Re: Clients not able to login to Domain

Brandy,

Thanks for replying and hanging in there with me on this topic.

1) Could you elaborate on "where" to access the Security options on the SBS
server to check these items?

Microsoft network client: Digitally sign communications (always) - Disable
Microsoft network client: Digitally sign communications (if server
agrees) - Enable
Microsoft Network Server: Digitally sign communications (always) - Disable
Microsoft Network Server: Digitally sing communications (If client
aggres) - Enable

I checked the registry entries and all were as you outlined below except
for:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters\requiresecuritysignature=0which I changed to match your suggestion.I did not find any "1030" or "1058" eventids on the server, however, I didnotice some "1030" on the workstations. I went through the suggestionsMicrosoft has to fix the problem, however, they suggested typing "netdiag"from a command prompt and I did not have any program that matched that name.I have noticed on the SBS server an eventid of 4204 "WINS could not readfrom the User Datagram Protocol (UDP) socket." Would this have anything todo with my issue? I have had these since I first installed the SBS server afew weeks ago. They seem to happen about every 40 minutes or so.2) You mention:> From the ipconfig /all result, I notice following information:>> DNS Suffix Search List. . . . . . : Arnold.local> gateway.2wire.net>> Ethernet adapter UTP:>> Connection-specific DNS Suffix . : gateway.2wire.net>> I suggest that we delete the "gateway.2wire.net" in the "DNS Suffix Search> List" to leave "Arnold.local" as the only entry. Change> "Connection-specific DNS Suffix" to "Arnold.local".Is there someplace other than on the "properties" page of the networkconnection that this is listed. It comes from an earlier DHCP server (myInternet router) and I notice that no matter how much I flush the dns ofclient workstations, every time I reboot it shows up again. If I releaseand renew it will disappear until the next reboot. Any thoughts orsuggestions are much appreciated.Tony""Brandy Nee [MSFT]"" <v-branee@xxxxxxxxxxxxxxxxxxxx> wrote in messagenews:7EF5vihAGHA.2180@xxxxxxxxxxxxxxxxxxxxxxxx> Hello Tony,>> Thank you for posting back.>> I understand that you can ping SBS Server, but cannot access Sharedfolders> and map drive. If I have misunderstood your issue, please let me know.>> Based on my experience, this issue may occur if client service for> Microsoft, File and Printer service for Microsoft are not configured> correctly or SMB signing policy does not match between DC and client> computers.>> My reply is a bit long, so please take your time to read through all my> suggestions and then perform the steps:>> 1> I suggest that we perform following steps:>> In the Security Options on a Windows Server 2003 DC, set the following> policies:>> Microsoft network client: Digitally sign communications (always) - Disable> Microsoft network client: Digitally sign communications (if server agrees)> - Enable> Microsoft Network Server: Digitally sign communications (always) - Disable> Microsoft Network Server: Digitally sing communications (If client aggres)> - Enable>> Run the "gpupdate /force" command.>> Also, please check the following key:>>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters> \enablesecuritysignature =1>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters> \requiresecuritysignature =0>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\param> eters\enablesecuritysignature =1>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\param> eters\requiresecuritysignature =0>> If the setting does not match, modify the key, restart DC and test the> issue.>> For this issue, I wonder whether there are Event IDs 1058 and 1030 record> on domain computers.>> If you find Event IDs 1058 and 1030 on those problematic client> workstations, please see:>> 314494 Group policies are not applied the way you expect; "Event ID 1058"> and> http://support.microsoft.com/?id=314494>> If Event IDs 1058 and 1030 showed on the server, it is most likely a SMB> signing configuration compatibility issue. Please see:>> 839499 You cannot open file shares or Group Policy snap-ins when youdisable> http://support.microsoft.com/?id=839499>> 2> From the ipconfig /all result, I notice following information:>> DNS Suffix Search List. . . . . . : Arnold.local> gateway.2wire.net>> Ethernet adapter UTP:>> Connection-specific DNS Suffix . : gateway.2wire.net>> I suggest that we delete the "gateway.2wire.net" in the "DNS Suffix Search> List" to leave "Arnold.local" as the only entry. Change> "Connection-specific DNS Suffix" to "Arnold.local".>> For more information regarding how to configure DNS on SBS Server, please> see following KB articles:>> 323380 HOW TO: Configure DNS for Internet Access in Windows Server 2003> http://support.microsoft.com/?id=323380>> 291382 Frequently Asked Questions About Windows 2000 DNS and WindowsServer> 2003 DNS> http://support.microsoft.com/?id=291382>> 309633 How to Configure a SBS for Full Time Internet Access with a Single> Network Adapter> http://support.microsoft.com/?id=309633>> Please take your time to perform the steps. If you have any updates,please> feel free to let me know. I am glad to be of further assistance!>> Best regards,>> Brandy Nee>> Microsoft CSS Online Newsgroup Support>> Get Secure! - www.microsoft.com/security> ======================================================> This newsgroup only focuses on SBS technical issues. If you have issues> regarding other Microsoft products, you'd better post in the corresponding> newsgroups so that they can be resolved in an efficient and timely manner.> You can locate the newsgroup here:> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx>> When opening a new thread via the web interface, we recommend you checkthe> "Notify me of replies" box to receive e-mail notifications when there are> any updates in your thread. When responding to posts via your newsreader,> please "Reply to Group" so that others may learn and benefit from your> issue.>> Microsoft engineers can only focus on one issue per thread. Although we> provide other information for your reference, we recommend you post> different incidents in different threads to keep the thread clean. Indoing> so, it will ensure your issues are resolved in a timely manner.>> For urgent issues, you may want to contact Microsoft CSS directly. Please> check http://support.microsoft.com for regional support phone numbers.>> Any input or comments in this thread are highly appreciated.> ======================================================> This posting is provided "AS IS" with no warranties, and confers norights.>>>> -------------------->>From: "Tony" <tony@xxxxxxxxxxxxxx>>>References: <O7p2feCAGHA.264@xxxxxxxxxxxxxxxxxxxx>> <GfaVNTIAGHA.1236@xxxxxxxxxxxxxxxxxxxxx>> <#XjupQMAGHA.3924@xxxxxxxxxxxxxxxxxxxx>> <JT#ls8UAGHA.1504@xxxxxxxxxxxxxxxxxxxxx>>>Subject: Re: Clients not able to login to Domain>>Date: Thu, 15 Dec 2005 09:16:35 -0500>>Lines: 289>>X-Priority: 3>>X-MSMail-Priority: Normal>>X-Newsreader: Microsoft Outlook Express 6.00.2900.2670>>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670>>X-RFC2646: Format=Flowed; Original>>Message-ID: <educvKYAGHA.2736@xxxxxxxxxxxxxxxxxxxx>>>Newsgroups: microsoft.public.windows.server.sbs>>NNTP-Posting-Host: adsl-69-214-132-230.dsl.applwi.ameritech.net> 69.214.132.230>>Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP11.phx.gbl>>Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.windows.server.sbs:230407>>X-Tomcat-NG: microsoft.public.windows.server.sbs>>>>Brandy Nee,>>>>Thanks for the reply.>>>>(From below)>>1. From a "problematic" client workstation I can ping by both IP address> and>>name.>>>>2. SBS SERVER INFO>> ===============>>>>Windows IP Configuration>>>> Host Name . . . . . . . . . . . . : atc>> Primary Dns Suffix . . . . . . . : Arnold.local>> Node Type . . . . . . . . . . . . : Unknown>> IP Routing Enabled. . . . . . . . : Yes>> WINS Proxy Enabled. . . . . . . . : Yes>> DNS Suffix Search List. . . . . . : Arnold.local>>>>Ethernet adapter LAN connection:>>>> Connection-specific DNS Suffix . :>> Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network>>Connection>> Physical Address. . . . . . . . . : 00-14-22-1D-37-58>> DHCP Enabled. . . . . . . . . . . : No>> IP Address. . . . . . . . . . . . : 192.168.1.3>> Subnet Mask . . . . . . . . . . . : 255.255.255.0>> Default Gateway . . . . . . . . . : 192.168.1.254 (This is the inside> IP>>of our Internet Router)>> DNS Servers . . . . . . . . . . . : 192.168.1.3>> Primary WINS Server . . . . . . . : 192.168.1.3>>>>PROBLEMATIC CLIENT WORKSTATION>>================================>>>>Windows IP Configuration>>>> Host Name . . . . . . . . . . . . : Jan>> Primary Dns Suffix . . . . . . . : Arnold.local>> Node Type . . . . . . . . . . . . : Hybrid>> IP Routing Enabled. . . . . . . . : No>> WINS Proxy Enabled. . . . . . . . : No>> DNS Suffix Search List. . . . . . : Arnold.local>> gateway.2wire.net>>>>Ethernet adapter UTP:>>>> Connection-specific DNS Suffix . : gateway.2wire.net>> Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network>>Connection>> Physical Address. . . . . . . . . : 00-07-E9-D7-2D-35>> Dhcp Enabled. . . . . . . . . . . : Yes>> Autoconfiguration Enabled . . . . : Yes>> IP Address. . . . . . . . . . . . : 192.168.1.67>> Subnet Mask . . . . . . . . . . . : 255.255.255.0>> Default Gateway . . . . . . . . . : 192.168.1.254>> DHCP Server . . . . . . . . . . . : 192.168.1.3>> DNS Servers . . . . . . . . . . . : 192.168.1.3>> Primary WINS Server . . . . . . . : 192.168.1.3>> Lease Obtained. . . . . . . . . . : Thursday, December 15, 2005>>8:34:33 AM>> Lease Expires . . . . . . . . . . : Friday, December 23, 2005>>8:34:33 AM>>>>SUCCESSFULLY CONNECTED CLIENT>>===============================>>>>Windows IP Configuration>>>> Host Name . . . . . . . . . . . . : TONY>> Primary Dns Suffix . . . . . . . : Arnold.local>> Node Type . . . . . . . . . . . . : Unknown>> IP Routing Enabled. . . . . . . . : No>> WINS P

.

Relevant Pages

  • Re: Backup to USB works but to NAS fails
    ... If we put another network card in the server we ... I would sugest that you invest some time in making up the cables yourself. ... Microsoft network client: Digitally sign communications ...
    (microsoft.public.windows.server.sbs)
  • RE: The SMBMOUNT plot thickens
    ... (if server agrees)" are probably due to different windows ... Event viewer shows a successful logon by my mount.cifs client ... Microsoft network client - digitally sign communications - ...
    (RedHat)
  • Re: disable digital signing
    ... "Microsoft Network Client: Digitally sign communications " ... "Microsoft Network Server: Digitally sign communications ". ...
    (microsoft.public.windows.group_policy)
  • Re: 2003 Server Unable to Map UNC Path
    ... How can I get server 1 to use a unc path to server 2? ... respond with that security level. ... Microsoft network client: Digitally sign communications ...
    (microsoft.public.windows.server.networking)
  • Re: Group policy not processing
    ... "Microsoft Network Client: Digitally sign communications " ... "Microsoft Network Server: Digitally sign communications " ...
    (microsoft.public.win2000.group_policy)