ADFDAD7E71@microsoft.com...
>>
>>> Hello All,
>>> I have installed and configured 2 new DCs, I have no errors when I
>>> run
>>> dcdiag /q and netdiag/q on both of the servers, but when I checked
>>> the
>>> Event
>>> Viewer / System of the DC1 I have the following warning, and this
>>> error is
>>> reproduced every one hour:
>>> The Security System detected an authentication error for the server
>>> DNS/DC1.mygroup.com. The failure code from authentication protocol
>>> Kerberos
>>> was "The attempted logon is invalid. This is either due to a bad
>>> username
>>> or
>>> authentication information.
>>> (0xc000006d)".
>>> Also Please note that on DC1 is the server where the DNS is
>>> configured.
>>> Can somebody I need to be sure of my DCs before proceeding with
>>> joining
>>> machines.
>>> Thanks,
>>> SSR