Users cannot authenticate to file server

Copper Contributor

I have a domain that I recently took from a 2003 SBS environment and upgraded the domain to a 2022 DC. I am randomly getting users trying to connect to our file server via servername (\\servername\share) either a shortcut or mapped drive and they will get a credential request with the error "The system cannot contact a domain controller to service the authentication request". They can immediately address the server via IP and all works fine. 

In the client event log i am finding Event 40960, LSA (LsaSrv) "The Security System detected an authentication error for the server cifs/servername. The failure code from authentication protocol Kerberos was "No authority could be contacted for authentication.
(0x80090311)"."

A client reboot will remedy the issue for a period of time.

7 Replies

Please run;

Dcdiag /v /c /d /e /s:%computername% >C:\dcdiag.log (run on PDC emulator)
repadmin /showrepl >C:\repl.txt (run on **any** domain controller)
ipconfig /all > C:\%computername%.txt (run on **EVERY** domain controller)
ipconfig /all > C:\problemworkstation.txt (run on problem pc)

  
Also check the domain controller ***System*** and ***Replication*** (DFS or FRS) event logs for errors since last boot. Post the ***Event Source*** and ***Event IDs*** of any found. (no evtx files)

then put `unzipped` text files up on OneDrive and share a link.  

 

 

@Mark_McElvy just checking if there's any progress or updates? please don't forget to mark helpful replies.    

 

 

@Dave Patrick 

files you requested. Troubleshoot

System log showing Security-Kerberos, EventID 3

 

 

The files are not accessible.  

RFCU-DC1 has a DHCP assigned address which is a problem for a domain controller so this needs to be addressed. Domain controllers must always be static assigned.  

RFCU-DC2 has an unknown DNS address that should be removed. Domain controller should have own static ip address plus the loopback (127.0.0.1) listed for DNS and no others such as router or public DNS

 

The system event logs may have some errors that will need to be dealt with. Generally, any found since last boot are still active and need to be addressed. Same for the DFS Replication event log.   

 

 

If problems persist after fixes, then put up a new set of files to look at.  

 

 

@Mark_McElvy just checking if there's any progress or updates? please don't forget to close up the thread here by marking helpful replies.