Re: Somehow created subdomain of SBS domain
From: Florian (wizard_ozREMOVE_at_gmx.net)
Date: 01/28/05
- Next message: Dave: "Re: SBS 2K3 backup problems"
- Previous message: Dave Taylor: "NTFS Security"
- In reply to: Tony Su: "RE: Somehow created subdomain of SBS domain"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 28 Jan 2005 08:49:24 -0600
Hi Tony,
Thanks for getting back to me. Yes, the reason for the separate domain
was security. I wanted to have the ability to give my employee admin
rights on the test domain without giving him access.
Now there seems to be a bit of misunderstanding with the problems we
have. Everything here is working fine - we don't have "some"
connectivity - everything works.
The only thing that didn't work is a reboot of the server, in which case
I have to manually start the information store. That's all. Well, it
freaks me out but other than that all is working, even the trust between
the SBS and the subdomain.
I'll probably just get rid of the subdomain, do some backups and hope
this solves the problem ...
Thanks!
Tony Su wrote:
> Hello Florian,
> As one small software dev company to another, I understand your needs.
>
> You may still need to describe your reasons for creating a separate Domain
> though, sometimes a company might do that to isolate security configurations,
> issues and complications created by Dev from the main operations (Production)
> of the company.
>
> If that's not a concern, you'd probably be better off simply configuring
> your Dev as a separate OU in your Domain instead of as a subdomain.
>
> Without knowing detail which would be hard to know for sure without actually
> being onsite, I'd say it's risky for anyone to offer any advice in your
> situation. There are too many things which might have caused anomalies or
> could be overlooked in your description.
>
> But, bottom line is I'd recommend you backup your Exchange store to PSTs so
> that if your security comes crashing down you can still access most of your
> mail.
>
> Then, I'd recommend that you go about trying to set your security right and
> according to guidelines... which I'm going to <guess> should be to
> 1. Backup everything in sight
> 2. Demote all your DCs which aren't the SBServer
> 3. Maybe re-run the SBS install <re-installing> all components
> 4. Some machines <may> need to be unjoined and rejoined to the SBServer Domain
> 4a. Some machines may have to uninstall, maybe disable Server applications.
> 5. Some User accounts <may> need to be deleted and re-created
>
> Then, only <after> you have verified that your SBServer is running perfectly
> you can consider restarting Server Services on the Member Servers.
>
> So, what happened?
> I'm going to guess that one of your updates tightened security. Before, your
> network was probably authenticating using NTLMv1 or NTLMv2 using NetBIOS
> names. After updating, your machines probably found that they wanted to
> communicate using Kerberos which requires functioning certificates and key
> management but found they couldn't... and maybe sometimes you are able to
> fall back to NTLM which is why you still have some connectivity.
>
> But that's all speculation...
>
> Good Luck,
> Tony
>
>
>
>
> "Florian" wrote:
>
>
>>Hi,
>>
>>We are a very small software development company running a SBS 2003 with
>>SQL Server and Exchange 2003.
>>
>>Recently we obtained a MSDN Professional license so that we could test
>>our software on a variety of test machines.
>>
>>We wanted to put all the test machines into a separate domain, ideally
>>with some sort of a trust to our SBS domain. It seemed to be the best
>>solution to create the test domain as a subdomain of the SBS domain
>>(yes, I now know that this is not supported, but not back then :-) ).
>>
>>Interestingly enough, even though not supported the domain was
>>successfully created as a subdomain of the SBS domain. The only warning
>>messages we got were in the event log in regards to the certificate
>>services which we pretty much ignored.
>>
>>So, the model worked, we were able to access resources, use the parent
>>domain accounts etc. etc. At this point I still didn't know that this
>>was not supported since it was working very well.
>>
>>The subdomain is a domain created with a W2k3 server and another W2k
>>server as an additional DC.
>>
>>Now, at some point a week ago or so we installed the latest patches that
>>had just come out on the SBS server which required a reboot - and that's
>>when things started to get messed up (and when I realized that what I
>>had done was probably not the best).
>>
>>Upon rebooting, the Exchange Information store would not start
>>automatically due to the following error messages:
>>
>>MSExchangeIS, EventID 5000
>>Unable to initialize the Microsoft Exchange Information Store service. -
>>Error 0x80004005.
>>
>>MSExchangeIS, EventID 1121
>>Error 0x80004005 connecting to the Microsoft Active Directory.
>>
>>But, when I tried to start the service manually it would start
>>immediately and I was able to connect with outlook.
>>
>>However, then the SMTP service would not work which was really a problem
>>since we receive all of our emails directly through that. Basically,
>>after issuing the RCPT TO: command through a test performed through
>>telnet the SMTP server issued some sort of error (unfortunately I forgot
>>the error message and didn't write it down).
>>
>>I then tried to restart the server, but the result was the same. I had
>>to manually start the IS on Exchange and SMTP wouldn't work. Only after
>>waiting for appr. 15 minutes would the SMTP service magically work again.
>>
>>At this point I'm a little bit freaked out and afraid to restart the server.
>>
>>What would be the best way for me to proceed? Should I simply demote the
>>DCs in the test domain, and essentially make that subdomain dissappear?
>>Or would there be something else I need to do? I have no problem
>>creating a new fresh domain for the test machines.
>>
>>Is that Exchange behavior at all connected to the sub domain that I
>>created? I'm curious as to why I never got an error and why it's working
>>if it's not supposed to ....
>>
>>Any suggestions are very welcome, thank you already in advance for your
>>time.
>>
- Next message: Dave: "Re: SBS 2K3 backup problems"
- Previous message: Dave Taylor: "NTFS Security"
- In reply to: Tony Su: "RE: Somehow created subdomain of SBS domain"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
