Re: Clients not able to login to Domain
- From: v-branee@xxxxxxxxxxxxxxxxxxxx ("Brandy Nee [MSFT]")
- Date: Fri, 16 Dec 2005 08:14:01 GMT
Hello Tony,
Thank you for posting back.
I understand that you can ping SBS Server, but cannot access Shared folders
and map drive. If I have misunderstood your issue, please let me know.
Based on my experience, this issue may occur if client service for
Microsoft, File and Printer service for Microsoft are not configured
correctly or SMB signing policy does not match between DC and client
computers.
My reply is a bit long, so please take your time to read through all my
suggestions and then perform the steps:
1> I suggest that we perform following steps:
In the Security Options on a Windows Server 2003 DC, set the following
policies:
Microsoft network client: Digitally sign communications (always) - Disable
Microsoft network client: Digitally sign communications (if server agrees)
- Enable
Microsoft Network Server: Digitally sign communications (always) - Disable
Microsoft Network Server: Digitally sing communications (If client aggres)
- Enable
Run the "gpupdate /force" command.
Also, please check the following key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters
\enablesecuritysignature =1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters
\requiresecuritysignature =0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\param
eters\enablesecuritysignature =1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\param
eters\requiresecuritysignature =0
If the setting does not match, modify the key, restart DC and test the
issue.
For this issue, I wonder whether there are Event IDs 1058 and 1030 record
on domain computers.
If you find Event IDs 1058 and 1030 on those problematic client
workstations, please see:
314494 Group policies are not applied the way you expect; "Event ID 1058"
and
http://support.microsoft.com/?id=314494
If Event IDs 1058 and 1030 showed on the server, it is most likely a SMB
signing configuration compatibility issue. Please see:
839499 You cannot open file shares or Group Policy snap-ins when you disable
http://support.microsoft.com/?id=839499
2> From the ipconfig /all result, I notice following information:
DNS Suffix Search List. . . . . . : Arnold.local
gateway.2wire.net
Ethernet adapter UTP:
Connection-specific DNS Suffix . : gateway.2wire.net
I suggest that we delete the "gateway.2wire.net" in the "DNS Suffix Search
List" to leave "Arnold.local" as the only entry. Change
"Connection-specific DNS Suffix" to "Arnold.local".
For more information regarding how to configure DNS on SBS Server, please
see following KB articles:
323380 HOW TO: Configure DNS for Internet Access in Windows Server 2003
http://support.microsoft.com/?id=323380
291382 Frequently Asked Questions About Windows 2000 DNS and Windows Server
2003 DNS
http://support.microsoft.com/?id=291382
309633 How to Configure a SBS for Full Time Internet Access with a Single
Network Adapter
http://support.microsoft.com/?id=309633
Please take your time to perform the steps. If you have any updates, please
feel free to let me know. I am glad to be of further assistance!
Best regards,
Brandy Nee
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
>From: "Tony" <tony@xxxxxxxxxxxxxx>
>References: <O7p2feCAGHA.264@xxxxxxxxxxxxxxxxxxxx>
<GfaVNTIAGHA.1236@xxxxxxxxxxxxxxxxxxxxx>
<#XjupQMAGHA.3924@xxxxxxxxxxxxxxxxxxxx>
<JT#ls8UAGHA.1504@xxxxxxxxxxxxxxxxxxxxx>
>Subject: Re: Clients not able to login to Domain
>Date: Thu, 15 Dec 2005 09:16:35 -0500
>Lines: 289
>X-Priority: 3
>X-MSMail-Priority: Normal
>X-Newsreader: Microsoft Outlook Express 6.00.2900.2670
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670
>X-RFC2646: Format=Flowed; Original
>Message-ID: <educvKYAGHA.2736@xxxxxxxxxxxxxxxxxxxx>
>Newsgroups: microsoft.public.windows.server.sbs
>NNTP-Posting-Host: adsl-69-214-132-230.dsl.applwi.ameritech.net
69.214.132.230
>Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP11.phx.gbl
>Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.windows.server.sbs:230407
>X-Tomcat-NG: microsoft.public.windows.server.sbs
>
>Brandy Nee,
>
>Thanks for the reply.
>
>(From below)
>1. From a "problematic" client workstation I can ping by both IP address
and
>name.
>
>2. SBS SERVER INFO
> ===============
>
>Windows IP Configuration
>
> Host Name . . . . . . . . . . . . : atc
> Primary Dns Suffix . . . . . . . : Arnold.local
> Node Type . . . . . . . . . . . . : Unknown
> IP Routing Enabled. . . . . . . . : Yes
> WINS Proxy Enabled. . . . . . . . : Yes
> DNS Suffix Search List. . . . . . : Arnold.local
>
>Ethernet adapter LAN connection:
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network
>Connection
> Physical Address. . . . . . . . . : 00-14-22-1D-37-58
> DHCP Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : 192.168.1.3
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> Default Gateway . . . . . . . . . : 192.168.1.254 (This is the inside
IP
>of our Internet Router)
> DNS Servers . . . . . . . . . . . : 192.168.1.3
> Primary WINS Server . . . . . . . : 192.168.1.3
>
>PROBLEMATIC CLIENT WORKSTATION
>================================
>
>Windows IP Configuration
>
> Host Name . . . . . . . . . . . . : Jan
> Primary Dns Suffix . . . . . . . : Arnold.local
> Node Type . . . . . . . . . . . . : Hybrid
> IP Routing Enabled. . . . . . . . : No
> WINS Proxy Enabled. . . . . . . . : No
> DNS Suffix Search List. . . . . . : Arnold.local
> gateway.2wire.net
>
>Ethernet adapter UTP:
>
> Connection-specific DNS Suffix . : gateway.2wire.net
> Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network
>Connection
> Physical Address. . . . . . . . . : 00-07-E9-D7-2D-35
> Dhcp Enabled. . . . . . . . . . . : Yes
> Autoconfiguration Enabled . . . . : Yes
> IP Address. . . . . . . . . . . . : 192.168.1.67
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> Default Gateway . . . . . . . . . : 192.168.1.254
> DHCP Server . . . . . . . . . . . : 192.168.1.3
> DNS Servers . . . . . . . . . . . : 192.168.1.3
> Primary WINS Server . . . . . . . : 192.168.1.3
> Lease Obtained. . . . . . . . . . : Thursday, December 15, 2005
>8:34:33 AM
> Lease Expires . . . . . . . . . . : Friday, December 23, 2005
>8:34:33 AM
>
>SUCCESSFULLY CONNECTED CLIENT
>===============================
>
>Windows IP Configuration
>
> Host Name . . . . . . . . . . . . : TONY
> Primary Dns Suffix . . . . . . . : Arnold.local
> Node Type . . . . . . . . . . . . : Unknown
> IP Routing Enabled. . . . . . . . : No
> WINS Proxy Enabled. . . . . . . . : Yes
> DNS Suffix Search List. . . . . . : Arnold.local
> gateway.2wire.net
>
>Ethernet adapter UTP:
>
> Connection-specific DNS Suffix . : gateway.2wire.net
> Description . . . . . . . . . . . : Broadcom NetXtreme 57xx
Gigabit
>Controller
> Physical Address. . . . . . . . . : 00-11-43-54-02-6A
> Dhcp Enabled. . . . . . . . . . . : Yes
> Autoconfiguration Enabled . . . . : Yes
> IP Address. . . . . . . . . . . . : 192.168.1.70
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> Default Gateway . . . . . . . . . : 192.168.1.254
> DHCP Server . . . . . . . . . . . : 192.168.1.3
> DNS Servers . . . . . . . . . . . : 192.168.1.3
> Primary WINS Server . . . . . . . : 192.168.1.3
> Lease Obtained. . . . . . . . . . : Thursday, December 15, 2005
>8:13:38 AM
> Lease Expires . . . . . . . . . . : Friday, December 23, 2005
>8:13:38 AM
>
>I have one NIC on the server and have run the CEICW and entered the
>appropriate information. I can access the Internet from all clients and
>from the SBS server (our Internet router has a firewall on it). Any
further
>thoughts or suggestions are welcome and appreciated.
>
>Tony
>
.
- Follow-Ups:
- Re: Clients not able to login to Domain
- From: Tony
- Re: Clients not able to login to Domain
- References:
- Clients not able to login to Domain
- From: Tony
- RE: Clients not able to login to Domain
- From: "Brandy Nee [MSFT]"
- Re: Clients not able to login to Domain
- From: Tony
- Re: Clients not able to login to Domain
- From: "Brandy Nee [MSFT]"
- Re: Clients not able to login to Domain
- From: Tony
- Clients not able to login to Domain
- Prev by Date: Re: WSUS on SBS2003
- Next by Date: Re: EXCDO Errors
- Previous by thread: Re: Clients not able to login to Domain
- Next by thread: Re: Clients not able to login to Domain
- Index(es):
Relevant Pages
|
Loading
