Hello everyone,
I am having an issue logging on to our connection broker farm. The farm will require me to enter my credentials two, and sometimes three times. I cannot find the solution to this problem on the net, since almost every post regarding double logons on server farms discusses enabling credssp on windows xp workstations, whereas my issue happens on every client (including windows 7, and thin clients with credssp/nla support).
When I login to my farm, the remote desktop client first asks me for my credentials before connecting. If I try to login with incorrect credentials, it will immediately say "login failed". If I enter correct credentials the client will connect, but I will get a login screen from the server. If I login there I will sometimes get yet another login screen, presumably because I'm being redirected to another server in the farm.
The servers are a windows 2008r2 domaincontroller, which also acts as the session broker, two windows 2008r2 remote desktop hostservers, which are added to farm managed by our sessionbroker, and another windows 2008r2 domaincontroller. The clients are mostly windows 7 machines (not joined to the domain) and Wyse thinos 7 clients. All exhibit the double logon problem.
I tried forcing NLA on the host servers, which did not solve the issue. Also I tried to enable credential delegation on the terminal servers via group policy setting. No luck.
Event viewer does not list any meaningfull errors or messages.
When I turn on netlogon debugging, I get the output attached at the end of this message. No obvious errors there as far as I can tell.
What can I do to solve this issue, and/or where can I find more information on debugging the logon process?
Thanks in advance!
--
Rien Broekstra
----------------8<----------------------
1.
02/03 16:06:43 [MISC] DbFlag is set to ffff
2.
02/03 16:06:45 [INIT] Group Policy is not defined for Netlogon
3.
02/03 16:06:45 [INIT] Following are the effective values after parsing
4.
02/03 16:08:12 [SESSION] I_NetLogonGetAuthData called: (null) mydomain (Flags 0x1)
5.
02/03 16:08:12 [SESSION] I_NetLogonGetAuthData called: (null) mydomain (Flags 0x1)
6.
02/03 16:08:33 [LOGON] SamLogon: Network logon of mydomain\rien from STEAKDIANE Entered
7.
02/03 16:08:33 [LOGON] SamLogon: Network logon of mydomain\rien from STEAKDIANE Returns 0x0
8.
02/03 16:08:34 [LOGON] SamLogon: Network logon of mydomain\rien from STEAKDIANE Entered
9.
02/03 16:08:34 [LOGON] SamLogon: Network logon of mydomain\rien from STEAKDIANE Returns 0x0
10.
02/03 16:08:38 [MISC] DsGetDcName function called: Dom:mydomain Acct:(null) Flags: RET_DNS
11.
02/03 16:08:38 [MISC] NetpDcInitializeContext: DSGETDC_VALID_FLAGS is c01ffff1
12.
02/03 16:08:38 [MISC] NetpDcGetName: ad.mydomain.tld. using cached information
13.
02/03 16:08:38 [MISC] DsGetDcName function returns 0: Dom:mydomain Acct:(null) Flags: RET_DNS
14.
02/03 16:08:38 [MISC] DsGetDcName function called: Dom:mydomain Acct:(null) Flags: NETBIOS RET_DNS
15.
02/03 16:08:38 [MISC] NetpDcInitializeContext: DSGETDC_VALID_FLAGS is c01ffff1
16.
02/03 16:08:38 [MISC] NetpDcGetName: ad.mydomain.tld. using cached information
17.
02/03 16:08:38 [MISC] DsGetDcName function returns 0: Dom:mydomain Acct:(null) Flags: NETBIOS RET_DNS
18.
02/03 16:08:38 [MISC] DsGetDcName function called: Dom:mydomain Acct:(null) Flags: DS NETBIOS RET_DNS
19.
02/03 16:08:38 [MISC] NetpDcInitializeContext: DSGETDC_VALID_FLAGS is c01ffff1
20.
02/03 16:08:38 [MISC] NetpDcGetName: ad.mydomain.tld. using cached information
21.
02/03 16:08:38 [MISC] DsGetDcName function returns 0: Dom:mydomain Acct:(null) Flags: DS NETBIOS RET_DNS
22.
02/03 16:08:38 [MISC] DsrEnumerateDomainTrusts: Called, Flags = 0x1
23.
02/03 16:08:38 [MISC] mydomain: DsrEnumerateDomainTrusts: Domain List collected from \\ALUMINIUM.ad.mydomain.tld
24.
02/03 16:08:38 [DOMAIN] Setting LSA NetbiosDomain: mydomain DnsDomain: ad.mydomain.tld. DnsTree: ad.mydomain.tld. DomainGuid:8147dc44-60b8-415c-ba0f-16a766013191
25.
02/03 16:08:38 [LOGON] NlSetForestTrustList: New trusted domain list:
26.
02/03 16:08:38 [LOGON] 0: mydomain ad.mydomain.tld (NT 5) (Forest Tree Root) (Primary Domain) (Native)
27.
02/03 16:08:38 [LOGON] Dom Guid: 8147dc44-60b8-415c-ba0f-16a766013191
28.
02/03 16:08:38 [LOGON] Dom Sid: S-1-5-21-3123937195-2119858977-960326834
29.
02/03 16:08:38 [MISC] DsrEnumerateDomainTrusts: returns: 0
30.
02/03 16:08:43 [MISC] DsGetDcName function called: Dom:mydomain Acct:(null) Flags: DS NETBIOS RET_DNS
31.
02/03 16:08:43 [MISC] NetpDcInitializeContext: DSGETDC_VALID_FLAGS is c01ffff1
32.
02/03 16:08:43 [MISC] NetpDcGetName: ad.mydomain.tld. using cached information
33.
02/03 16:08:43 [MISC] DsGetDcName function returns 0: Dom:mydomain Acct:(null) Flags: DS NETBIOS RET_DNS
34.
02/03 16:08:43 [MISC] DsrEnumerateDomainTrusts: Called, Flags = 0x1
35.
02/03 16:08:43 [MISC] DsrEnumerateDomainTrusts: returns: 0
36.
02/03 16:08:43 [MISC] DsGetDcName function called: Dom:AD.mydomain.tld Acct:(null) Flags: DS RET_DNS
37.
02/03 16:08:43 [MISC] NetpDcInitializeContext: DSGETDC_VALID_FLAGS is c01ffff1
38.
02/03 16:08:43 [MISC] NetpDcGetName: AD.mydomain.tld using cached information
39.
02/03 16:08:43 [MISC] DsGetDcName function returns 0: Dom:AD.mydomain.tld Acct:(null) Flags: DS RET_DNS
40.
02/03 16:08:43 [MISC] DsGetDcName function called: Dom:INDIUM Acct:(null) Flags: DS NETBIOS RET_DNS
41.
02/03 16:08:43 [MISC] NetpDcInitializeContext: DSGETDC_VALID_FLAGS is c01ffff1
42.
02/03 16:08:43 [MAILSLOT] Sent 'Sam Logon' message to INDIUM[1C] on all transports.
43.
02/03 16:08:43 [MISC] DsGetDcName function called: Dom:GALLIUM.ad.mydomain.tld Acct:(null) Flags: LDAPONLY RET_DNS
44.
02/03 16:08:43 [MISC] NetpDcInitializeContext: DSGETDC_VALID_FLAGS is c01ffff1
45.
02/03 16:08:43 [CRITICAL] NetpDcGetNameIp: GALLIUM.ad.mydomain.tld: No data returned from DnsQuery.
46.
02/03 16:08:43 [MISC] NetpDcGetName: NetpDcGetNameIp returned 1355
47.
02/03 16:08:43 [CRITICAL] NetpDcGetName: GALLIUM.ad.mydomain.tld: IP and Netbios are both done.
48.
02/03 16:08:43 [MISC] DsGetDcName function returns 1355: Dom:GALLIUM.ad.mydomain.tld Acct:(null) Flags: LDAPONLY RET_DNS
49.
02/03 16:08:43 [SITE] DsrGetSiteName: Site name 'Default-First-Site-Name' is old. Getting a new one from DC.
50.
02/03 16:08:43 [MISC] NetpDcInitializeContext: DSGETDC_VALID_FLAGS is c01ffff1
51.
02/03 16:08:43 [MAILSLOT] NetpDcPingListIp: ad.mydomain.tld.: Sent UDP ping to 10.7.1.36
52.
02/03 16:08:43 [MISC] NlPingDcNameWithContext: Sent 1/1 ldap pings to ALUMINIUM.ad.mydomain.tld
53.
02/03 16:08:43 [MISC] NlPingDcNameWithContext: ALUMINIUM.ad.mydomain.tld responded over IP.
54.
02/03 16:08:43 [PERF] NlSetServerClientSession: Not changing connection (0000000000388778): "\\ALUMINIUM.ad.mydomain.tld"
55.
ClientSession: 00000000003A76C0DsGetDcName function called: Dom:ad.mydomain.tld Acct:(null) Flags: LDAPONLY RET_DNS
56.
02/03 16:08:43 [MISC] NetpDcInitializeContext: DSGETDC_VALID_FLAGS is c01ffff1
57.
02/03 16:08:43 [MISC] NetpDcGetName: ad.mydomain.tld using cached information
58.
02/03 16:08:43 [MISC] DsGetDcName function returns 0: Dom:ad.mydomain.tld Acct:(null) Flags: LDAPONLY RET_DNS
59.
02/03 16:08:44 [SESSION] I_NetLogonGetAuthData called: (null) ad.mydomain.tld (Flags 0x1)
60.
02/03 16:08:45 [CRITICAL] NetpDcGetNameNetbios: INDIUM: Cannot NlBrowserSendDatagram. (1C) 53
61.
02/03 16:08:45 [MISC] NetpDcGetName: NetpDcGetNameNetbios returned 1355
62.
02/03 16:08:45 [CRITICAL] NetpDcGetName: INDIUM: IP and Netbios are both done.
63.
02/03 16:08:45 [MISC] DsGetDcName function returns 1355: Dom:INDIUM Acct:(null) Flags: DS NETBIOS RET_DNS