Re: Network connections missing, network down
- From: "Ace Fekay [MVP]" <PleaseSubstituteMyActualFirstName&LastNameHere@xxxxxxxxxxx>
- Date: Sat, 22 Oct 2005 10:45:48 -0400
In news:B086503F-E2CA-4B36-8729-C6143C0F58EE@xxxxxxxxxxxxx,
aks <aks@xxxxxxxxxxxxxxxxxxxxxxxxx> made this post, which I then commented
about below:
> Hi,
>
> Great thing is that I originally had an AD related question, so I
> posted my questions under a diff group. It somehow led to a
> networking breakdown, and those guys there have stopped replying, so
> now I have to type the entire history to this 'Windows Server
> Networking' section, all with a hope that I might get some help !
>
> My DC was working fine until I was trying to set the ScTcbPrivilege
> for user Administrator and myself on a DC, with windows server 2003,
> sp1 installed on it.
>
> I set the permission in Local Policies for user Administrator with
> "Act as part of OS" . Still when i tried to programmatically call -
> NTSTATUS ntStatus =
> LsaRegisterLogonProcess(&lsaString,&lsaHandle,pMode);
> I continued to get a bad ntStatus (0xC000041), in other words the
> privilege did not seem to be set.
>
> Then I downloaded the Windows Resource Tool kit, and used ntrights to
> set the privilege 'ScTcbPrivilege', as originally intended. Still, I
> was not getting proper status return programmatically. My system is
> win 2003 server, and I tried doing the steps below as user
> "Administrator":
> 1. Click Start, and then click Run.
> 2. In Open box, type rsop.msc, and then click OK.
>
> and get the following Group Policy Error:
> "RSoP snap-in was unale to generate the computer or user's data due to
> insufficient permissions. Access is denied".
>
> User 'Administrator' does not seem to have access ? Hence I tried to
> reboot the machine.
>
> Now the system is behaving wierd..., its unable to see the network,
> hence AD is not working, hence I cannot revert the right I had set
> "Act as part of operating system"
> in Local Policies.
>
> As an outcome of not being able to see the network, I do not see
> Local Area Connection settings under control panel -> network
> connections. Though i can see the Local Area Connection setting with
> ipconfig /all. However, the system cannot see other DC's in the
> forest..., even Network places thru windows explorer is not working.
> Nothing to do with network is not working, the hardware is ok.
>
> Event log shows the following errors in the order where the first msg
> below is the first that occured upon reboot, followed by the rest:
> [warning ]: LsaSrv was unable to register its RPC interface over
> tcp/ip interface. Event id - 32777
> [error]: SAM failed to start the tcp/ip or spx/ipx listening thread.
> Event id - 12291
> [followed by other errors]: Netlogon error Event ID - 5706, W32Time
> error Event ID - 46, IPSec error Event ID - 4292
>
> I tried reset the OS back to the original installation default
> security settings by running: "secedit /configure /cfg
> C:\Windows\repair\secsetup.inf /db secsetup.sdb /verbose. And
> rebooted the machine. No luck yet !
>
> Any suggestions on how to get the network going ? thanks.
First, I didn't see this post in either of the AD groups. Second, I'm not of
your intentions to change the default behavior of your OS, so I'm not sure
what you are trying to accomplish by giving the the TCB privledge? I
understand the default Admin account already has that, but I am not definite
about that. See if this helps:
http://blogs.msdn.com/ericfitz/archive/2004/12/20/327478.aspx
Clearly your errors are based on prgramming errors. Here's one example of
why you are receiving EventID 32777:
http://www.eventid.net/display.asp?eventid=32777&eventno=5647&source=LsaSrv&phase=1
I would highly suggest to first experiment with this on a lab system.
Second, it my benefit you to post this into a more appropriate newsgrouop so
you are able to get more specific help, such as one of the developers
newsgroups (.NET, etc). When you make the post, let them specifically know
your intentions, for they may have a better work around.
--
Ace
This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.
If this post is viewed at a non-Microsoft community website, and you were to
respond to it through that community's website, I may not see your reply
unless that website posts replies back to the original Microsoft forum.
Therefore, please direct all replies ONLY to the Microsoft public newsgroup
this thread originated in so all can benefit or ensure the web community
posts it back to the original forum.
Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services
Microsot Certified Trainer
Infinite Diversities in Infinite Combinations.
=================================
.
- Prev by Date: Re: joining a domain through firewall
- Next by Date: Re: Creating a Virtual Domain
- Previous by thread: MS 2003 Dhcp server and option 82 config
- Next by thread: Re: Network connections missing, network down
- Index(es):
Relevant Pages
|
