KM - Active Directory Authentication is intermittent

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • cadkins
    Technician
    • Apr 2010
    • 34

    KM - Active Directory Authentication is intermittent

    We have customer that has several different models of KM. We have it set up to authenticate from the copier as well as print via AD. They are running Server 2008r2.


    It is very intermittent but the user can walk up, try to log in and it fails. Try again and it works.
    Same with printing. User can go to the properties and hit "Verify" and it fails. Close out and try again and it works.
    Sometimes if the user fails, it will continue to fail for a while and then start working a few minutes or an hour later.

    The time zone is set correctly as well as DLST is set.

    Since I know next to nothing about AD, I have no idea where to go from here. Any suggestions?

    Looking through the KB didn't give any results that looked like it would help

    Thanks in advance!
    -Curtis
  • rthonpm
    Field Supervisor

    2,500+ Posts
    • Aug 2007
    • 2848

    #2
    Re: KM - Active Directory Authentication is intermittent

    Couple things to check:

    1. Is the machine itself on the domain and, if so, is it listed within the correct group?
    2. Is the firmware for every model up to date?
    3. Any change if the users try entering their user name as domain\user?
    4. Are the machines using the same DNS server(s) as the domain controller?

    Comment

    • cadkins
      Technician
      • Apr 2010
      • 34

      #3
      Re: KM - Active Directory Authentication is intermittent

      Thanks for the quick reply.

      I'll just respond to them by number.

      1. Do you mean, is the domain listed in the machine? And I am guessing by "Group" you are referring to within AD?
      2. Yes
      3. No
      4. Yes

      Thanks again!

      Comment

      • TheOwl
        Service Manager

        Site Contributor
        1,000+ Posts
        • Nov 2008
        • 1733

        #4
        Re: KM - Active Directory Authentication is intermittent

        What is the network speed set to?

        Intermittent problems like this can be caused by switches and other little stuff. Try slowing down the network speed of the copier and see if that helps.
        Please don't ask me for firmware or service manuals as refusal often offends.

        Comment

        • blackcat4866
          Master Of The Obvious

          Site Contributor
          10,000+ Posts
          • Jul 2007
          • 22744

          #5
          Re: KM - Active Directory Authentication is intermittent

          Could the DNS be a little slow or inconsistent? You might try the IP address for LDAP, rather than the hostname. =^..^=
          If you'd like a serious answer to your request:
          1) demonstrate that you've read the manual
          2) demonstrate that you made some attempt to fix it.
          3) if you're going to ask about jams include the jam code.
          4) if you're going to ask about an error code include the error code.
          5) You are the person onsite. Only you can make observations.

          blackcat: Master Of The Obvious =^..^=

          Comment

          • kronical
            Kronic Copier Ninja

            100+ Posts
            • Nov 2009
            • 230

            #6
            Turn on sntp and set the ntp server address to the address of the domain controller. Even though your timezones and date/time are set there will be a few second discrepency between the two. During the period the times are not synced you will fail authentication. This will sync to the dc.

            Comment

            • RRodgers
              Service Manager

              1,000+ Posts
              • Jun 2009
              • 1950

              #7
              Re: KM - Active Directory Authentication is intermittent

              Goto a desktop and ping the copier for a while and watch it, then ping another desktop and see how that one does. If it's jumping around a lot I would check the router next. Does it work fine in the morning and not so great after everyone logs in to there computers and starts checking email/facebook/youtube.
              Color is not 4 times harder... it's 65,000 times harder. They call it "TECH MODE" for a reason. I have manual's and firmware for ya, course... you are going to have to earn it.

              Comment

              • TheOwl
                Service Manager

                Site Contributor
                1,000+ Posts
                • Nov 2008
                • 1733

                #8
                Re: KM - Active Directory Authentication is intermittent

                Originally posted by kronical
                Turn on sntp and set the ntp server address to the address of the domain controller. Even though your timezones and date/time are set there will be a few second discrepency between the two. During the period the times are not synced you will fail authentication. This will sync to the dc.

                Active Directory will allow for a time difference of +-5 minutes of the domain controllers. Seconds don't really count unless it is 5 minutes and 1 second.

                Setting the copiers to use the DC's within the network is still a good idea regardless of the installation.
                Please don't ask me for firmware or service manuals as refusal often offends.

                Comment

                • cadkins
                  Technician
                  • Apr 2010
                  • 34

                  #9
                  Re: KM - Active Directory Authentication is intermittent

                  Originally posted by kronical
                  Turn on sntp and set the ntp server address to the address of the domain controller. Even though your timezones and date/time are set there will be a few second discrepency between the two. During the period the times are not synced you will fail authentication. This will sync to the dc.
                  yes, they are set to the DC for the NTP server.

                  Originally posted by RRodgers
                  Goto a desktop and ping the copier for a while and watch it, then ping another desktop and see how that one does. If it's jumping around a lot I would check the router next. Does it work fine in the morning and not so great after everyone logs in to there computers and starts checking email/facebook/youtube.
                  we did watch it for a while even when trying the verification via print driver. It was very consistent.

                  Originally posted by blackcat4866
                  Could the DNS be a little slow or inconsistent? You might try the IP address for LDAP, rather than the hostname. =^..^=
                  We have tried both the host name and the IP for the external server but we are using AD not LDAP. There are really no settings besides the time, the AD server and the domain that needs to be done for it to really work in a normal situation.

                  I am actually wondering if they are having a caching problem on the server. They don't see this intermittent problem from the computers since that info is cached. I was under the impression that the print driver would cache the settings as well but since that information is going back through the copier, it may not. Anyone know if it does?

                  Thanks for all the suggestions and help!

                  Comment

                  • rthonpm
                    Field Supervisor

                    2,500+ Posts
                    • Aug 2007
                    • 2848

                    #10
                    Re: KM - Active Directory Authentication is intermittent

                    Originally posted by cadkins
                    Thanks for the quick reply.

                    I'll just respond to them by number.

                    1. Do you mean, is the domain listed in the machine? And I am guessing by "Group" you are referring to within AD?
                    2. Yes
                    3. No
                    4. Yes

                    Thanks again!
                    I meant to ask whether or not the copier is actually set up as an object on the domain controller. Sometimes setting the machine as an object that the DC can actually recognise can help alleviate connection issues. The trick then is to also make sure that the copier is in a group that doesn't get group policies and such pushed to it, like a special purpose group.

                    Another thing: is this a subnetted network or built on VLANs?

                    Comment

                    • cadkins
                      Technician
                      • Apr 2010
                      • 34

                      #11
                      Re: KM - Active Directory Authentication is intermittent

                      OK, I just wanted to make sure i understood you. Yeah, the printers are set within a group in AD. I am not sure if it is a special purpose type group but I can check.

                      They are not on a subnetted network but it is pretty large. For their remote locations they might be on a VLAN but I will check that as well.

                      Comment

                      Working...