Re: Client Network settings
- From: "SuperGumby [SBS MVP]" <not@xxxxxxxxxxx>
- Date: Thu, 2 Mar 2006 08:45:30 +1100
OK, so you actually have three copies of a single DC AD. Being copies they
have the same domain SID and, until you disconnected and rejoined this
workstation to one of them the three would have had the same computer
account for the workstation (provided the ws was joined to the domain before
the copies were made).
Sounds like it should work, for a time.
But domains are secure environments, and they really don't like being copied
and having 'floating' workstations.
One reason you may have experienced your problem would be the periodic
change of the domain machine account password. If the ws was connected to
SBS1 and the random machine account password change time occured it would
have successfully changed the password from the original (which the other
two copies would still have). Upon connecting to SBS2 a challenge would have
occured and the password would prove incorrect.
It would be interesting to know whether you had errors similar to those
discussed in this article
http://support.microsoft.com/kb/216393/en-us
The article is just one I picked at random which discusses the machine
account password used between 2K/XP and domain controllers. It has some
relevence to your original issue but to continue in the manner you have you
need to be aware of the bigger picture, a Windows domain just isn't going to
like what you're doing.
Theoretically, you could rebuild your test sets, starting with the DC which
the workstation is now attached to. The automatic machine account password
change could be disabled, then you copy this DC as your other 2 systems and
rebuild your modified data. All three test systems would then recognise the
PC as a member of the domain. I suspect though that in a short period of
time some other aspect of AD security would become aware of this 'floating'
workstation.
You've discussed J2EE, .NET and CRM. It would seem to me that you could
avoid the domain related problems by using a workstation which is not a
member of any copy of the AD. Put it into a workgroup of the same name as
the AD and create a user in the AD with the same username/password
combination as used to log onto the ws. This uses a process called Pass
Through Authentication to allow the user access to domain resources.
Of course, the other option would be to create 3 VPC ws images. When you
wish to access SBS1 you fire up it and WS1, when accessing SBS2, use WS2,
etc...
Another option, but one I've had problems with in the past, would be to use
a program such as NetSwitcher. Take the WS back to workgroup and install
netswitcher, save the ns config, join SBS1 in the normal manner
(/connectcomputer), save the domain config in netswitcher then use ns to
switch back to workgroup, join SBS2, save ns config, use ns to go back to
workgroup, join SBS3, save ns config. Now you can use the one ws, and
through netswitcher set the domain membership to the appropriate entry when
wishing to.
Sorry I was a bit harsh on the first call, but programmers not understanding
domain security is the BANE of my existence, it causes me more headaches and
wasted time than any other aspect of network support.
"John [MSFT]" <jstraumann@xxxxxxxxx> wrote in message
news:e4e875TPGHA.2124@xxxxxxxxxxxxxxxxxxxxxxx
Hi Gregg:
Thanks for the note. The issue I faced is I had 2 CRM demos back-to-back,
both requiring significant customization. So I created an SBS/CRM VPC, and
the joined my laptop to that domain. I next copied the vhd file 2 more
times, renamed the vhd file each timke, leaving everything else intact. So
the end result is I ahd 3 exact copies on teh vhd file, jsut with
different names I kind of wondered if I might have some trouble with it
actually! :) So I did not do 3 installs, just made 3 copies of the vhd
file, the only thing changing on any of the images was the CRM demo data.
Actually if Super-Gumby is done laughing :), I would be very intersted to
know anything you folks can tell me about the authentication process.
Thanks!
--
John [MSFT]
This posting is provided "AS IS" with no warranties, and confers no
rights.
Use of any included script or code samples are subject to the terms
specified at
http://www.microsoft.com/info/cpyright.htm.
"Gregg Hill" <bogus@xxxxxxxxxxx> wrote in message
news:e%232p3BPPGHA.2236@xxxxxxxxxxxxxxxxxxxxxxx
John,
When you created the "exact" same VPC images, did you do two
installations, or one complete SBS install and then copy that hard drive?
If you did two installs, you have two different domain SIDs as noted by
SuperGumby. If you did copy the VPC of one install and used it to create
the second, then the domain SIDs would be the same.
Gregg Hill
"John [MSFT]" <jstraumann@xxxxxxxxx> wrote in message
news:%23uDLccMPGHA.312@xxxxxxxxxxxxxxxxxxxxxxx
Hi all:
I am a software developer not a network admin, but I depend on SBS 2003
as my platform.
Can someone tell me what the network settings should be for the clients
I connect to the SBS server? I have an SBS Server with IP address
192.168.1.105, and I was able to add a client to the domain without any
trouble, but when I tried to log on just now I get a "Windows cannot
connect to the domain, either because the domain controller is down or
otherwise unavailable, or because your computer account was not
found..." so I logged on as local admin, checked that I can ping the
server and I can, I also checked to see if nslookup <servername>
resolves and it does, but I still cannot log on to the domain.
I next logged onto the server and checked for the computer account, it
is there and is not disabled. I also tried pinging the client and that
worked, both ping crmclient, and ping 192.168.1.55 worked.
I even tried logging on to OWA from the server with the client account
and that worked fine.
The client networking is set up thus:
IP: 192.168.1.55
Subnet: 255.255.255.0
Gateway: 192.168.1.1
DNS:
192.168.1.105
I don't know if this matters, but the SBS server is actually a VPC, and
I have 2 exact copies of the same VPC but they have different CRM data
for demos. So earlier today I had the client logged onto VPC SBS 1, and
now I am trying to log onto VPC SBS 2. All the network settings,
accounts, etc. are exactly the same on the 2 VPC images.
--
John [MSFT]
This posting is provided "AS IS" with no warranties, and confers no
rights.
Use of any included script or code samples are subject to the terms
specified at
http://www.microsoft.com/info/cpyright.htm.
.
- References:
- Client Network settings
- From: John [MSFT]
- Re: Client Network settings
- From: Gregg Hill
- Re: Client Network settings
- From: John [MSFT]
- Client Network settings
- Prev by Date: Outlook 2003 Calendar invites
- Next by Date: Trend not updating
- Previous by thread: Re: Client Network settings
- Next by thread: Re: folder redirect?
- Index(es):
Relevant Pages
|
