Re: Error binding to local domain

i Steve,

Thanks for updates.

As your description, it seems if you enable roaming profiles on SBS domain
for domain AD, this will work.

As I know, the roaming profiles will create a local cached profile when
logon to client's workstation when logon off the profiles will be leave
there and will be refresh when next logon.

For your convenience, I suggest you check the roaming profiles setting for
Windows 2003 domain to see how to enable roaming profiles on SBS domain:

As the roaming profiles is a user based profiles, so you could only enable
it on each user:

316353 How to configure a user account to use a roaming user profile in
Windows
http://support.microsoft.com/?id=316353

If you did not want to enable roaming profiles for Domain AD, you might
have to use local profiles for AD, I suggest you try to copy the original
profiles on Windows 2003 SBS server to client computer then check if the
issue can be resolved. From your description, I think this might be caused
by the profiles sharing on the domain.

You can try to restore the profiles on client computer via profiles on the
server to see if the issue can be resolved.

If you only aware some of the folders and you do not want to roaming this
folder, you can try to the KB below:

814592 How to prevent folders from roaming with a profile in Windows Server
2003
http://support.microsoft.com/?id=814592

Thanks for your effort in this issue. I will be here waiting for your
updates.



Best regards,

Charles Yang (MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.


=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
| Thread-Topic: Error binding to local domain
| thread-index: AcWn3HBM4Bacm6GORmaJqX1W0CFPig==
| X-WBNR-Posting-Host: 65.164.216.122
| From: =?Utf-8?B?U3RldmUgTGFyc29u?= <SteveLarson@xxxxxxxxxxxxxxxxxxxxxxxxx>
| References: <2E7C8934-DBF1-47BE-9EA2-D2947D7C1799@xxxxxxxxxxxxx>
<uLiBFqPoFHA.2920@xxxxxxxxxxxxxxxxxxxx>
<464AB7A0-D39E-4FD3-821B-28EEA2EB4B59@xxxxxxxxxxxxx>
<TkAnYbWoFHA.2700@xxxxxxxxxxxxxxxxxxxxx>
<7B63646A-3A6F-491C-BD5B-7582FFB9C299@xxxxxxxxxxxxx>
<Kz6pQjfoFHA.940@xxxxxxxxxxxxxxxxxxxxx>
<64996607-03AE-4537-A002-24ABF6EEBA21@xxxxxxxxxxxxx>
<SBUfNkioFHA.588@xxxxxxxxxxxxxxxxxxxxx>
<83ADBEA0-CE63-47FC-ACCC-533EF2E48ED9@xxxxxxxxxxxxx>
<D3CA9D7D-5092-491C-946F-65EDF5C91C1E@xxxxxxxxxxxxx>
<6pG#V27oFHA.944@xxxxxxxxxxxxxxxxxxxxx>
<55E8F253-31ED-4681-BE8E-0A3006FCA90A@xxxxxxxxxxxxx>
<drLqXQIpFHA.2700@xxxxxxxxxxxxxxxxxxxxx>
| Subject: Re: Error binding to local domain
| Date: Tue, 23 Aug 2005 05:16:06 -0700
| Lines: 314
| Message-ID: <D383B632-666D-40DF-B985-E5AB16C37C33@xxxxxxxxxxxxx>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| Newsgroups: microsoft.public.windows.server.sbs
| NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:146961
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| Charles,
|
| The roaming profile for the domain admin account worked. It was able to
| resolve the user name. I did not find a way to turn on roaming profiles
for
| the domain (I was guessing it is a GP setting somewhere) but edited the
| account properties instead like for the other accounts.
|
| What does this indicate the problem is? I don't want the admin account
to
| have a roaming profile. When I remove the roaming profile and delete the
| copy on the client, the usernames cannot be resolved anymore.
|
| Steve
| ""Charles Yang [MSFT]"" wrote:
|
| > HI,
| >
| > Thanks for updates.
| >
| > As you did not enable roaming profiles for the domain AD, you also have
| > problem in every client computer. So can we perform another test, you
can
| > enable roaming profiles for the AD to see if the issue still exist, it
| > looks you could not logon the AD from every client computer with only
| > domain AD.
| >
| > Thanks for effort; I will be here waiting for your updates.
| >
| >
| >
| > Best regards,
| >
| > Charles Yang (MSFT)
| >
| > Microsoft CSS Online Newsgroup Support
| >
| > Get Secure! - www.microsoft.com/security
| >
| > ======================================================
| > This newsgroup only focuses on SBS technical issues. If you have issues
| > regarding other Microsoft products, you'd better post in the
corresponding
| > newsgroups so that they can be resolved in an efficient and timely
manner.
| > You can locate the newsgroup here:
| > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| >
| > When opening a new thread via the web interface, we recommend you check
the
| > "Notify me of replies" box to receive e-mail notifications when there
are
| > any updates in your thread. When responding to posts via your
newsreader,
| > please "Reply to Group" so that others may learn and benefit from your
| > issue.
| >
| > Microsoft engineers can only focus on one issue per thread. Although we
| > provide other information for your reference, we recommend you post
| > different incidents in different threads to keep the thread clean. In
doing
| > so, it will ensure your issues are resolved in a timely manner.
| >
| > For urgent issues, you may want to contact Microsoft CSS directly.
Please
| > check http://support.microsoft.com for regional support phone numbers.
| >
| > Any input or comments in this thread are highly appreciated.
| > ======================================================
| > This posting is provided "AS IS" with no warranties, and confers no
rights.
| >
| >
| > =====================================================
| > When responding to posts, please "Reply to Group" via your newsreader
so
| > that others may learn and benefit from your issue.
| > =====================================================
| >
| > This posting is provided "AS IS" with no warranties, and confers no
rights.
| >
| > --------------------
| > | Thread-Topic: Error binding to local domain
| > | thread-index: AcWkd4vAzp1Dkj2oQSCUCnO1rDx3oQ==
| > | X-WBNR-Posting-Host: 65.164.216.122
| > | From: =?Utf-8?B?U3RldmUgTGFyc29u?=
<SteveLarson@xxxxxxxxxxxxxxxxxxxxxxxxx>
| > | References: <2E7C8934-DBF1-47BE-9EA2-D2947D7C1799@xxxxxxxxxxxxx>
| > <uLiBFqPoFHA.2920@xxxxxxxxxxxxxxxxxxxx>
| > <464AB7A0-D39E-4FD3-821B-28EEA2EB4B59@xxxxxxxxxxxxx>
| > <TkAnYbWoFHA.2700@xxxxxxxxxxxxxxxxxxxxx>
| > <7B63646A-3A6F-491C-BD5B-7582FFB9C299@xxxxxxxxxxxxx>
| > <Kz6pQjfoFHA.940@xxxxxxxxxxxxxxxxxxxxx>
| > <64996607-03AE-4537-A002-24ABF6EEBA21@xxxxxxxxxxxxx>
| > <SBUfNkioFHA.588@xxxxxxxxxxxxxxxxxxxxx>
| > <83ADBEA0-CE63-47FC-ACCC-533EF2E48ED9@xxxxxxxxxxxxx>
| > <D3CA9D7D-5092-491C-946F-65EDF5C91C1E@xxxxxxxxxxxxx>
| > <6pG#V27oFHA.944@xxxxxxxxxxxxxxxxxxxxx>
| > | Subject: Re: Error binding to local domain
| > | Date: Thu, 18 Aug 2005 21:36:20 -0700
| > | Lines: 330
| > | Message-ID: <55E8F253-31ED-4681-BE8E-0A3006FCA90A@xxxxxxxxxxxxx>
| > | MIME-Version: 1.0
| > | Content-Type: text/plain;
| > | charset="Utf-8"
| > | Content-Transfer-Encoding: 7bit
| > | X-Newsreader: Microsoft CDO for Windows 2000
| > | Content-Class: urn:content-classes:message
| > | Importance: normal
| > | Priority: normal
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| > | Newsgroups: microsoft.public.windows.server.sbs
| > | NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| > | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
| > | Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:145789
| > | X-Tomcat-NG: microsoft.public.windows.server.sbs
| > |
| > | Hi Charles,
| > |
| > | Here is a start on your steps below.
| > | 1. The issue is on every computer I have tested (4 of 12) in the
domain
| > | except the domain controller. The domain admin profile was deleted
on
| > the
| > | client for the tests. There is no "folder redirection" for any
account in
| > the
| > | domain (only roaming profiles for non-domain admin accounts.
| > | 2. a) As domain admin on a client, the dialog comes up when I click
on
| > | advanced. The Name (RDN) and other columns are empty. If I click on
| > | Locations on that screen, I can expand and explore AD nodes for the
| > domain
| > | but don't see any data. (did not click on Find Now :>()
| > | b) As regular domain user, the dialog comes up when I clicked on
| > advanced.
| > | The Name (RDN) and other columns are empty. If I click on Locations
on
| > that
| > | screen, I can expand and explore AD nodes for the domain but don't
see
| > any
| > | data. Then I noticed the Find Now button and the Name and other
columns
| > are
| > | populated.
| > | c) Back as domain admin on the client, I get an error this time I
click
| > on
| > | advanced. Error is:
| > | "The advanced page cannot be opened because of the following error:
| > | The Local Security Authority could not be contacted"
| > | d) I try logging in again as domain admin--same error again.
| > | e) Rebooted still same error again as admin.
| > | f) I tried a different machine--same error again.
| > | 3. This happens on all clients that I have tested. Atleast that the
| > domain
| > | admin account cannot resolve the name and another domain account can.
| > | I am still working on 4. and 5.
| > |
| > | Steve
| > | ""Charles Yang [MSFT]"" wrote:
| > |
| > | > HI Steve,
| > | >
| > | > Thanks for your updates here.
| > | >
| > | > From your description, I found this only occur on a client computer
| > when
| > | > you logon with domain administrator. So let us focus on two things.
| > | >
| > | > 1. I know you have disjoin and rejoin the problematic client to the
| > domain.
| > | > But this only occurs on the one user and one client computer. so
the
| > issue
| > | > should relate with that user's profiles, you means you did not
| > configure
| > | > roaming profiles for this user only, please make sure that you have
| > deleted
| > | > all the domain admin profiles on the workstation. Could you also
tell
| > us if
| > | > you have enabled "folder redirection" on SBS domain?
| > | > 2. Please also try to repeat the same things, when you locate user,
| > please
| > | > use "Advance option" and click "find now" to see if you can find
the
| > domain
| > | > AD in the list.
| > | > 3. As you referred, does it occur on a special client computer or
on
| > all
| > | > client computer, as you only test on one of the client computer.
| > | > 4. On the SBS server, click Start, point to Administrative Tools
and
| > click
| > | > DNS. Expand your server | Forward Lookup Zones | your zone,
right-click
| > | > your zone and click Properties. On the General tab, set Dynamic
updates
| > to
| > | > "Nonsecure and secure". Disjoin and rejoin the Windows XP client,
does
| > the
| > | > issue still occur? It is not necessary to manually configure
network
| > | > settings on Windows 2000 or Windows XP clients,It is recommended to
add
| > | > users by running the Add User wizard in Server Management, and
instruct
| > | > users to join domain by using the http://servername/connectcomputer
web
| > | > site.
| > | > 5. Please also try the steps below to clear the cache credential to
see
| > if
| > | > you still encounterd the same issue. Please make sure that the
domain
| > AD
| > | > could be located any network resouces which require domain account
from
| > | > that client computer.
| > | > A. Open Group Policy on your laptop, go to:
| > | > B. Computer Configuration>Windows Settings>Security Settings>Local
| > | > Policies>Security Options.
| > | > C. Double click on "Interactive logon: Number of previous logons to
| > cache
| > | > (in case domain controller is not available)", change the cache to
0
| > | > logons. Click OK.
| > | > D. Reboot and logon again.
| > | > We apprecaite your time to perform tests, if this issue is so
urgent,
| > we
| > | > suggest you call our CSS for assistnace, for it might need a little
| > long
| > | > time for troubleshooting this complex issue.
| > | >
| > | >
| > | >
| > | > Best regards,
| > | >
| > | > Charles Yang (MSFT)
| > | >
| > | > Microsoft CSS Online Newsgroup Support
| > | >
| > | > Get Secure! - www.microsoft.com/security
| > | >
| > | > ======================================================
| > | > This newsgroup only focuses on SBS technical issues. If you have
issues
| > | > regarding other Microsoft products, you'd better post in the
| > corresponding
| > | > newsgroups so that they can be resolved in an efficient and timely
| > manner.
| > | > You can locate the newsgroup here:
| > | > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| > | >
| > | > When opening a new thread via the web interface, we recommend you
check
| > the
| > | > "Notify me of replies" box to receive e-mail notifications when
there
| > are
| > | > any updates in your thread. When responding to posts via your
| > newsreader,
| > | > please "Reply to Group" so that others may learn and benefit from
your
| > | > issue.
| > | >
| > | > Microsoft engineers can only focus on one issue per thread.
Although we
| > | > provide other information for your reference, we recommend you post
| > | > different incidents in different threads to keep the thread clean.
In
| > doing
| > | > so, it will ensure your issues are resolved in a timely manner.
| > | >
| > | > For urgent issues, you may want to contact Microsoft CSS directly.
| > Please
| > | > check http://support.microsoft.com for regional support phone
numbers.
| > | >
| > | > Any input or comments in this thread are highly appreciated.
| > | > ======================================================
| > | > This posting is provided "AS IS" with no warranties, and confers no
| > rights.
| > | >
| > | >
| > | > =====================================================
| > | > When responding to posts, please "Reply to Group" via your
newsreader
| > so
| > | > that others may learn and benefit from your issue.
| > | > =====================================================
| > | >
| > | > This posting is provided "AS IS" with no warranties, and confers no
| > rights.
| > | >
| > | > --------------------
| > | > | Thread-Topic: Error binding to local domain
| > | > | thread-index: AcWjsmTO1H6ac/0aTmOHHTPzomM5xA==
| > | > | X-WBNR-Posting-Host: 65.164.216.122
| > | > | From: =?Utf-8?B?U3RldmUgTGFyc29u?=
| > <SteveLarson@xxxxxxxxxxxxxxxxxxxxxxxxx>
| > | > | References: <2E7C8934-DBF1-47BE-9EA2-D2947D7C1799@xxxxxxxxxxxxx>
| > | > <uLiBFqPoFHA.2920@xxxxxxxxxxxxxxxxxxxx>
| > | > <464AB7A0-D39E-4FD3-821B-28EEA2EB4B59@xxxxxxxxxxxxx>
| > | > <TkAnYbWoFHA.2700@xxxxxxxxxxxxxxxxxxxxx>
| > | > <7B63646A-3A6F-491C-BD5B-7582FFB9C299@xxxxxxxxxxxxx>
| > | > <Kz6pQjfoFHA.940@xxxxxxxxxxxxxxxxxxxxx>
| > | > <64996607-03AE-4537-A002-24ABF6EEBA21@xxxxxxxxxxxxx>
| > | > <SBUfNkioFHA.588@xxxxxxxxxxxxxxxxxxxxx>
| > | > <83ADBEA0-CE63-47FC-ACCC-533EF2E48ED9@xxxxxxxxxxxxx>
| > | > | Subject: Re: Error binding to local domain
| > | > | Date: Wed, 17 Aug 2005 22:05:04 -0700
| > | > | Lines: 305
| > | > | Message-ID: <D3CA9D7D-5092-491C-946F-65EDF5C91C1E@xxxxxxxxxxxxx>
| > | > | MIME-Version: 1.0
| > | > | Content-Type: text/plain;
| > | > | charset="Utf-8"
| > | > | Content-Transfer-Encoding: 7bit
| > | > | X-Newsreader: Microsoft CDO for Windows 2000
| > | > | Content-Class: urn:content-classes:message
| > | > | Importance: normal
| > | > | Priority: normal
| > | > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| > | > | Newsgroups: microsoft.public.windows.server.sbs
| > | > | NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| > | > | Path:
TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGXA03.phx.gbl
| > | > | Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.windows.server.sbs:145415
| > | > | X-Tomcat-NG: microsoft.public.windows.server.sbs
| > | > |
| > | > | Also, Outlook is able to resolve the mailbox name for the domin
admin
| > | > when
| > | > | setting up the connection to the Exchange mailbox.
| > | > | Steve
| > | > | "Steve Larson" wrote:
| > | > |
| > | > | > Hi Charles,
| > | > | >
| > | > | > I will look into the update for the 40960 and 40961 issue.
Thanks.
| > | > | >
| > | > | > I tested some more based on your questions and this is what I
found.
| > | > | > All testing was done entering a user name in the "Select,
Users,
| > | > Computers,
| > | > | > or Groups" dialog (when updating permissioned on a folder) and
| > clicking
| > | > on
| > | > | > "Check Names".
| > | > | > The Domain admin profile was deleted on the client, I logged in
as
| > the
| > | > | > domain admin on the client, after long wait-user not found.
| > Roaming
| > | > profiles
| > | > | > are used for most users but not the domain administrator. I
have
| > not
| > | > renamed
|

.