Re: Error binding to local domain

Charles,

The roaming profile for the domain admin account worked. It was able to
resolve the user name. I did not find a way to turn on roaming profiles for
the domain (I was guessing it is a GP setting somewhere) but edited the
account properties instead like for the other accounts.

What does this indicate the problem is? I don't want the admin account to
have a roaming profile. When I remove the roaming profile and delete the
copy on the client, the usernames cannot be resolved anymore.

Steve
""Charles Yang [MSFT]"" wrote:

> HI,
>
> Thanks for updates.
>
> As you did not enable roaming profiles for the domain AD, you also have
> problem in every client computer. So can we perform another test, you can
> enable roaming profiles for the AD to see if the issue still exist, it
> looks you could not logon the AD from every client computer with only
> domain AD.
>
> Thanks for effort; I will be here waiting for your updates.
>
>
>
> Best regards,
>
> Charles Yang (MSFT)
>
> Microsoft CSS Online Newsgroup Support
>
> Get Secure! - www.microsoft.com/security
>
> ======================================================
> This newsgroup only focuses on SBS technical issues. If you have issues
> regarding other Microsoft products, you'd better post in the corresponding
> newsgroups so that they can be resolved in an efficient and timely manner.
> You can locate the newsgroup here:
> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
>
> When opening a new thread via the web interface, we recommend you check the
> "Notify me of replies" box to receive e-mail notifications when there are
> any updates in your thread. When responding to posts via your newsreader,
> please "Reply to Group" so that others may learn and benefit from your
> issue.
>
> Microsoft engineers can only focus on one issue per thread. Although we
> provide other information for your reference, we recommend you post
> different incidents in different threads to keep the thread clean. In doing
> so, it will ensure your issues are resolved in a timely manner.
>
> For urgent issues, you may want to contact Microsoft CSS directly. Please
> check http://support.microsoft.com for regional support phone numbers.
>
> Any input or comments in this thread are highly appreciated.
> ======================================================
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
>
> =====================================================
> When responding to posts, please "Reply to Group" via your newsreader so
> that others may learn and benefit from your issue.
> =====================================================
>
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
> --------------------
> | Thread-Topic: Error binding to local domain
> | thread-index: AcWkd4vAzp1Dkj2oQSCUCnO1rDx3oQ==
> | X-WBNR-Posting-Host: 65.164.216.122
> | From: =?Utf-8?B?U3RldmUgTGFyc29u?= <SteveLarson@xxxxxxxxxxxxxxxxxxxxxxxxx>
> | References: <2E7C8934-DBF1-47BE-9EA2-D2947D7C1799@xxxxxxxxxxxxx>
> <uLiBFqPoFHA.2920@xxxxxxxxxxxxxxxxxxxx>
> <464AB7A0-D39E-4FD3-821B-28EEA2EB4B59@xxxxxxxxxxxxx>
> <TkAnYbWoFHA.2700@xxxxxxxxxxxxxxxxxxxxx>
> <7B63646A-3A6F-491C-BD5B-7582FFB9C299@xxxxxxxxxxxxx>
> <Kz6pQjfoFHA.940@xxxxxxxxxxxxxxxxxxxxx>
> <64996607-03AE-4537-A002-24ABF6EEBA21@xxxxxxxxxxxxx>
> <SBUfNkioFHA.588@xxxxxxxxxxxxxxxxxxxxx>
> <83ADBEA0-CE63-47FC-ACCC-533EF2E48ED9@xxxxxxxxxxxxx>
> <D3CA9D7D-5092-491C-946F-65EDF5C91C1E@xxxxxxxxxxxxx>
> <6pG#V27oFHA.944@xxxxxxxxxxxxxxxxxxxxx>
> | Subject: Re: Error binding to local domain
> | Date: Thu, 18 Aug 2005 21:36:20 -0700
> | Lines: 330
> | Message-ID: <55E8F253-31ED-4681-BE8E-0A3006FCA90A@xxxxxxxxxxxxx>
> | MIME-Version: 1.0
> | Content-Type: text/plain;
> | charset="Utf-8"
> | Content-Transfer-Encoding: 7bit
> | X-Newsreader: Microsoft CDO for Windows 2000
> | Content-Class: urn:content-classes:message
> | Importance: normal
> | Priority: normal
> | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
> | Newsgroups: microsoft.public.windows.server.sbs
> | NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
> | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
> | Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:145789
> | X-Tomcat-NG: microsoft.public.windows.server.sbs
> |
> | Hi Charles,
> |
> | Here is a start on your steps below.
> | 1. The issue is on every computer I have tested (4 of 12) in the domain
> | except the domain controller. The domain admin profile was deleted on
> the
> | client for the tests. There is no "folder redirection" for any account in
> the
> | domain (only roaming profiles for non-domain admin accounts.
> | 2. a) As domain admin on a client, the dialog comes up when I click on
> | advanced. The Name (RDN) and other columns are empty. If I click on
> | Locations on that screen, I can expand and explore AD nodes for the
> domain
> | but don't see any data. (did not click on Find Now :>()
> | b) As regular domain user, the dialog comes up when I clicked on
> advanced.
> | The Name (RDN) and other columns are empty. If I click on Locations on
> that
> | screen, I can expand and explore AD nodes for the domain but don't see
> any
> | data. Then I noticed the Find Now button and the Name and other columns
> are
> | populated.
> | c) Back as domain admin on the client, I get an error this time I click
> on
> | advanced. Error is:
> | "The advanced page cannot be opened because of the following error:
> | The Local Security Authority could not be contacted"
> | d) I try logging in again as domain admin--same error again.
> | e) Rebooted still same error again as admin.
> | f) I tried a different machine--same error again.
> | 3. This happens on all clients that I have tested. Atleast that the
> domain
> | admin account cannot resolve the name and another domain account can.
> | I am still working on 4. and 5.
> |
> | Steve
> | ""Charles Yang [MSFT]"" wrote:
> |
> | > HI Steve,
> | >
> | > Thanks for your updates here.
> | >
> | > From your description, I found this only occur on a client computer
> when
> | > you logon with domain administrator. So let us focus on two things.
> | >
> | > 1. I know you have disjoin and rejoin the problematic client to the
> domain.
> | > But this only occurs on the one user and one client computer. so the
> issue
> | > should relate with that user's profiles, you means you did not
> configure
> | > roaming profiles for this user only, please make sure that you have
> deleted
> | > all the domain admin profiles on the workstation. Could you also tell
> us if
> | > you have enabled "folder redirection" on SBS domain?
> | > 2. Please also try to repeat the same things, when you locate user,
> please
> | > use "Advance option" and click "find now" to see if you can find the
> domain
> | > AD in the list.
> | > 3. As you referred, does it occur on a special client computer or on
> all
> | > client computer, as you only test on one of the client computer.
> | > 4. On the SBS server, click Start, point to Administrative Tools and
> click
> | > DNS. Expand your server | Forward Lookup Zones | your zone, right-click
> | > your zone and click Properties. On the General tab, set Dynamic updates
> to
> | > "Nonsecure and secure". Disjoin and rejoin the Windows XP client, does
> the
> | > issue still occur? It is not necessary to manually configure network
> | > settings on Windows 2000 or Windows XP clients,It is recommended to add
> | > users by running the Add User wizard in Server Management, and instruct
> | > users to join domain by using the http://servername/connectcomputer web
> | > site.
> | > 5. Please also try the steps below to clear the cache credential to see
> if
> | > you still encounterd the same issue. Please make sure that the domain
> AD
> | > could be located any network resouces which require domain account from
> | > that client computer.
> | > A. Open Group Policy on your laptop, go to:
> | > B. Computer Configuration>Windows Settings>Security Settings>Local
> | > Policies>Security Options.
> | > C. Double click on "Interactive logon: Number of previous logons to
> cache
> | > (in case domain controller is not available)", change the cache to 0
> | > logons. Click OK.
> | > D. Reboot and logon again.
> | > We apprecaite your time to perform tests, if this issue is so urgent,
> we
> | > suggest you call our CSS for assistnace, for it might need a little
> long
> | > time for troubleshooting this complex issue.
> | >
> | >
> | >
> | > Best regards,
> | >
> | > Charles Yang (MSFT)
> | >
> | > Microsoft CSS Online Newsgroup Support
> | >
> | > Get Secure! - www.microsoft.com/security
> | >
> | > ======================================================
> | > This newsgroup only focuses on SBS technical issues. If you have issues
> | > regarding other Microsoft products, you'd better post in the
> corresponding
> | > newsgroups so that they can be resolved in an efficient and timely
> manner.
> | > You can locate the newsgroup here:
> | > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
> | >
> | > When opening a new thread via the web interface, we recommend you check
> the
> | > "Notify me of replies" box to receive e-mail notifications when there
> are
> | > any updates in your thread. When responding to posts via your
> newsreader,
> | > please "Reply to Group" so that others may learn and benefit from your
> | > issue.
> | >
> | > Microsoft engineers can only focus on one issue per thread. Although we
> | > provide other information for your reference, we recommend you post
> | > different incidents in different threads to keep the thread clean. In
> doing
> | > so, it will ensure your issues are resolved in a timely manner.
> | >
> | > For urgent issues, you may want to contact Microsoft CSS directly.
> Please
> | > check http://support.microsoft.com for regional support phone numbers.
> | >
> | > Any input or comments in this thread are highly appreciated.
> | > ======================================================
> | > This posting is provided "AS IS" with no warranties, and confers no
> rights.
> | >
> | >
> | > =====================================================
> | > When responding to posts, please "Reply to Group" via your newsreader
> so
> | > that others may learn and benefit from your issue.
> | > =====================================================
> | >
> | > This posting is provided "AS IS" with no warranties, and confers no
> rights.
> | >
> | > --------------------
> | > | Thread-Topic: Error binding to local domain
> | > | thread-index: AcWjsmTO1H6ac/0aTmOHHTPzomM5xA==
> | > | X-WBNR-Posting-Host: 65.164.216.122
> | > | From: =?Utf-8?B?U3RldmUgTGFyc29u?=
> <SteveLarson@xxxxxxxxxxxxxxxxxxxxxxxxx>
> | > | References: <2E7C8934-DBF1-47BE-9EA2-D2947D7C1799@xxxxxxxxxxxxx>
> | > <uLiBFqPoFHA.2920@xxxxxxxxxxxxxxxxxxxx>
> | > <464AB7A0-D39E-4FD3-821B-28EEA2EB4B59@xxxxxxxxxxxxx>
> | > <TkAnYbWoFHA.2700@xxxxxxxxxxxxxxxxxxxxx>
> | > <7B63646A-3A6F-491C-BD5B-7582FFB9C299@xxxxxxxxxxxxx>
> | > <Kz6pQjfoFHA.940@xxxxxxxxxxxxxxxxxxxxx>
> | > <64996607-03AE-4537-A002-24ABF6EEBA21@xxxxxxxxxxxxx>
> | > <SBUfNkioFHA.588@xxxxxxxxxxxxxxxxxxxxx>
> | > <83ADBEA0-CE63-47FC-ACCC-533EF2E48ED9@xxxxxxxxxxxxx>
> | > | Subject: Re: Error binding to local domain
> | > | Date: Wed, 17 Aug 2005 22:05:04 -0700
> | > | Lines: 305
> | > | Message-ID: <D3CA9D7D-5092-491C-946F-65EDF5C91C1E@xxxxxxxxxxxxx>
> | > | MIME-Version: 1.0
> | > | Content-Type: text/plain;
> | > | charset="Utf-8"
> | > | Content-Transfer-Encoding: 7bit
> | > | X-Newsreader: Microsoft CDO for Windows 2000
> | > | Content-Class: urn:content-classes:message
> | > | Importance: normal
> | > | Priority: normal
> | > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
> | > | Newsgroups: microsoft.public.windows.server.sbs
> | > | NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
> | > | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGXA03.phx.gbl
> | > | Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:145415
> | > | X-Tomcat-NG: microsoft.public.windows.server.sbs
> | > |
> | > | Also, Outlook is able to resolve the mailbox name for the domin admin
> | > when
> | > | setting up the connection to the Exchange mailbox.
> | > | Steve
> | > | "Steve Larson" wrote:
> | > |
> | > | > Hi Charles,
> | > | >
> | > | > I will look into the update for the 40960 and 40961 issue. Thanks.
> | > | >
> | > | > I tested some more based on your questions and this is what I found.
> | > | > All testing was done entering a user name in the "Select, Users,
> | > Computers,
> | > | > or Groups" dialog (when updating permissioned on a folder) and
> clicking
> | > on
> | > | > "Check Names".
> | > | > The Domain admin profile was deleted on the client, I logged in as
> the
> | > | > domain admin on the client, after long wait-user not found.
> Roaming
> | > profiles
> | > | > are used for most users but not the domain administrator. I have
> not
> | > renamed
.