AD Authentication - Second Domain Controller

DaveG · ‎10-14-2022

Ok. We have two domain controllers. However Pulse will only authenticate users from one domain controller? Is that normal.

I am able to shutdown the working Domain Controller and log myself as a brand new user to a new laptop and be authenticated by the other domain controller. So it is authenticating users.

However, if the DC in Pulse is down, Pulse will reach the secondary domain controller but not authenticate the user. Just give an invalid credential.

zanyterp · ‎10-14-2022

yes, it should only use one domain controller for authentication
are you seeing the secondary domain controller report a log message for failure?

DaveG · ‎10-16-2022

Hi @zanyterp , no. We have two Domain Controllers, A and B

A is the PDC, but not sure that means anything to Pulse

If Pulse connects to A for user auth, it will be fine

If Pulse connects to B for user auth, the error comes back with invalid credentials.

Domain Controller B seems fine to me. DCDiag has no failures and I can reset passwords and create accounts and log in to new laptops with a new test account if I shutdown Domain Controller A and leave B up.

zanyterp · ‎10-16-2022

thank you for the update, @DaveG
no, the appliance does not take into account PDC or not. is there any chance that the admin account got out of sync between dcA and dcB?
what is your server side?

DaveG · ‎10-16-2022

Hi @zanyterp ,

Can you clarify what you mean about the admin account getting out of sync?

I'm going to test turning off the working DC tomorrow and do a trace/session recording in the PSA with an account. Maybe it'll help shed some light

AD Authentication - Second Domain Controller

AD Authentication - Second Domain Controller

Re: AD Authentication - Second Domain Controller

Re: AD Authentication - Second Domain Controller

Re: AD Authentication - Second Domain Controller

Re: AD Authentication - Second Domain Controller