Forum Discussion
CraigTownend
Nov 25, 2024Copper Contributor
Weird issue accessing netlogon
Got a bit of a weird issue here...... We have just started using AAD machines via autopilot & intune and doing testing on them accessing resources on our current onprem domain, got things sorted so ...
kyazaferr
Nov 25, 2024Iron Contributor
nslookup domain
nslookup domain.fqdn.gov.uk
Netlogon Service Configuration
The Netlogon service relies on proper DNS and Active Directory connectivity, and any issues with name resolution could prevent the service from functioning properly. If there’s an intermittent issue with the Netlogon service when trying to access resources by FQDN, it's worth checking the service configuration.
Solution:
- Check the Netlogon Service: Ensure the Netlogon service is running on the domain controllers, and there are no intermittent failures on the DCs that could cause these issues.
- Check Event Logs: Review the Event Viewer logs on the client machine and domain controllers, particularly under Applications and Services Logs > Microsoft > Windows > Netlogon. Look for any errors or warnings related to Netlogon or domain name resolution failures.
3. Kerberos Authentication Issues
When accessing Netlogon via the FQDN, Kerberos authentication might be having trouble, especially in hybrid environments with both on-prem and Azure AD-connected devices. This can sometimes happen if there are DNS mismatches or if the client machine has trouble with domain controllers over VPN.
Solution:
- Check Kerberos Configuration: Ensure Kerberos is properly configured on both the client machines and domain controllers. Check for any issues with service principal names (SPNs) that may prevent proper authentication when using the FQDN.
- Check for DNS Resolution of SPNs: Use the setspn command to check if the domain controllers have the correct SPNs registered: