Re: Can't access domain controller

Tech-Archive recommends: Speed Up your PC by fixing your registry

Thanks for your help.

Network Topology:
{Site A} {SBS 2K3}{1 Windows Server 2003} {Router(192.168.117.x)} {Internet}
{Router
(192.168.118.x)} {1 Windows Server 2003}{Clients} {Site B}

Side B is the problematic side.
192.168.117.20 = SBS 2K3 (DNS side A and B, DHCP side A)
192.168.117.1 = Router / VPN side A
192.168.118.1 = Router / VPN side B

I can ping SBS form side B by name and IP.
-------------------------------------------------------------------------------------
Side B client:
Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : JOAN
Primary DNS Suffix . . . . . . . : xxxxxx.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : xxxxxx.local

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : xxxxxx.local
Description . . . . . . . . . . . : CNet PRO200WL PCI Fast Ethernet Adapter
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.118.63
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.118.1
DHCP Server . . . . . . . . . . . : 192.168.118.25
DNS Servers . . . . . . . . . . . : 192.168.118.1
192.168.117.20
Primary WINS Server . . . . . . . : 192.168.117.20
Lease Obtained. . . . . . . . . . : Monday, September 26, 2005 4:51:44 PM
Lease Expires . . . . . . . . . . : Tuesday, October 04, 2005 4:51:44 PM
-------------------------------------------------------------------------------------
Side B Windows Server 2003:
Windows IP Configuration

Host Name . . . . . . . . . . . . : ATS1
Primary Dns Suffix . . . . . . . : xxxxxx.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : xxxxxx.local

Ethernet adapter Local Area Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Description . . . . . . . . . . . : Intel(R) PRO/100 S Server Adapter
Physical Address. . . . . . . . . :

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 XT Network
Connection
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.118.25
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.118.1
DNS Servers . . . . . . . . . . . : 192.168.117.20
192.168.118.1
-------------------------------------------------------------------------------------
Side A Windows Server 2003:
Windows IP Configuration

Host Name . . . . . . . . . . . . : BTS1
Primary Dns Suffix . . . . . . . : xxxxxx.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : xxxxxx.local

PPP adapter RAS Server (Dial In) Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.117.82
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 XT Network
Connection
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.117.25
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.117.1
DNS Servers . . . . . . . . . . . : 192.168.117.1
192.168.117.20

Ethernet adapter Local Area Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Description . . . . . . . . . . . : Intel(R) PRO/100 S Server Adapter
Physical Address. . . . . . . . . :
-------------------------------------------------------------------------------------
""Brandy Nee [MSFT]"" <v-branee@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:URy0IinwFHA.3020@xxxxxxxxxxxxxxxxxxxxxxxx
> Hello Ajeum,
>
> Thank you for posting back!
>
> I understand that your Network Tolology is:
>
> {Site A} {SBS 2K3} {Router(192.168.117.x)} {Internet} {Router
> (192.168.118.x)} {2 Windows Server 2003} {Internal Clients} {Site B}.
>
> It is a Router to Router VPN Connection, and you can ping from Site A to
> Site B, but I do not have any information regarding the traffic comes from
> Site B to Site A. So please help to test the connection between Site B to
> Site A.
>
> 1. On site B, can you ping the SBS server by either name or IP address?
>
> 2. On site B, go to the two Windows server 2003 and one of the problematic
> client workstations , run "ipconfig /all" and post back the output.
>
> I am greatly appreciated your time and co-operation, and am looking
> forward
> to hearing from you!
>
> Best regards,
>
> Brandy Nee
>
> Microsoft CSS Online Newsgroup Support
>
> Get Secure! - www.microsoft.com/security
> ======================================================
> This newsgroup only focuses on SBS technical issues. If you have issues
> regarding other Microsoft products, you'd better post in the corresponding
> newsgroups so that they can be resolved in an efficient and timely manner.
> You can locate the newsgroup here:
> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
>
> When opening a new thread via the web interface, we recommend you check
> the
> "Notify me of replies" box to receive e-mail notifications when there are
> any updates in your thread. When responding to posts via your newsreader,
> please "Reply to Group" so that others may learn and benefit from your
> issue.
>
> Microsoft engineers can only focus on one issue per thread. Although we
> provide other information for your reference, we recommend you post
> different incidents in different threads to keep the thread clean. In
> doing
> so, it will ensure your issues are resolved in a timely manner.
>
> For urgent issues, you may want to contact Microsoft CSS directly. Please
> check http://support.microsoft.com for regional support phone numbers.
>
> Any input or comments in this thread are highly appreciated.
> ======================================================
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>
>
>
> --------------------
>>From: "ajeum" <ajeumnospam@xxxxxxxxxxx>
>>References: <el48#q2vFHA.2516@xxxxxxxxxxxxxxxxxxxx>
> <w72fCA$vFHA.768@xxxxxxxxxxxxxxxxxxxxx>
>>Subject: Re: Can't access domain controller
>>Date: Fri, 23 Sep 2005 15:35:23 -0400
>>Lines: 263
>>X-Priority: 3
>>X-MSMail-Priority: Normal
>>X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
>>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
>>X-RFC2646: Format=Flowed; Original
>>Message-ID: <Op$uoXHwFHA.3080@xxxxxxxxxxxxxxxxxxxx>
>>Newsgroups: microsoft.public.windows.server.sbs
>>NNTP-Posting-Host: 68-184-41-122.dhcp.oxfr.ma.charter.com 68.184.41.122
>>Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gbl
>>Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:156009
>>X-Tomcat-NG: microsoft.public.windows.server.sbs
>>
>>Hi Brandy Nee, Thanks for your response.
>>
>>1. Network Topology.
>>Side A
>>Side B
>>{SBS 2K3 Server} -{Router/VPN} {Internet} {Router/VPN}{Windows
>>Server 2003){Problematic Clients and server}
>>{Windows Server 2003)/
>>
>>SBS 2K3 is DNS Server for Side A and Side B
>>SBS 2K3 is DHCP server for Side A
>>Windows Server 2003 on problem side (B) is DHCP server for Side B and has
>>SBS 2K3 as DNS server in scope
>>
>>2. The VPN is through two hardward routers (WatchGuard Firebox). Side A is
>>192.168.117.x Side B is 192.168.118.x
>>3. VPN is through two hardward routers not through servers
>>4. I can ping devices on Side B from Side A. I can open config pages in
>>browser of Side B devices (router/VPN, print server, etc) from Side B. I
> can
>>browse to problematc PCs and server on Side B from Side A if I use a local
>>user account and not the domain user account.
>>5a & b. SBS 2K3 Server - no error in event log. Windows Server 2003 none
>>problematic side - no errors in event log. Windows Server 2003 problematic
>>side - see list below
>>5c. Not sure what you mean.
>>6. The problems are on the problem side. Outlook stops updates from
> Exchange
>>(on SBS 2K3). Users can't login to Terminal Server Services on either of
> the
>>Windows Server 2003's
>>
>>***************************************************************************
> *************************************************
>>**** Event log:
>>Event Type: Error
>>Event Source: Userenv
>>Event Category: None
>>Event ID: 1030
>>Date: 9/21/2005
>>Time: 11:21:48 AM
>>User: xxxxxx\joan
>>Computer: zzzzzz
>>Description:
>>Windows cannot query for the list of Group Policy objects. Check the event
>>log for possible messages previously logged by the policy engine that
>>describes the reason for this.
>>----------------
>>Event Type: Error
>>Event Source: Userenv
>>Event Category: None
>>Event ID: 1006
>>Date: 9/21/2005
>>Time: 11:21:48 AM
>>User: xxxxxx\joan
>>Computer: zzzzzz
>>Description:
>>Windows cannot bind to XXXXXX.LOCAL domain. (Timeout). Group Policy
>>processing aborted.
>>----------------
>>Event Type: Error
>>Event Source: NETLOGON
>>Event Category: None
>>Event ID: 5719
>>Date: 9/21/2005
>>Time: 3:23:10 PM
>>User: N/A
>>Computer: zzzzzz
>>Description:
>>This computer was not able to set up a secure session with a domain
>>controller in domain xxxxxx due to the following:
>>There are currently no logon servers available to service the logon
> request.
>>This may lead to authentication problems. Make sure that this computer is
>>connected to the network. If the problem persists, please contact your
>>domain administrator.
>>
>>ADDITIONAL INFO
>>If this computer is a domain controller for the specified domain, it sets
> up
>>the secure session to the primary domain controller emulator in the
>>specified domain. Otherwise, this computer sets up the secure session to
> any
>>domain controller in the specified domain.
>>
>>Data:
>>0000: 5e 00 00 c0 ^..À
>>----------------
>>Event Type: Error
>>Event Source: DhcpServer
>>Event Category: None
>>Event ID: 1059
>>Date: 9/21/2005
>>Time: 2:42:15 PM
>>User: N/A
>>Computer: zzzzzz
>>Description:
>>The DHCP service failed to see a directory server for authorization.
>>
>>Data:
>>0000: b4 05 00 00 ´...
>>----------------
>>Event Type: Warning
>>Event Source: LSASRV
>>Event Category: SPNEGO (Negotiator)
>>Event ID: 40961
>>Date: 9/21/2005
>>Time: 2:02:01 PM
>>User: N/A
>>Computer: zzzzzz
>>Description:
>>The Security System could not establish a secured connection with the
> server
>>cifs/yyyyyy.xxxxxx.local. No authentication protocol was available.
>>
>>Data:
>>0000: 88 03 00 c0 ^..À
>>----------------
>>Event Type: Warning
>>Event Source: LSASRV
>>Event Category: SPNEGO (Negotiator)
>>Event ID: 40960
>>Date: 9/21/2005
>>Time: 2:02:01 PM
>>User: N/A
>>Computer: zzzzzz
>>Description:
>>The Security System detected an authentication error for the server
>>cifs/yyyyyy.xxxxxx.local. The failure code from authentication protocol
>>Kerberos was "There are currently no logon servers available to service
> the
>>logon request.
>> (0xc000005e)".
>>
>>Data:
>>0000: 5e 00 00 c0 ^..À
>>
>>***************************************************************************
> *************************************************
>>
>>> Hello Al,
>>>
>>> Thank you for posting to the SBS Newsgroup.
>>>
>>> According to your description, I understand that you have a SBS 2K3
>>> domain,
>>> there are two Windows Server 2003 as member servers. Your issue is all
>>> clients cannot VPN to the SBS 2K3 server. if I have misunderstood your
>>> concern, please let me know.
>>>
>>> Due to lack of detail information, I need your help to gather more
>>> information for further troubleshooting:
>>>
>>> 1. What is your Network Topology? For example:
>>>
>>> a. {SBS 2K3 Server} {ISA} {Router} {Internet} {Router} {Windows Server
>>> 2003} {Problematic Clients}. OR
>>>
>>> b. {SBS 2K3 Server} {Windows Server 2003} {ISA} {Router} {Internet}
>>> {Problematic Clients}. OR
>>>
>>> c. {SBS 2K3 Server} {Windows Server 2003} {Problematic Clients} {ISA}
>>> {Router} {Internet}
>>>
>>> 2. You mentioned "One of the 2003's is connectedthrough a VPN", I need
>>> to
>>> know which 2003 Server you configure clients VPN to, Small Business
> Server
>>> or Windows Server 2003?
>>>
>>> 3. How do you configure the VPN on the SBS side? Did you configure SBS
> 2K3
>>> Server or Router as the VPN Server?
>>>
>>> 4. Please explain in detail "The VPN is Ok as I can access that side of
>>> network".
>>>
>>> 5. Also, I have some questions regarding the sentence "the only error on
>>> 2003 server are related to that it can't find the domain controller."
>>>
>>> a. What is the exact 2003 Server, SBS 2K3 server or Windows Server 2003?
>>>
>>> b. On the server, run "eventvwr" (without quotation marks), check
>>> whether
>>> there is any error, if yes, double click it, click the Copy button and
>>> paste the full content to the Newsgroup.
>>>
>>> c. I also need to know when the error message occurs. For example, fail
> to
>>> set up VPN, VPN to domain or use RDP feature after VPN to domain.
>>>
>>> 6. When clients fail to VPN to server, do they get any error message? If
>>> yes, please write down the error message and type the exact error
>>> message
>>> to the Newsgroup. We need the full content of the error message for
>>> accurate research.
>>>
>>> For your information:
>>>
>>> Please make sure the DNS Server IP addresses on the member Server point
> to
>>> the SBS 2K3 Server.
>>>
>>> I am appreciated your time and cooperation. If anything is unclear,
> please
>>> feel free to let me know. I am looking forward to hearing from you!
>>>
>>>
>>> Best regards,
>>>
>>> Brandy Nee
>>>
>>> Microsoft CSS Online Newsgroup Support
>>>
>>> Get Secure! - www.microsoft.com/security
>>> ======================================================
>>> This newsgroup only focuses on SBS technical issues. If you have issues
>>> regarding other Microsoft products, you'd better post in the
> corresponding
>>> newsgroups so that they can be resolved in an efficient and timely
> manner.
>>> You can locate the newsgroup here:
>>> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
>>>
>>> When opening a new thread via the web interface, we recommend you check
>>> the
>>> "Notify me of replies" box to receive e-mail notifications when there
>>> are
>>> any updates in your thread. When responding to posts via your
>>> newsreader,
>>> please "Reply to Group" so that others may learn and benefit from your
>>> issue.
>>>
>>> Microsoft engineers can only focus on one issue per thread. Although we
>>> provide other information for your reference, we recommend you post
>>> different incidents in different threads to keep the thread clean. In
>>> doing
>>> so, it will ensure your issues are resolved in a timely manner.
>>>
>>> For urgent issues, you may want to contact Microsoft CSS directly.
>>> Please
>>> check http://support.microsoft.com for regional support phone numbers.
>>>
>>> Any input or comments in this thread are highly appreciated.
>>> ======================================================
>>> This posting is provided "AS IS" with no warranties, and confers no
>>> rights.
>>>
>>>
>>>
>>> --------------------
>>>>From: "Al" <ajeumnospam@xxxxxxxxxxx>
>>>>Subject: Can't access domain controller
>>>>Date: Thu, 22 Sep 2005 07:42:41 -0400
>>>>Lines: 16
>>>>X-Priority: 3
>>>>X-MSMail-Priority: Normal
>>>>X-Newsreader: Microsoft Outlook Express 6.00.2800.1506
>>>>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1506
>>>>Message-ID: <el48#q2vFHA.2516@xxxxxxxxxxxxxxxxxxxx>
>>>>Newsgroups: microsoft.public.windows.server.sbs
>>>>NNTP-Posting-Host: 68-184-41-122.dhcp.oxfr.ma.charter.com 68.184.41.122
>>>>Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12.phx.gbl
>>>>Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:155536
>>>>X-Tomcat-NG: microsoft.public.windows.server.sbs
>>>>
>>>>I have Windows 2003 SBS as a domain controller and two member Windows
> 2003
>>>>servers running Terminal Server services. One of the 2003's is connected
>>>>through a VPN. All normally works Ok, but once a week or so the server
> and
>>>>all clients (W2000 and XP) that are connected through the VPN can't
> access
>>>>the domain controller. No errors in event log on domain control. The
>>>>only
>>>>error on 2003 server are related to that it can't find the domain
>>>>controller. The VPN is Ok as I can access that side of network.
>>>>
>>>>Rebooting 2003 server or VPN don't solve the problem. Rebooting the
> domain
>>>>controller does solve the problem for a week or two.
>>>>
>>>>Any ideas
>>>>
>>>>Thanks
>>>>
>>>>
>>>>
>>>
>>
>>
>>
>


.

Quantcast