Forum Discussion

CraigTownend's avatar
CraigTownend
Copper Contributor
Dec 02, 2024

Weird issue accessing netlogon

Got a bit of a weird issue here......

We have just started using AAD machines via autopilot & intune and doing testing on them accessing resources on our current onprem domain, got things sorted so they can access file shares and DFS namespace shares perfectly fine and thats all going through, but having an issue with intermittent issues with netlogon.

There seems to be no pattern but when trying to hit \\domain\netlogon that will work but when trying \\domain.fqdn.gov.uk\netlogon that wont work.

However without doing anything trying again a little while later and it will be the opposite way around that can access on the full fqdn but not the short name, and then to make it worse, sometimes both work at the same time.

Different devices have been tried and had 2 side by side where one could access short but not fqdn and the other could access fqdn but not short.

At the same time if i try to access any server shares on either short name or fqdn then those are fine, seems to just be issues with netlogon on the domain.

at all times i can run to \\domain & \\domain.fqdn.gov.uk and the folder list of sysvol and netlogon both appear but its just guess work which is going to work.

This happens the same on both our internal network and when connected via cisco anyconnect vpn back into our network.

Hopefully someone has come across a similar issue and fixed it!

Thanks if you have managed to read this far :)

  • kyazaferr's avatar
    kyazaferr
    Steel Contributor

    DNS Configuration Issues

    • Short name (\\domain\netlogon) and FQDN (\\domain.fqdn.gov.uk\netlogon) access rely on DNS resolution. Intermittent access might indicate:
      • DNS records for the domain (A or CNAME records) are missing or inconsistent.
      • Replication delays or errors in DNS.
      • Split-brain DNS configuration causing mismatches between internal and external DNS views.

    Solution:

    • Verify DNS records for the domain
    • nslookup domain
      nslookup domain.fqdn.gov.u

    Kerberos Name Resolution Issues

    • Accessing \\domain\netlogon or \\domain.fqdn.gov.uk\netlogon relies on Kerberos authentication. If there are mismatched Service Principal Names (SPNs) or duplicate/missing SPNs, authentication can fail intermittently.

    setspn -Q */domain
    setspn -Q */domain.fqdn.gov.uk

     

    SYSVOL or Netlogon Replication Issues

    • Netlogon and SYSVOL folders are replicated among Domain Controllers using DFS Replication or File Replication Service (FRS). Issues here could cause intermittent accessibility.

    Solution:

    • Check DFSR or FRS logs for errors

    Get-EventLog -LogName DFSReplication

     

Resources