Domain unavailable after Remote Access role added and removed

From: Bill (Bill_at_discussions.microsoft.com)
Date: 09/29/04

• Next message: Bobby: "Administrative Rights Lost on DC"
• Previous message: mrboomi: "JNDI + LDAP + Active Directory + ObjectChangeListener"
• Messages sorted by: [ date ] [ thread ]

---

Date: Wed, 29 Sep 2004 04:41:04 -0700

I have been asked by a MS tech support fellow to post this question to the
newgroup microsoft.private.directaccess.win2003.activedirectory. But I can't
find that newgroup, so please help me from here.

We added the role of Remote Access/VPN Server and
Terminal Server to a primary Windows 2003 server that is
an existing domain controller, DNS server and DHCP
server. For some reason that process corrupted some files
for an accounting package on a shared network drive, so
we removed those roles. After removing and restarting the
server, login rights were increasingly reduced until the
domain is no longer available on the LAN. When first we
logged in after removing the roles, the workstations were
blocked from mapped drives, with an error message stating
that there had been an attempt to compromise security. We
looked at rights and shares on the server and looked for
an event log that might explain why the server was
locking out users (no event log seemed to address a
security alert or a login failure). We created a new user
and were able to login on a machine that had not yet
joined the domain. But as we went around the network, the
availability of services from the server seemed to reduce
step-by-step. For example, some workstations would login,
but no access to shares, then the same workstation would
no longer authenticate, then it would authenticate, but
not see the server listed as a machine in the domain,
then the error of domain not available would be as far as
we could get. We can ping the server, but we can't see it
in the network places. The DHCP seems to be working for
workstations. But no domain is available any more. Please
inform us if there is a security override of some sort
that we can apply to restore the role of domain server.
We made a full backup before attempting the new roles
that caused the problem, and we still have full
administrative access to the server itself.

Many thanks.

---

• Next message: Bobby: "Administrative Rights Lost on DC"
• Previous message: mrboomi: "JNDI + LDAP + Active Directory + ObjectChangeListener"
• Messages sorted by: [ date ] [ thread ]

---

Relevant Pages RE: howto let asigned user login destinated workstation ... among them we have 5 workstations ... our give them the rights to login every workstation i.e. any ... may be really setting up your network for failure. ... resources on their own server with very limited access to anything else. ... (microsoft.public.windowsxp.general) gdm hangs ... gdm will hang 9 of 10 times when logging out. ... with or without the client having been connected to the Server. ... # Timed login, useful for kiosks. ... Must output the chosen host on stdout, ... (Debian-User) Re: this should be so simple..... but it aint ... so far ... kinda lost wrote: ... you'll have to join the rest of the workstations to ... i can login sometimes as administrator and other times i get errors ... server and NOT to the new server ... (microsoft.public.windows.server.general) RE: OWA 2003 with ISA 2004 ... OWA externally. ... i can login by any user. ... 825763 How to configure Internet access in Windows Small Business Server ... g. Reproduce this issue and send the logs to me. ... (microsoft.public.windows.server.sbs) Re: Compromised Server? Anyone recognize the suspect Services? ... there are a bunch of logins for Website Accounts created by the ... The login accounts are for web sites that are on the ... Server management is ... right under Network Connections there were 3 ... (microsoft.public.windows.server.networking)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(12)