Sysvol issues.....

I seem to be having some problems with my sysvol.......


We have an Forest setup and them some child domains........ When we
apply GPOs and startups scripts via GPOs (for the child domains) we get

errors of event 1000 saying users can't access the sysvol....


The basic GPOs are being applied except its just the startup
scripts......


However if we browse to network neighbor we can actually get to the
sysvol but it sortof takes awhile from when we click on the sysvol and
the folders/contents within sysvol can be seem......


We also often get event 15 autoenrollment....... saying it can't find
the domain controllers....


I've checked the DNS settings and from what I see they seem to be
ok.......


Anyone come across such an issue......... thanks in advance.........

Try running netdiag, repadmin and dcdiag. Look for fail, error and warning
errors.

If you don't have the tools installed load them from your install disk.

d:\i386\adminpak.msi (Server tools for remote management of servers)
d:\support\tools\setup.exe (Server Utilities)

Copy the following to a cmd file and run look for error, fail and warn
within the reports. Post any errors you can't figure out. make sure you
modify DC_Name to the name of a dc in your domain.

@echo off

c:
cd \
cd "program files\support tools"

del c:\dcdiag.log
dcdiag /e /c /v /s:DC_Name /f:c:\dcdiag.log
start c:\dcdiag.log

netdiag.exe /v > c:\netdiag.log
start c:\netdiag.log

repadmin.exe /showrepl dc* /verbose /all /intersite > c:\repl.txt
start c:\repl.txt


See for more details

http://www.microsoft.com/technet/pro...509c38837.mspx

--


Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA

This posting is provided "AS IS" with no warranties, and confers no rights.


"Zeno" <momo2804@gmail.com> wrote in message
news:1132670045.148100.273490@z14g2000cwz.googlegr oups.com...
> I seem to be having some problems with my sysvol.......
>
>
> We have an Forest setup and them some child domains........ When we
> apply GPOs and startups scripts via GPOs (for the child domains) we get
>
> errors of event 1000 saying users can't access the sysvol....
>
>
> The basic GPOs are being applied except its just the startup
> scripts......
>
>
> However if we browse to network neighbor we can actually get to the
> sysvol but it sortof takes awhile from when we click on the sysvol and
> the folders/contents within sysvol can be seem......
>
>
> We also often get event 15 autoenrollment....... saying it can't find
> the domain controllers....
>
>
> I've checked the DNS settings and from what I see they seem to be
> ok.......
>
>
> Anyone come across such an issue......... thanks in advance.........
>

Ran the above commands and found some errors, which I can't seem to
figure out..... can you please advise....

DCDiag HK-LABDC3

Starting test: FsmoCheck
GC Name: \\HK-LABDC3.hc.a7.ad.internal.com
Locator Flags: 0xe00001bd
PDC Name: \\HK-LABDC3.hc.a7.ad.internal.com
Locator Flags: 0xe00001bd
Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed,
error 1355
A Good Time Server could not be located.
KDC Name: \\HK-LABDC3.hc.a7.ad.internal.com
Locator Flags: 0xe00001bd
......................... hc.a7.ad.internal.com
failed test FsmoCheck



NetDiag HK-LABDC3
Do NTLM authenticated LDAP call to 'HK-LABDC4.hc.a7.ad.internal.com
..
[FATAL] Cannot do NTLM authenticated ldap_bind to
'HK-LABDC4.hc.a7.ad.internal.com
: Invalid Credentials.

Do Negotiate authenticated LDAP call to
'HK-LABDC4.hc.a7.ad.internal.com
..
[FATAL] Cannot do Negotiate authenticated ldap_bind to
'HK-LABDC4.hc.a7.ad.internal.com
: Invalid Credentials.


These are coming from the DCs on the child domain and I'm not sure
why........

Have you lost a dc in your domain at some time? I appears that it can't
contact fsmo role holders.

I can show you how to seize these roles but need to know what hass happened
to your domain.

--


Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA

This posting is provided "AS IS" with no warranties, and confers no rights.


"Zeno" <momo2804@gmail.com> wrote in message
news:1132718456.237392.169150@g49g2000cwa.googlegr oups.com...
> Ran the above commands and found some errors, which I can't seem to
> figure out..... can you please advise....
>
> DCDiag HK-LABDC3
>
> Starting test: FsmoCheck
> GC Name: \\HK-LABDC3.hc.a7.ad.internal.com
> Locator Flags: 0xe00001bd
> PDC Name: \\HK-LABDC3.hc.a7.ad.internal.com
> Locator Flags: 0xe00001bd
> Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
> A Time Server could not be located.
> The server holding the PDC role is down.
> Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed,
> error 1355
> A Good Time Server could not be located.
> KDC Name: \\HK-LABDC3.hc.a7.ad.internal.com
> Locator Flags: 0xe00001bd
> ......................... hc.a7.ad.internal.com
> failed test FsmoCheck
>
>
>
> NetDiag HK-LABDC3
> Do NTLM authenticated LDAP call to 'HK-LABDC4.hc.a7.ad.internal.com
> .
> [FATAL] Cannot do NTLM authenticated ldap_bind to
> 'HK-LABDC4.hc.a7.ad.internal.com
> : Invalid Credentials.
>
> Do Negotiate authenticated LDAP call to
> 'HK-LABDC4.hc.a7.ad.internal.com
> .
> [FATAL] Cannot do Negotiate authenticated ldap_bind to
> 'HK-LABDC4.hc.a7.ad.internal.com
> : Invalid Credentials.
>
>
> These are coming from the DCs on the child domain and I'm not sure
> why........
>

Yeah we had switched off one of the DC's to do some testing when this
was run.......

What seems to be happening is after we've logged into the workstation
and try to browse the Sysvol\domain on any of the DC's it seems to take
awhile before we can actually see the contents of it.......... and then
for the startup scripts which we've placed into \sysvol\domain\scripts
we get an event log on the workstations saying they can't access the
script at the location \sysvol\domain\scripts with error message
"information could not be read from Domain Controller because its
unavailable or access is denied"

I have booted up all the DCs but still gives this error "Event 1000
User Init"

Cheers...........

You should re-run the dcdiag with all dc's powered up.

Then look at ultrasound to help you debug frs
http://www.microsoft.com/downloads/d...DisplayLang=en

If you need to rebuild sysvol on a dc
http://www.microsoft.com/technet/pro...e570432d7.mspx


--


Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA

This posting is provided "AS IS" with no warranties, and confers no rights.


"Zeno" <momo2804@gmail.com> wrote in message
news:1132801685.886901.35660@f14g2000cwb.googlegro ups.com...
> Yeah we had switched off one of the DC's to do some testing when this
> was run.......
>
> What seems to be happening is after we've logged into the workstation
> and try to browse the Sysvol\domain on any of the DC's it seems to take
> awhile before we can actually see the contents of it.......... and then
> for the startup scripts which we've placed into \sysvol\domain\scripts
> we get an event log on the workstations saying they can't access the
> script at the location \sysvol\domain\scripts with error message
> "information could not be read from Domain Controller because its
> unavailable or access is denied"
>
> I have booted up all the DCs but still gives this error "Event 1000
> User Init"
>
> Cheers...........
>

[.bas]

Hello,
@Paul Bergson
@Zeno

First of all I would like to tank @Paul for his complete reply in this topic. I need to refresh it a little bit. On my network, there are two W2k3 R2 SP2 servers (DC1 and DC2) and both have the DC role. Active directory schema is simple. It is a single domain in forest, with only few not standard OU were the corporate clients and computers are dropped. There are no GPO’s attached to this OU’s.

By the way there are no extra GPO’s only the two standard GPO’s DDP and DDCP.

What is the problem:

I can’t access any share on DC1 by its computer NetBIOS name. If I go to: \\DC1\SYSVOL
the access is Deny. The permissions and security config. For this folder are as it should be. This occurs when I’m logged in on an Administrator account locally on this DC.
I can’t access any ( even new created share ) on this Server by using it’s NetBIOS name\share name. If you go to the share by the IP Address 192.168.10.1(ex.)\SYSVOL the access is granted.

I was checking the NetBIOS helper: OK ( RUN ) / NIC priority in advanced connection prosperities: OK (LAN NIC is the first one ). The domain name pings are correct. The DC1 from DC2 pings are correct.

Can anybody help me with my problem !? I was looking for solution for about 4 months now and I cant find jack unfortunately. I am at the very thin line to go madness with this one. I even reconsider reformatting drives on this server and re-cofigurate it again. But is it the good idea – I don’t think so.

Is the client on the same subnet as the dc? If not then NETBIOS broadcasts
won't work.

What happens if you do an nslookup of dc1? Does it bring back the IP
address?

Can you access the dc via the FQDN?

--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.

".bas" <bas.30i0jf@DoNotSpam.com> wrote in message
news:bas.30i0jf@DoNotSpam.com...
>
> Hello,
> @Paul Bergson
> @Zeno
>
> First of all I would like to tank @Paul for his complete reply in this
> topic. I need to refresh it a little bit. On my network, there are two
> W2k3 R2 SP2 servers (DC1 and DC2) and both have the DC role. Active
> directory schema is simple. It is a single domain in forest, with only
> few not standard OU were the corporate clients and computers are
> dropped. There are no GPO's attached to this OU's.
>
> By the way there are no extra GPO's only the two standard GPO's DDP and
> DDCP.
>
> What is the problem:
>
> I can't access any share on DC1 by its computer NetBIOS name. If I go
> to: \\DC1\SYSVOL
> the access is Deny. The permissions and security config. For this
> folder are as it should be. This occurs when I'm logged in on an
> Administrator account locally on this DC.
> I can't access any ( even new created share ) on this Server by using
> it's NetBIOS name\share name. If you go to the share by the IP Address
> 192.168.10.1(ex.)\SYSVOL the access is granted.
>
> I was checking the NetBIOS helper: OK ( RUN ) / NIC priority in
> advanced connection prosperities: OK (LAN NIC is the first one ). The
> domain name pings are correct. The DC1 from DC2 pings are correct.
>
> Can anybody help me with my problem !? I was looking for solution for
> about 4 months now and I cant find jack unfortunately. I am at the very
> thin line to go madness with this one. I even reconsider reformatting
> drives on this server and re-cofigurate it again. But is it the good
> idea - I don't think so.
>
>
> --
> bas
> ------------------------------------------------------------------------
> bas's Profile: http://forums.techarena.in/members/35689.htm
> View this thread: Sysvol issues.....
>
> http://forums.techarena.in
>

[.bas]

Hi,

Yes the clients and the DC1 are in the same subnet. I was writing about access deny situation that appears on the DC1 with network path using NetBIOS name.

nslookup returns:

> DC1
Serwer: UnKnown
Address: 192.168.10.1

*** UnKnown can’t find DC1: Server failed.

The FQDN ( \\DC1 ) path to the server lets You in and show the shared list.

Quote:

Originally Posted by Paul Bergson [MVP-DS]

Is the client on the same subnet as the dc? If not then NETBIOS broadcasts
won't work.

What happens if you do an nslookup of dc1? Does it bring back the IP
address?

Can you access the dc via the FQDN?

--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.

".bas" <bas.30i0jf@DoNotSpam.com> wrote in message
news:bas.30i0jf@DoNotSpam.com...
>
> Hello,
> @Paul Bergson
> @Zeno
>
> First of all I would like to tank @Paul for his complete reply in this
> topic. I need to refresh it a little bit. On my network, there are two
> W2k3 R2 SP2 servers (DC1 and DC2) and both have the DC role. Active
> directory schema is simple. It is a single domain in forest, with only
> few not standard OU were the corporate clients and computers are
> dropped. There are no GPO's attached to this OU's.
>
> By the way there are no extra GPO's only the two standard GPO's DDP and
> DDCP.
>
> What is the problem:
>
> I can't access any share on DC1 by its computer NetBIOS name. If I go
> to: \\DC1\SYSVOL
> the access is Deny. The permissions and security config. For this
> folder are as it should be. This occurs when I'm logged in on an
> Administrator account locally on this DC.
> I can't access any ( even new created share ) on this Server by using
> it's NetBIOS name\share name. If you go to the share by the IP Address
> 192.168.10.1(ex.)\SYSVOL the access is granted.
>
> I was checking the NetBIOS helper: OK ( RUN ) / NIC priority in
> advanced connection prosperities: OK (LAN NIC is the first one ). The
> domain name pings are correct. The DC1 from DC2 pings are correct.
>
> Can anybody help me with my problem !? I was looking for solution for
> about 4 months now and I cant find jack unfortunately. I am at the very
> thin line to go madness with this one. I even reconsider reformatting
> drives on this server and re-cofigurate it again. But is it the good
> idea - I don't think so.
>
>
> --
> bas
> ------------------------------------------------------------------------
> bas's Profile: http://forums.techarena.in/members/35689.htm
> View this thread: Sysvol issues.....
>
> http://forums.techarena.in
>

How do have your NETBIOS name resolution set up? Broadcast, Peer, Mixed or
Hybrid?

http://technet2.microsoft.com/window....mspx?mfr=true

If you are running dhcp you can set it to run via broadcast.

--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.

".bas" <bas.30ieff@DoNotSpam.com> wrote in message
news:bas.30ieff@DoNotSpam.com...
>
> Hi,
>
> Yes the clients and the DC1 are in the same subnet. I was writing about
> access deny situation that appears on the DC1 with network path using
> NetBIOS name.
>
> nslookup returns:
>
>> DC1
> Serwer: UnKnown
> Address: 192.168.10.1
>
> *** UnKnown can't find DC1: Server failed.
>
> The FQDN ( \\DC1 ) path to the server lets You in and show the shared
> list.
>
>
> 'Paul Bergson [MVP-DS Wrote:
>> ;3330042']Is the client on the same subnet as the dc? If not then
>> NETBIOS broadcasts
>> won't work.
>>
>> What happens if you do an nslookup of dc1? Does it bring back the IP
>> address?
>>
>> Can you access the dc via the FQDN?
>>
>> --
>> Paul Bergson
>> MVP - Directory Services
>> MCT, MCSE, MCSA, Security+, BS CSci
>> 2003, 2000 (Early Achiever), NT
>>
>> http://www.pbbergs.com
>>
>> Please no e-mails, any questions should be posted in the NewsGroup
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights.
>>
>> ".bas" <bas.30i0jf@DoNotSpam.com> wrote in message
>> news:bas.30i0jf@DoNotSpam.com...
>> >
>> > Hello,
>> > @Paul Bergson
>> > @Zeno
>> >
>> > First of all I would like to tank @Paul for his complete reply in
>> this
>> > topic. I need to refresh it a little bit. On my network, there are
>> two
>> > W2k3 R2 SP2 servers (DC1 and DC2) and both have the DC role. Active
>> > directory schema is simple. It is a single domain in forest, with
>> only
>> > few not standard OU were the corporate clients and computers are
>> > dropped. There are no GPO's attached to this OU's.
>> >
>> > By the way there are no extra GPO's only the two standard GPO's DDP
>> and
>> > DDCP.
>> >
>> > What is the problem:
>> >
>> > I can't access any share on DC1 by its computer NetBIOS name. If I
>> go
>> > to: \\DC1\SYSVOL
>> > the access is Deny. The permissions and security config. For this
>> > folder are as it should be. This occurs when I'm logged in on an
>> > Administrator account locally on this DC.
>> > I can't access any ( even new created share ) on this Server by
>> using
>> > it's NetBIOS name\share name. If you go to the share by the IP
>> Address
>> > 192.168.10.1(ex.)\SYSVOL the access is granted.
>> >
>> > I was checking the NetBIOS helper: OK ( RUN ) / NIC priority in
>> > advanced connection prosperities: OK (LAN NIC is the first one ).
>> The
>> > domain name pings are correct. The DC1 from DC2 pings are correct.
>> >
>> > Can anybody help me with my problem !? I was looking for solution
>> for
>> > about 4 months now and I cant find jack unfortunately. I am at the
>> very
>> > thin line to go madness with this one. I even reconsider
>> reformatting
>> > drives on this server and re-cofigurate it again. But is it the good
>> > idea - I don't think so.
>> >
>> >
>> > --
>> > bas
>> >
>> ------------------------------------------------------------------------
>> > bas's Profile: http://forums.techarena.in/members/35689.htm
>> > View this thread: Sysvol issues.....
>> >
>> > http://forums.techarena.in
>> >
>
>
> --
> bas
> ------------------------------------------------------------------------
> bas's Profile: http://forums.techarena.in/members/35689.htm
> View this thread: Sysvol issues.....
>
> http://forums.techarena.in
>

[.bas]

Host Name . . . . . . . . . . . . : DC1
Primary Dns Suffix . . . . . . . : domain.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : domain.local

The node type is Unknown as show above. I really have no idea why but when checking it on a training machine from Virtual PC that I get from MCSA course it shows the same value. And You need to now that the Virtual PC is configured in a standard way and have no problems with accessing to DC NetBIOS name network shares.

I was researching the internet on how to manually configure the Node type ( starting with the link to MS article from you witch I like to thank for) and all I can find is this:


Changing The Node Type

There's no GUI applet to change Node Type. You'll have to use the Registry Editor, and change value
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\NetBT\Parameters\DHCP Node Type], or
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\NetBT\Parameters\Node Type] (which ever is there), or add [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\NetBT\Parameters\Node Type].

Value Node Type
1 Broadcast.
2 Peer-Peer.
4 Mixed.
8 Hybrid.

I use DHCP Server only for VPN clients that connects to the network from the DC2 because all clients In my location use the static IP configuration. But I have configured the DHCP Server options and add option 046 then set the bit value to 0x1 B type. I was trying to check the registry value for [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\NetBT\Parameters\Node Type] but now Reg. Key like this is listed in my HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\NetBT\Parameters\Node. I only have the Interface Key there. And I didn’t mess around with registry on blind.

edit:
Node type is still unknown…

No result with :( the DHCP 046 value. I think it is not acting because as I mentioned earlier on this post I do not use DHCP for any adapter on my DC1.

I don't see a problem modifying the registry to force the client to
broadcast mode. Once done, you may have to reboot (Not sure) but after the
change try and see if you can get it to work.

The dc doesn't need to be a b-type for a client to find him.

--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.

".bas" <bas.30j3fe@DoNotSpam.com> wrote in message
news:bas.30j3fe@DoNotSpam.com...
>
> Host Name . . . . . . . . . . . . : DC1
> Primary Dns Suffix . . . . . . . : domain.local
> Node Type . . . . . . . . . . . . : Unknown
> IP Routing Enabled. . . . . . . . : Yes
> WINS Proxy Enabled. . . . . . . . : Yes
> DNS Suffix Search List. . . . . . : domain.local
>
> The node type is Unknown as show above. I really have no idea why but
> when checking it on a training machine from Virtual PC that I get from
> MCSA course it shows the same value. And You need to now that the
> Virtual PC is configured in a standard way and have no problems with
> accessing to DC NetBIOS name network shares.
>
> I was researching the internet on how to manually configure the Node
> type ( starting with the link to MS article from you witch I like to
> thank for) and all I can find is this:
>
>
> Changing The Node Type
>
> There's no GUI applet to change Node Type. You'll have to use the
> Registry Editor, and change value
> [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\NetBT\Parameters\DHCP
> Node Type], or
> [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\NetBT\Parameters\Node
> Type] (which ever is there), or add
> [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\NetBT\Parameters\Node
> Type].
>
> Value Node Type
> 1 Broadcast.
> 2 Peer-Peer.
> 4 Mixed.
> 8 Hybrid.
>
> I use DHCP Server only for VPN clients that connects to the network
> from the DC2 because all clients In my location use the static IP
> configuration. But I have configured the DHCP Server options and add
> option 046 then set the bit value to 0x1 B type. I was trying to check
> the registry value for
> [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\NetBT\Parameters\Node
> Type] but now Reg. Key like this is listed in my
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\NetBT\Parameters\Node.
> I only have the Interface Key there. And I didn’t mess around with
> registry on blind.
>
> edit:
> Node type is still unknown…
>
> No result with :( the DHCP 046 value. I think it is not acting because
> as I mentioned earlier on this post I do not use DHCP for any adapter
> on my DC1.
>
>
> --
> bas
> ------------------------------------------------------------------------
> bas's Profile: http://forums.techarena.in/members/35689.htm
> View this thread: Sysvol issues.....
>
> http://forums.techarena.in
>

[.bas]

Hi, Paul.

There is some revolution In my case. The main problem is accessing the network shares created on DC1. I can’t get access to it form any computer in my network. And because of that I have the problem to access the SYSVOL and Netlogon default shares. That creates a whole range of errors in my AD environment. Even if I create a new Test share with the right permissions and security configuration I get the same error when accessing the share by typing its path with server name. That means that I can’t access shares using path like this \\DC1\Testshare\ from any client/server that is a domain computer or even form the DC1 server itself when logged on by the console. I was trying to do that with the Administrator account. What is strange is that I can access this shares by the server IP Address and the share name ( \\192.168.10.1\Testshare\ ). When typing it like this the access is granted and I can do everything that is permitted by the security to that share. I think this is something with security configuration but I don’t now how to fix it.

In my physical network I have two Network services 1 is an AD Directory Service and 2 one is a workgroup. Both are in the same subnet range 192.168.10.0 /24. There is access to the computers form AD to WorkG and vice versa. And here comes the part that I really don’t understand:

- When list the \\DC1\ from WorgG I am prompted to login. I write the user name and password and… I !can access the computer ( Server ) and shares using names. This is what I need but;

- When trying this form the Domain computer or Domain server, there is something like this:

(There’s access to server it self - shares appears on the screen without login prompt)
-Domain computer: when trying to open the share folder: I’m prompted to write user name and the password and this goes over and over again. The access is not granted.

- Domain server logged in locally or by the console to the server that holds the share ( DC1 ) when trying to open the share folder that appears on the screen there is a message:

“\\DC1\Testshare\ is not accessible. You may not have permission to use this network resource. Contact the administrator of this server to find out if you have access permissions.”

“It’s not possible to read information about the domain controller configuration, because the device is busy or the access is forbidden.” <- this is in other language so I have translate it the best I can.

P.S.
There are 2 DC in my AD environment. There are no problems like this with my second DC.

Help… And sorry for my bad English I’m trying the best I can.

Quote:

I don't see a problem modifying the registry to force the client to
broadcast mode. Once done, you may have to reboot (Not sure) but after the
change try and see if you can get it to work.

The dc doesn't need to be a b-type for a client to find him.

--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.

".bas" <bas.30j3fe@DoNotSpam.com> wrote in message
news:bas.30j3fe@DoNotSpam.com...

From a workgroup computer at a command prompt do the following
ipconfig /all

From a domain computer at a command prompt do the following
ipconfig /all

From the dc at a command prompt do the following
ipconfig /all

If dns server is different from DC at a command prompt do the following
ipconfig /all

From a command prompt on your dns server
dnscmd "dns server ip address" /info

Post all of these



--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.

".bas" <bas.30u4ng@DoNotSpam.com> wrote in message
news:bas.30u4ng@DoNotSpam.com...
>
> Hi, Paul.
>
> There is some revolution In my case. The main problem is accessing the
> network shares created on DC1. I can’t get access to it form any
> computer in my network. And because of that I have the problem to
> access the SYSVOL and Netlogon default shares. That creates a whole
> range of errors in my AD environment. Even if I create a new Test share
> with the right permissions and security configuration I get the same
> error when accessing the share by typing its path with server name.
> That means that I can’t access shares using path like this
> \\DC1\Testshare\ from any client/server that is a domain computer or
> even form the DC1 server itself when logged on by the console. I was
> trying to do that with the Administrator account. What is strange is
> that I can access this shares by the server IP Address and the share
> name ( \\192.168.10.1\Testshare\ ). When typing it like this the access
> is granted and I can do everything that is permitted by the security to
> that share. I think this is something with security configuration but I
> don’t now how to fix it.
>
> In my physical network I have two Network services 1 is an AD Directory
> Service and 2 one is a workgroup. Both are in the same subnet range
> 192.168.10.0 /24. There is access to the computers form AD to WorkG and
> vice versa. And here comes the part that I really don’t
> understand:
>
> - When list the \\DC1\ from WorgG I am prompted to login. I write the
> user name and password and… I !can access the computer ( Server )
> and shares using names. This is what I need but;
>
> - When trying this form the Domain computer or Domain server, there is
> something like this:
>
> (There’s access to server it self - shares appears on the screen
> without login prompt)
> -Domain computer: when trying to open the share folder: I’m
> prompted to write user name and the password and this goes over and
> over again. The access is not granted.
>
> - Domain server logged in locally or by the console to the server that
> holds the share ( DC1 ) when trying to open the share folder that
> appears on the screen there is a message:
>
> “\\DC1\Testshare\ is not accessible. You may not have permission
> to use this network resource. Contact the administrator of this server
> to find out if you have access permissions.”
>
> “It’s not possible to read information about the domain
> controller configuration, because the device is busy or the access is
> forbidden.” <- this is in other language so I have translate it
> the best I can.
>
> P.S.
> There are 2 DC in my AD environment. There are no problems like this
> with my second DC.
>
> Help… And sorry for my bad English I’m trying the best I
> can.
>
>> I don't see a problem modifying the registry to force the client to
>> broadcast mode. Once done, you may have to reboot (Not sure) but after
>> the
>> change try and see if you can get it to work.
>>
>> The dc doesn't need to be a b-type for a client to find him.
>>
>> --
>> Paul Bergson
>> MVP - Directory Services
>> MCT, MCSE, MCSA, Security+, BS CSci
>> 2003, 2000 (Early Achiever), NT
>>
>> http://www.pbbergs.com
>>
>> Please no e-mails, any questions should be posted in the NewsGroup
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights.
>>
>> ".bas" <bas.30j3fe@DoNotSpam.com> wrote in message
>> news:bas.30j3fe@DoNotSpam.com...
>
>
> --
> bas
> ------------------------------------------------------------------------
> bas's Profile: http://forums.techarena.in/members/35689.htm
> View this thread: Sysvol issues.....
>
> http://forums.techarena.in
>

[.bas]

@Paul,

Why do You need the Ip Configuration ? I was telling you that all the Name resolution is good, and Ip addresses are configured manually.
The communicate that indicates when You try to sea the shares content is "Access Deny" not no Host found. The name resolution and all the network traffic is right.

If You give me one good reason to give You the configuration I will post it all hear.

Best regards,