Re: Serious domain problem
- From: Eriq Neale <eon@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 14 Sep 2005 00:20:38 GMT
In the Default Domain Controllers policy, both Network Server: Digitally Sign Communications items should be ENABLED. The Network Client: Digitally Sign Communications items are NOT DEFINED.
in the Default Domain policy, all four should be set to NOT DEFINED.
I'm preaching to the choir now, but this is why you never, never, never modify the Default policy objects. If you want to change a GPO element from the way it is defined in one of those policies, create a new GPO with the setting you want. Then, if/when it breaks, you can disable the policy and go back to the way it was.
Realize, though, that if the changes have been made, just seting the GPO back to NOT DEFINED will not necessarily revert the changes to the actual settings. Those are set in the registry, and i'll have to dig up what those are and what the settings should be...
HTH...
-Eriq
On 2005-09-13 13:29:00 -0500, "NickC" <NoSpam@xxxxxxxxxxxxxx> said:
Could someone tell me what these are set at for these two GPOs by default on their server?
"NickC" <NoSpam@xxxxxxxxxxx> wrote in message news:eGWcKPkrFHA.2064@xxxxxxxxxxxxxxxxxxxxxxxProblem solved, have rebooted into Directory Services Restore mode and restored just the system state from the last tape backup and all seems to be working OK again now.
Oops, just broken it again, ah well at least I know what caused it now. In the 'Default Domain Policy' GPO and the 'Default Domain Controllers Policy' GPO there are settings for:
Network Client digitally sign communications (always)
Network Client digitally sign communications (if server agrees)
Network Server digitally sign communications (always)
Network Server digitally sign communications (if client agrees)
For other diagnostic purposes (intermittant GPO failure) I previously had all these disabled and reset them to their previous settings. Or did I maybe I didn't record their default settings correctly! Could someone tell me what these are set at for these two GPOs by default on their server.
Thanks, Nick
"NickC" <NoSpam@xxxxxxxxxxx> wrote in message news:O%23Q4iMjrFHA.2212@xxxxxxxxxxxxxxxxxxxxxxxWe seem to have aquired a serious domain authentication problem. On the server I can browse to \\ServerName but as soon as I try to connect to any network share I am asked to login again which always fails. Users cannot connect to anything on the server.
Don't know if relevant but I noticed that in Active Directory under MyBusiness/Computers/SBSServers there are no servers listed is that normal?
Thanks, Nick
-- Eriq Neale - Small Business Specialist, MCSE, Mac Guru EON Consulting - www.eonconsulting.net Author of Microsoft Small Business Server 2003 Unleashed Need additional IT insight? E-mail "support at eonconsulting dot net"
.
- Follow-Ups:
- Re: Serious domain problem
- From: NickC
- Re: Serious domain problem
- Prev by Date: Re: Companyweb won't work on other subnets.
- Next by Date: Re: Web Certificate for IIS Server on SBS Domain
- Previous by thread: Re: Serious domain problem
- Next by thread: Re: Serious domain problem
- Index(es):
Relevant Pages
|
