RE: Certain clients not able to bind to domain or receive group po
- From: v-crinal@xxxxxxxxxxxxxxxxxxxx ("Crina Li")
- Date: Mon, 27 Mar 2006 02:21:04 GMT
Hi Bill,
Thanks for your efforts and time on the issue.
I am glad to hear the problem is resolved. Also thanks for your great
sharing.
It is my pleasure to work with you in this post. If you encounter any
difficulties in the future, please submit the post to the newsgroup. We
are glad to be of the assistance.
Again, thank you for using Microsoft newsgroup. Have a nice day. :)
Best regards,
Crina Li (MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| Thread-Topic: Certain clients not able to bind to domain or receive group
po
| thread-index: AcZRJ0zo0RIa3++wRfa2rf2lHWHTCw==
| X-WBNR-Posting-Host: 68.147.189.141
| From: =?Utf-8?B?QmlsbCBB?= <BillA@xxxxxxxxxxxxxxxxxxxxxxxxx>
| References: <EB714AAD-A16F-4970-B99F-CD3746748095@xxxxxxxxxxxxx>
<pLOFmQ#RGHA.3592@xxxxxxxxxxxxxxxxxxxxx>
| Subject: RE: Certain clients not able to bind to domain or receive group
po
| Date: Sun, 26 Mar 2006 14:47:46 -0800
| Lines: 200
| Message-ID: <73446932-B5C8-4B24-93F3-E864492AC5ED@xxxxxxxxxxxxx>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
| Newsgroups: microsoft.public.windows.server.sbs
| Path: TK2MSFTNGXA01.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:255704
| NNTP-Posting-Host: TK2MSFTNGXA01.phx.gbl 10.40.2.250
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| Thank you for your efforts. Unfortunately, these suggestions are typical
of
| other solutions I have found in my search, all of which are to no avail.
|
| I did try these things once again, but the results were the same, and it
did
| not fix the problem.
|
| I finally had to open a service call with Microsoft PSS. We do have the
| problem now solved.
|
| The issue is reflected in KB244474.
| http://support.microsoft.com/kb/244474/en-us
|
| This was a very frustrating issue to troubleshoot and I am at a loss as
to
| why it suddenly "decided" to lose communication in this way. However,
| forcing Kerberos to be passed along with TCP instead of UDP has solved
the
| problem.
|
| Thank you for your assistance. I hope that by posting this information,
it
| will save others the grief.
|
| Bill A.
|
| ""Crina Li"" wrote:
|
| > Hi Bill,
| >
| > Thank you for posting in SBS newsgroup.
| >
| > From the description, I understand the issue to be: Certain users can
not
| > logon to domain and get errors when they logon to client computer. If I
| > have misunderstood your concerns, please do not hesitate to let me know.
| >
| > Actually this issue can occur if the user accounts or computer accounts
are
| > corrupted. To narrow down the problem, would you please help me collect
the
| > following information?
| >
| > 1. Have you made any changes on these problematic users or computers?
| > 2. When does the situation occur?
| > 3. Do you have sufficient CALs on SBS?
| > 4. Does the situation occur when the problematic users logon to all
| > computers?
| > 5. Are there any related error in event log on SBS?
| >
| > Currently please try the following steps:
| >
| > For problematic users:
| >
| > 1. Open the Server Management console.
| > 2. Click Change User permission properties in the task pad.
| > 3. In the template selection page of the wizard, please choose User
| > Template.
| > 4. In the same page, please click "Add permissions to any previous
| > permissions granted to the users".
| > 5. In the User Selection page, please click the problematic users in
the
| > users list and click Add to add them.
| > 6. Finish the wizard and test your issue again.
| > 7. If it does not help, please try to remove the account and recreate
the
| > user account to see how thing goes.
| >
| > For problematic computers:
| >
| > Please disjoin and rejoin the computers to the domain:
| >
| > 1. In client computer, right-click My Computer and then select
Properties.
| > 2. In Computer Name tab, click Change and the change the computer from
| > Domain to Workgroup.
| > 3. Reboot the machine.
| > 4. Log on as a local administrator account
| > 5. In client computer, open IE and run http://servername/connectcomputer
| > 6. Follow the wizard to finish.
| > 7. If it does not help, you may need to open the Computers or My
| > Business\Computers\SBSComputers container. Right click on a computer
| > account and choose Delete.
| > 8. Please try to join the clients into the domain again.
| >
| > Also please make sure all clients point to the SBS server's internal IP
| > address as their ONLY DNS server. Also both network adapters on the SBS
| > server are pointing to the SBS internal IP address of the only DNS
server.
| > In DNS, use forwarder to forward all name resolution requests to the
ISP's
| > DNS server. For more information, please refer to the following
Microsoft
| > Knowledge Base article:
| >
| > 825763 How to configure Internet access in Windows Small Business
Server
| > 2003
| > http://support.microsoft.com/?id=825763
| >
| > More information:
| >
| > 823712 Event IDs 40960 and 40961 in the System Event Log When You
Restart
| > http://support.microsoft.com/?id=823712
| >
| > 824217 LSASRV Event IDs 40960 and 40961 When You Promote a Server to a
| > Domain
| > http://support.microsoft.com/?id=824217
| >
| > 826819 The Server Stops Responding and an Access Violation Occurs in
| > Lsass.exe
| > http://support.microsoft.com/?id=826819
| >
| > I appreciate your time and look forward to hearing from you.
| >
| > Best regards,
| >
| > Crina Li (MSFT)
| >
| > Microsoft CSS Online Newsgroup Support
| >
| > Get Secure! - www.microsoft.com/security
| >
| > =====================================================
| > This newsgroup only focuses on SBS technical issues. If you have issues
| > regarding other Microsoft products, you'd better post in the
corresponding
| > newsgroups so that they can be resolved in an efficient and timely
manner.
| > You can locate the newsgroup here:
| > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| >
| > When opening a new thread via the web interface, we recommend you check
the
| > "Notify me of replies" box to receive e-mail notifications when there
are
| > any updates in your thread. When responding to posts via your
newsreader,
| > please "Reply to Group" so that others may learn and benefit from your
| > issue.
| >
| > Microsoft engineers can only focus on one issue per thread. Although we
| > provide other information for your reference, we recommend you post
| > different incidents in different threads to keep the thread clean. In
doing
| > so, it will ensure your issues are resolved in a timely manner.
| >
| > For urgent issues, you may want to contact Microsoft CSS directly.
Please
| > check http://support.microsoft.com for regional support phone numbers.
| >
| > Any input or comments in this thread are highly appreciated.
| >
| > =====================================================
| >
| > This posting is provided "AS IS" with no warranties, and confers no
rights.
| > --------------------
| > | Thread-Topic: Certain clients not able to bind to domain or receive
group
| > policy
| > | | From: =?Utf-8?B?QmlsbCBB?= <BillA@xxxxxxxxxxxxxxxxxxxxxxxxx>
| > | Subject: Certain clients not able to bind to domain or receive group
| > policy
| > | Date: Mon, 13 Mar 2006 22:08:26 -0800
| > | | Newsgroups: microsoft.public.windows.server.sbs
| > ||
| > | I have an SBS 2003 Server and certain clients are getting problems
with
| > it.
| > | They cannot log in for a long time, and when they do, it comes up
with
| > errors
| > | like:
| > | (these errors come up on the workstation, not the server):
| > |
| > | Event 40961
| > | LSASRV
| > | The security system could not establish a secured connection with the
| > | server. No authentication protocol was available.
| > |
| > | Event 40960
| > | SPNEGO
| > | The Security System detected an attempted downgrade attack for server
| > | ldap/sbs.mydomain.com/mydomain.com@xxxxxxxxxxxxx The failure code
from
| > | authentication protocol Kerberos was "There are currently no logon
| > servers
| > | available to service the logon request.
| > | (0xc000005e)".
| > |
| > | Event 1006
| > | Windows cannot bind to mydomain.com domain (local error). Group
policy
| > | processing aborted.
| > |
| > | Event 1030
| > | UserENV
| > | Windows cannot query for the list of Group policy objects. A message
| > that
| > | describes the reason for this was previously logged by the policy
engine
| > |
| > |
| > | When the server is rebooted, these problems do not come up for
several
| > | hours. When they do come up, it is with certain users on certain
| > | workstations. If user "a" logs into a workstation, they may do so
with
| > no
| > | problem. However, if user "b" logs into the very same problem, these
| > issues
| > | will come up.
| > |
| > | The DNS tests all check out. I can connect to the sysvol share on
the DC.
| > |
| > | Any ideas?
| > |
| > | Thank you.
| > |
| > |
| > |
| > |
| > |
| > |
| > |
| > |
| > |
| >
| >
|
.
- Follow-Ups:
- References:
- Prev by Date: Re: NDR 550 5.1.1 from valid email addresses
- Next by Date: RE: BCM for Outlook 2K3 vs Dynamics CRM SB edition (v.3) on SBS2K3
- Previous by thread: RE: Certain clients not able to bind to domain or receive group po
- Next by thread: RE: Certain clients not able to bind to domain or receive group po
- Index(es):
Relevant Pages
|
