[quote=“Grandjean”]Hello fmp,
I’ll do my best. As a first step, could we go back to your initial problem first? You wrote that “there are some errors to login the domain from the Windows clients” - what does ‘some errors’ mean? Some of our clients got this error when logon: The trust relationship between this workstation and the primary domain failed. So we unjoin the clients from domain and rejoin them. But when we join the clients, if we type the domain name ABC.COM it causes an error: An Active Directory Domain Controller (AD DC) for the domain “ABC.COM” could not be contacted. I checked the SVR record as detail instruction but every DNS SVR record is ok. Then, I tried to type “ABC” in the domain field, and it’s ok. The domain join progress is successfully. Until now, I still have to type ABC instead of ABC.COM to join new clients (Windows 7 & Windows Server 2008 R2) to UCS domain system. There’s one thing I do not understand, if I unjoin a client, delete that computer (and related objects) via UMC and join that computer again, DNS records for this client will be created successfully but there’s no computer object for this one.
Just to clarify things for me a bit, could please tell me:
[ul][li] Are you able to log in to the webbased Univention Management Console (UMC)? Yes, the login to UMC of both UCS server are ok.
Please try the UMC of the DC Master and the UMC on one of your DC Slaves. For each one, try with your “Administrator” and a regular Domain User.
If you renamed the Administrator account, please try with the renamed one. I guess this is also the account used to do the AD Takeover? Yes, this is the account used to do the AD Takeover. Yesterday, I created an account named “Administrator” (with all domain admin groups) and there’s no problem with this.[/li]
[li] Are all users unable to log in on Windows Clients or only some of them? Only some
If only some of them, can you spot differences to users where it is working? Does it depend on the users, the clients or does it seem random? What about your “Administrator”?[/li][/ul]There’s no differences, it seems to be random… The “Administrator” is ok to logon
Nevertheless, it’s quite obvious that your DC Slave(s) DO have a problem, but I would like to clarify the things mentioned above before digging deeper.
Only one more question, just to be sure:
[ul]
[li] Were the DC Slaves installed and joined before the AD Takeover or afterwards?[/li][/ul] The UCS slave was installed after the successful AD Takeover progress.
Best regards,
Michael Grandjean[/quote]
Hi Michael, thank you for your help. Pls have a look at my answer in blue color. If you need any logs or result of which command, pls let me know. Thank you.