RE: Computers on subnet not authenticating to SBS
- From: v-robeli@xxxxxxxxxxxxxxxxxxxx (Robert Li [MSFT])
- Date: Tue, 10 Jul 2007 09:38:47 GMT
Hi Keith,
Thanks for your reply.
I am sorry for the delay.
I research the logs again, there are many AD, DNS, Replication problems.
Yes, you can rebuild the DNS records, but the information in the remote in
remote site will not be updated if the replication is not working properly.
I believe the MS telephone Engineer is right. So I suggest you still work
with the CSS person. Thanks for your understanding.
If you need further assistance, please don't hesitate to let me know.
Best regards,
Robert Li(MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
<X-Tomcat-ID: 148920570
<References: <2D6DD64A-0956-43DF-B8FF-4C4B17E432A3@xxxxxxxxxxxxx>
<Uix6Z$ivHHA.2220@xxxxxxxxxxxxxxxxxxxxxx>
<MIME-Version: 1.0
<Content-Type: text/plain
<Content-Transfer-Encoding: 7bit
<From: v-robeli@xxxxxxxxxxxxxxxxxxxx (Robert Li [MSFT])
<Organization: Microsoft
<Date: Thu, 05 Jul 2007 11:56:22 GMT
<Subject: RE: Computers on subnet not authenticating to SBS
<X-Tomcat-NG: microsoft.public.windows.server.sbs
<Message-ID: <#mIkEuvvHHA.1080@xxxxxxxxxxxxxxxxxxxxxx>
<Newsgroups: microsoft.public.windows.server.sbs
<Lines: 268
<Path: TK2MSFTNGHUB02.phx.gbl
<Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:48343
<NNTP-Posting-Host: tomcatimport2.phx.gbl 10.201.218.182
<
<Hi,
<
<Thanks for updating.
<
<I researched your logs, there are many errors about DNS, System, and
<Replication, also I noticed you installed Windows 2003 SP2 on WATSONREMOTE
<server. Please take the follow steps;
<
<Step 1: Please disable Receive Side on WATSONREMOTE server. This is known
<issue when you install Windows 2003 SP2.
<
< To do this, follow these steps:
<
<1. Click Start, click Run, type regedit, and then click OK.
<2. Locate and then click the following registry subkey:
<HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
<3. On the Edit menu, point to New, click DWORD Value, and then type
<EnableRSS.
<4. Double-click EnableRSS, type 0, and then click OK.
<5. Restart the computer on which you changed the EnableRSS value.
<
<More information:
<
<927695 You cannot host TCP connections when Receive Side Scaling is
enabled
<in Windows Server 2003 with Service Pack 2
<
<http://support.microsoft.com/default.aspx?scid=kb;EN-US;927695
<
<Step 2: After you modify the registry on WATSONREMOTE server, please
<monitor on SBS server for sometime to see if DNS 4004 and 4015 will
<disappear. If that will not disappear, the issue may occur if the DNS zone
<information is corrupted. Please follow the steps below and see if the
<events are still recorded:
<
<A. Open Active Directory Users and Computers, click View, Advanced.
<B. Expand domain.local -> System -> MicrosoftDNS and delete domain.local.
<C. Open the DNS console, expand Forward Lookup Zones.
<D. Click _msdcs.domain.local and delete the Alias for
<sbsserver.domain.local (the long GUID entry).
<
<NOTE: If the _msdcs folder is missing under domain.local, please create a
<new delegation: Right-click domain.local, select new, then delegation,
<click next on the wizard, under delegated domain, type in _msdcs and click
<next, click Add and browse to the server''s A record under Forward Lookup
<Zones, domain.local, click OK and Finish.
<
<E. Stop and Restart Netlogon service.
<F. Run "ipconfig /registerdns"
<
<Step 2: This could also be a network and DNS issue. Please run the CEICW
<wizard and make sure the DNS configuration is correct on the SBS server.
<
< 825763 How to configure Internet access in Windows Small Business Server
<2003
<
<http://support.microsoft.com/?id=825763
<
<Hope the information helps.
<
<I am looking forward to hear from you.
<
<If you need further assistance, please don't hesitate to let me know.
<
<Best regards,
<
<Robert Li(MSFT)
<
<Microsoft CSS Online Newsgroup Support
<
<Get Secure! - www.microsoft.com/security
<
<=====================================================
<
<This newsgroup only focuses on SBS technical issues. If you have issues
<regarding other Microsoft products, you'd better post in the corresponding
<newsgroups so that they can be resolved in an efficient and timely manner.
<You can locate the newsgroup here:
<http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
<
<When opening a new thread via the web interface, we recommend you check
the
<"Notify me of replies" box to receive e-mail notifications when there are
<any updates in your thread. When responding to posts via your newsreader,
<please "Reply to Group" so that others may learn and benefit from your
<issue.
<
<Microsoft engineers can only focus on one issue per thread. Although we
<provide other information for your reference, we recommend you post
<different incidents in different threads to keep the thread clean. In
doing
<so, it will ensure your issues are resolved in a timely manner.
<
<For urgent issues, you may want to contact Microsoft CSS directly. Please
<check http://support.microsoft.com for regional support phone numbers.
<
<Any input or comments in this thread are highly appreciated.
<
<=====================================================
<
<This posting is provided "AS IS" with no warranties, and confers no rights.
<
<--------------------
<<X-Tomcat-ID: 145463545
<<References: <2D6DD64A-0956-43DF-B8FF-4C4B17E432A3@xxxxxxxxxxxxx>
<<MIME-Version: 1.0
<<Content-Type: text/plain
<<Content-Transfer-Encoding: 7bit
<<From: v-robeli@xxxxxxxxxxxxxxxxxxxx (Robert Li [MSFT])
<<Organization: Microsoft
<<Date: Wed, 04 Jul 2007 11:38:26 GMT
<<Subject: RE: Computers on subnet not authenticating to SBS
<<X-Tomcat-NG: microsoft.public.windows.server.sbs
<<Message-ID: <Uix6Z$ivHHA.2220@xxxxxxxxxxxxxxxxxxxxxx>
<<Newsgroups: microsoft.public.windows.server.sbs
<<Lines: 147
<<Path: TK2MSFTNGHUB02.phx.gbl
<<Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:48125
<<NNTP-Posting-Host: tomcatimport2.phx.gbl 10.201.218.182
<<
<<Hello Keith,
<<
<<Thanks for posting in our newsgroup and also for Claus's input.
<<
<<From you description, I know that you are experiencing VPN issue.
<<
<<Before we go further, please let me know the following information to
make
<<the situation more clearly:
<<
<<1. What the topology of your network?
<<2. How do you create VPN on main office and remote side, with hardware
<<router or ISA?
<<3. If you use ISA, what is the version?
<<4. If the Windows 2003 server in the remote site an additional DC?
<<5. What important change did you made before the problem first occurs?
<<6. Can the clients in the remote office logon the SBS domain
successfully?
<<If not, what's the error message?
<<7. When you visit a network share from remote site by typing
<<\\sbsserver\share, what the error message?
<<
<<Please help me collect the following information for further research:
<<
<<1. Please type ipconfig/all on the remote client and send me the output
<for
<<further analysis.
<<
<<2. MPS Report on both Windows 2003 server and SBS 2003
<<
<<a. Visit
<<http://download.microsoft.com/download/b/b/1/bb139fcb-4aac-4fe5-a579-30b0b
d
<9
<<15706/MPSRPT_DirSvc.EXE to download the file.
<<b. Run the MPSRPT_DirSvc.exe on the server box.
<<c. Wait for 10~15 minutes.
<<d. Open Windows explorer, navigate to
<<%SYSTEMROOT%\MPSReports\DirSvc\Logs\cab\
<<e. Send the .cab file directly to me.
<<
<<Please send the information to v-robeli@xxxxxxxxxxxxx with subject:
<<39783853-Computers on subnet not authenticating to SBS.
<<
<<I am looking forward to hear from you.
<<
<<If you need further assistance, please don't hesitate to let me know.
<<
<<Best regards,
<<
<<Robert Li(MSFT)
<<
<<Microsoft CSS Online Newsgroup Support
<<
<<Get Secure! - www.microsoft.com/security
<<
<<=====================================================
<<
<<This newsgroup only focuses on SBS technical issues. If you have issues
<<regarding other Microsoft products, you'd better post in the
corresponding
<<newsgroups so that they can be resolved in an efficient and timely
manner.
<<You can locate the newsgroup here:
<<http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
<<
<<When opening a new thread via the web interface, we recommend you check
<the
<<"Notify me of replies" box to receive e-mail notifications when there are
<<any updates in your thread. When responding to posts via your newsreader,
<<please "Reply to Group" so that others may learn and benefit from your
<<issue.
<<
<<Microsoft engineers can only focus on one issue per thread. Although we
<<provide other information for your reference, we recommend you post
<<different incidents in different threads to keep the thread clean. In
<doing
<<so, it will ensure your issues are resolved in a timely manner.
<<
<<For urgent issues, you may want to contact Microsoft CSS directly. Please
<<check http://support.microsoft.com for regional support phone numbers.
<<
<<Any input or comments in this thread are highly appreciated.
<<
<<=====================================================
<<
<<This posting is provided "AS IS" with no warranties, and confers no
rights.
<<
<<--------------------
<<<Thread-Topic: Computers on subnet not authenticating to SBS
<<<thread-index: Ace90DjuhvtYHYUUR6unPmcXSH+FZg==
<<<X-WBNR-Posting-Host: 207.46.19.197
<<<From: =?Utf-8?B?S2VpdGg=?= <Keith@xxxxxxxxxxxxxxxxxxxxxxxxx>
<<<Subject: Computers on subnet not authenticating to SBS
<<<Date: Tue, 3 Jul 2007 17:14:00 -0700
<<<Lines: 35
<<<Message-ID: <2D6DD64A-0956-43DF-B8FF-4C4B17E432A3@xxxxxxxxxxxxx>
<<<MIME-Version: 1.0
<<<Content-Type: text/plain;
<<< charset="Utf-8"
<<<Content-Transfer-Encoding: 7bit
<<<X-Newsreader: Microsoft CDO for Windows 2000
<<<Content-Class: urn:content-classes:message
<<<Importance: normal
<<<Priority: normal
<<<X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2826
<<<Newsgroups: microsoft.public.windows.server.sbs
<<<Path: TK2MSFTNGHUB02.phx.gbl
<<<Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:48046
<<<NNTP-Posting-Host: tk2msftsbfm01.phx.gbl 10.40.244.148
<<<X-Tomcat-NG: microsoft.public.windows.server.sbs
<<<
<<<The computers and file server in remote office don't appear to be
<<<authenticating to SBS domain.
<<<SBS and workstations at the main office are working normally, however
<the
<<<workstations and our Win 2003 server at the remote site are no longer
<<able
<<<to connect to the SBS domain. They worked fine for about a year until
<<last
<<<week.
<<<You cannot access shares, connect to Exchange, or conn
<<<
<<<SBS domain.
<<<A VPN connects the two sites, and we have verified that we can ping, and
<<do
<<<NSlookups in both directions from all machines. We can freely access
<<<non-domain devices such as routers, printers, etc between the two
subnets
<<via
<<<HTTP. Today, I connected a laptop that was not part of this SBS domain
<to
<<<the network at the main office and was able to sucessfully perform a
<<Remote
<<<Desktop connection to both the server and a workstation at the remote
<<site.
<<<However, you cannot do this from any computer at the main office that is
<a
<<<member of the SBS domain.
<<<
<<<I noticed that when I was logged into the workstation at the remote
<office
<<<via RDC from my "non-domain-member" laptop, it appeared that it was not
<<<properly authenticated to the domain. The shares that are typically
<<<available were not listed. I also noticed the scripts for Trend Micro
<<<updates also "eventually" timed out during the login. Active directory
<<<lookups also failed from the remote workstation.
<<<
<<<I also noticed event messages that active directory updates are not
<<occuring
<<<between the Win 2003 server at the remote site and the SBS server.
<<<
<<<I'm not sure if this is Active Directory problem or something else that
<is
<<<preventing the connections and authentication. Where might I dig from
<<here.?
<<< We've been down for several days so things are heating up..
<<<
<<<
<<<
<<<
<<<
<<
<<
<
<
.
- References:
- RE: Computers on subnet not authenticating to SBS
- From: Robert Li [MSFT]
- RE: Computers on subnet not authenticating to SBS
- From: Robert Li [MSFT]
- RE: Computers on subnet not authenticating to SBS
- Prev by Date: Re: ID 537 in security eventlog
- Next by Date: enable internet connection sharing
- Previous by thread: RE: Computers on subnet not authenticating to SBS
- Next by thread: Setup of BES server
- Index(es):
Relevant Pages
|
Loading
