Forum Discussion
CraigTownend
Dec 02, 2024Copper Contributor
Weird issue accessing netlogon
Got a bit of a weird issue here......
We have just started using AAD machines via autopilot & intune and doing testing on them accessing resources on our current onprem domain, got things sorted so they can access file shares and DFS namespace shares perfectly fine and thats all going through, but having an issue with intermittent issues with netlogon.
There seems to be no pattern but when trying to hit \\domain\netlogon that will work but when trying \\domain.fqdn.gov.uk\netlogon that wont work.
However without doing anything trying again a little while later and it will be the opposite way around that can access on the full fqdn but not the short name, and then to make it worse, sometimes both work at the same time.
Different devices have been tried and had 2 side by side where one could access short but not fqdn and the other could access fqdn but not short.
At the same time if i try to access any server shares on either short name or fqdn then those are fine, seems to just be issues with netlogon on the domain.
at all times i can run to \\domain & \\domain.fqdn.gov.uk and the folder list of sysvol and netlogon both appear but its just guess work which is going to work.
This happens the same on both our internal network and when connected via cisco anyconnect vpn back into our network.
Hopefully someone has come across a similar issue and fixed it!
Thanks if you have managed to read this far :)
- kyazaferrSteel Contributor
DNS Configuration Issues
- Short name (\\domain\netlogon) and FQDN (\\domain.fqdn.gov.uk\netlogon) access rely on DNS resolution. Intermittent access might indicate:
- DNS records for the domain (A or CNAME records) are missing or inconsistent.
- Replication delays or errors in DNS.
- Split-brain DNS configuration causing mismatches between internal and external DNS views.
Solution:
- Verify DNS records for the domain
- nslookup domain
nslookup domain.fqdn.gov.u
Kerberos Name Resolution Issues
- Accessing \\domain\netlogon or \\domain.fqdn.gov.uk\netlogon relies on Kerberos authentication. If there are mismatched Service Principal Names (SPNs) or duplicate/missing SPNs, authentication can fail intermittently.
setspn -Q */domain
setspn -Q */domain.fqdn.gov.ukSYSVOL or Netlogon Replication Issues
- Netlogon and SYSVOL folders are replicated among Domain Controllers using DFS Replication or File Replication Service (FRS). Issues here could cause intermittent accessibility.
Solution:
- Check DFSR or FRS logs for errors
Get-EventLog -LogName DFSReplication
- Short name (\\domain\netlogon) and FQDN (\\domain.fqdn.gov.uk\netlogon) access rely on DNS resolution. Intermittent access might indicate: