Re: Shared network resources cannot accessible after a while

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

"Nime" <eminakbulut@xxxxxxxxx> wrote in message news:Oa6oeNlwJHA.5392@xxxxxxxxxxxxxxxxxxxxxxx
OK, I removed them...

But I cannot access a folder on WEBSERVER which one is not a member of the domain.
I also use webserver's DNS, and use webserver as default gateway.
I mean I don't see any relation between my lost /forgotten/not working
user/pass and domain controller's AD. Because I use WEBSERVER's user account
to access shares, not my domain username.

Now I'm preparing a test machine -will not be member of the domain
then I will examine if it will fail or not... to access a public folder of DC or
WEBSERVER's...

Does WEBSERVER's DNS server host the AD zone? If not, do not use it.

Using WEBSERVER's user accounts means you are using its local user accounts, wihch are NOT part of the domain, so therefore, how is AD supposed to enumerate and accept the credentials? If you want to use WEBSERVER's user accounts, create identical accounts on the domain.

Also, a more pressing issue is the disjointed namespace. Notice your ipconfig /all of the DC has not Primary DNS SUffix? This is a MAJOR concern that WILL affect AD functionality.

There is much going on with your network. It is not a standardized nor centralized setup. Some of the things I noticed you are doing are not norm with AD, and is difficult to support. If it were centralized, it would ease your administrative functions, but they do not seem to be. With an AD environment, we rely on AD for security and authentication, yet you are using a non-AD account in an attempt to access AD resources.

Also, the multihomed DC will cause issues with AD. That was why I recommended disabling the WAN NIC and getting a router to perform this function. But from the looks of it, I do not believe you want to use your AD account. I am not sure how to help in this case other than recommending to create duplicate accounts with identical passwords, but once again, this is not norm, and can cause security loopholes and backdoors, and trying to keep track of what you are doing is difficult to support.

Ace


.

Relevant Pages

  • Re: 401.3 message
    ... : the webserver? ... :>hint that it is) ... to be identified as I choose 'Let IIS control password' & ... : for local user accounts'. ...
    (microsoft.public.inetserver.iis.security)
  • Re: 401.3 message
    ... the webserver? ... >hint that it is) ... to be identified as I choose 'Let IIS control password' & ... for local user accounts'. ...
    (microsoft.public.inetserver.iis.security)
  • RE: 2 users 1 workstation
    ... I first checked the DNS forward look up, ... Updated the registry keys for the clients and security policies, ... Migrate-- strBat - [C:\Program Files\Microsoft Windows Small Business ... what it is (i created most of the user accounts of the same way, ...
    (microsoft.public.windows.server.sbs)
  • Re: Domain Admin not local admin on all computers
    ... Dept 1 (user accounts) ... move the machines and also user accounts there. ... We have 2 DNS ... By default the domain admins group should be added to the local ...
    (microsoft.public.windows.server.general)
  • Re: User Login
    ... the domain group called Domain Users is a member of the local Users group on all computers; this is usually why any domain user can logon at any domin member computer. ... Policies, User Rights Assignment, Deny log on locally - add the group containing the "email only" user accounts. ...
    (microsoft.public.windows.server.active_directory)