Weird Server Permissions Issue.

[game_over]

http://www.eventid.net/display.asp?eventid...Smb&phase=1

if you imaged your pc's, did you sysprep them, or regenerate the SID, or did you just image and change the name?

when i run w32tm /resync /rediscover it gives me a list of commands

i'm still in the dark ages of Windows 2000 so those registry settings are completely different.

[sc302 Veteran]

that command will not work on a windows 2000 server.

you would have to do a

w32tm -s servername

w32tm -v

the -v you can verify that it is connecting to your local server for time

you should change your ntpserver to be a local atomic time clock to you. i provided the link for uk time clocks in one of my other posts. like this for instance:

ntp2d.mcc.ac.uk,0x1

vs

time.windows.com,0x1

[game_over]

changed to ntp.exnet.com,0x1

C:\Documents and Settings\username>w32tm -s server

RPC to server server returned 0x0

C:\Documents and Settings\username>w32tm -v

2Time: BEGIN:InitAdjIncr

2Time: Adj 156250 , Incr 156250 fAdjust 0

2Time: END:Line 2503

2Time: BEGIN:TsUpTheThread

2Time: END Line 1407

2Time: TimeMMInit()

2Time: Kernel timer : using default maximum resolution

2Time: MaximumTime = 156250

2Time: CurrentTime = 156250

2Time: Timer calibrated, looped 1 times

2Time: BEGIN:InitTmCfg

2Time: END:Line 807

2Time: BEGIN:InitTmCli

2Time: END:Line 2596

2Time: BEGIN:InitTmData

2Time: END:Line 2618

2Time: AvoidTimeSyncOnWan 0

2Time: ntpserver - ntp.exnet.com,0x1

2Time: BEGIN:CMOSSynchSet

2Time: Setting adjustment 156250 - Bool 0

2Time: BEGIN:SetTSTimeRes

2Time: END:Line 1295

2Time: END:Line 864

2Time: BEGIN:InitializeDC

2Time: BEGIN:GetRole

2Time: Role is 'PDC'

2Time: END Line 672

2Time: BEGIN:FetchParentDomainName

2Time: NetLogonGetTimeServiceParentDomain() returned 54b with ptr 0

2Time: END:Line 782

2Time: END:Line 704

2Time: Server: Binding to 1 NIC.

2Time: bind failed: 0x80072740

2Time: Logging event 0xC0000031. 15 min until this event is allowed again.

2Time: 0xC0000031 reported to System Log in Event Viewer

2Time: BEGIN:FinishCleanup

2Time: BEGIN:TsUpTheThread

2Time: END Line 1407

2Time: BEGIN:UnInitializeDC

2Time: Ptrs 0 - 0

2Time: END:Line 727

2Time: Time service stopped.

2Time: END:Line 407

Edited September 23, 2009 by forcer

[sc302 Veteran]

i don't see an issue. go to your xp workstation(s) and look in the system event log to verify that w32time is pulling from the dc.

[game_over]

Yes it's pulling it from server.domain just fine.

I checked down the list of the event viewer and there was plenty of w32time errors...

is this likely to have fixed the problem, i'm going to try testing now.

[sc302 Veteran]

look at post 25...once you get rid of those MRxSmb errors, that will fix your problem and if you look at the link I provided it has to do with the name, which is why I asked about imaging and the sid.

[game_over]

The time seems to be working fine.

I have clicked on Microsoft Windows Network from a work station, and it replies with the error:

Unable to browse the network

The network is not present or not started

... and there is no error showing in the server System Event Log.

[sc302 Veteran]

check your services on your workstation....check logs on the server

[+BudMan MVC]

"Unable to browse the network"

Browsing can be a finicky thing. I have gone over it so many times all the issues that can cause you problems, for one Im getting really bored with going over it like every other day! And to be honest never understood why anyone would even use it. MS themselves call it unreliable. Do you not know the name of the computer your wanting to access the shares on, just run \\computername

With a DC and clients, the the DC should always be the master browser.. But you can have issues with elections when machines come on and off the network. Are you using wins?

If you having browsing issues -- these are good articles to read and understand.

http://www.microsoft.com/downloads/details...;displaylang=en

Computer Browsing for SOHO Networks with Microsoft Windows

http://www.microsoft.com/downloads/details...;displaylang=en

Troubleshooting Computer Browsing on SOHO Networks with Microsoft Windows

What I would suggest is all clients on your network should disable the ability to be the browse master.

2k, XP boxes

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser\Parameters IsDomainMaster=FALSE

You can have issues with wins, if you have boxes coming on the network and registering themselves as the master browser, and possible master browser for the domain.

I would really suggest you disable the ability for a box to be the master browser unless you want it perform that function.

So when you get these issues with users access shares, are they all trying to use the network neighborhood, or directly accessing the shares via \\computername, or mapping the share to a drive letter?

On a box your having an issue with -- what exact error do you get when from a command line you do

net view \\servercomputername

This should give you either a list of the shares, and access denied error 5, or maybe an error 53

Your problem could come down to be a simple name resolution issue?

[game_over]

Your right, we never use network neighbourhood, this was just another way of me testing it to see if it worked.

When users are trying to access shares it's from the mapped drive letter or by going to \\server which gives access to all the network resources

The problem we're having now is that drives are not mapping and when we go to \\server or any directory within it, we're getting permission denied errors, even if they are trying direct access to their own location eg \\server\staff\staff.name ... no one can access their files or save onto the network..

Also internet and network printing still seems to be operating fine

I'll run net view from command line tomorrow and let you know my results as i'm not on the network at the moment.

[sc302 Veteran]

sounds like you have a mess on your hands.

[+BudMan MVC]

Yeah I agree -- something is really messed up.. But these issues just came about recently, before everything was working fine? What else has changed is the key.

I love these sorts of problems!! Sorry your having them, but fixing them is where all the FUN is ;) If need be I would be happy to take a direct look, if you could you give me access to the server and one of the clients having problems.. You could run teamviewer on the server and client and we could directly access.. PM me if your open to this sort of thing -- or otherwise we can work through it this way, which is fine too.

If you could give us some more details of your setup that would be helpful.. You mention 2k, is all 2k ie both servers and clients? Are there XP clients as well? This is a standalone domain, ie your server is the only DC, and then your clients are members of this domain? Are you running wins? Do all the clients point to the DC for dns? How do the machines on your domain get to the internet? Or are they all completely isolated? How are they all connected together - a switch they all plug into, or is there wireless? etc.. A diagram could be very helpful. Could you post up the event logs from your server and your clients if your not wanting to all direct access to the machines with teamviewer, etc.

You mentioned machines being imaged, but you never went into the details of the method used to image them, etc. How are you putting these imaged machines into the domain? When you reimage them you give them a new unique name, or are you re using the name? Are you deleting the old computer name from the domain before you rejoin the reimaged machine, etc. etc..

The answer is in the details ;)

[game_over]

Kool man thanks for the offer, we'll go through these next lot of questions and if we get nowhere i'd be happy for you to do that :)

Yes, everything was working fine, it did seem random, although.. i'm pretty sure i changed the time manually on the server. I also recently created another group with around 30 accounts in. I also added a line of code to the VBS logon script to map the drives of these accounts.

here is the code i edited.. the bold is where i added to it

' Sets / collects fixed setings	
	UserName = UCase(WshNetwork.UserName)
	server = "\\server"
	home = "W:" ' Put the users home drive letter here.	


' add new groups and drives to be checked / mapped below here
' If group = UCase("1999") then CheckGroup adsgroup.name, Username, home, server & "\students\1999", "student"
' If group = UCase("2000") then CheckGroup adsgroup.name, Username, home, server & "\students\2000", "student"
' If group = UCase("2001") then CheckGroup adsgroup.name, Username, home, server & "\students\2001", "student"
' If group = UCase("2002") then CheckGroup adsgroup.name, Username, home, server & "\students\2002", "student"
 If group = UCase("2003") then CheckGroup adsgroup.name, Username, home, server & "\students\2003", "student"
 If group = UCase("2004") then CheckGroup adsgroup.name, Username, home, server & "\students\2004", "student"
 If group = UCase("2005") then CheckGroup adsgroup.name, Username, home, server & "\students\2005", "student"
 If group = UCase("2006") then CheckGroup adsgroup.name, Username, home, server & "\students\2006", "student"
 IF group = UCase("KS1") then CheckGroup adsgroup.name, username, home, server & "\students\KS1", "student"
 IF group = UCase("2007") then CheckGroup adsgroup.name, username, home, server & "\students\2007", "student"
 [b]IF group = UCase("2009") then CheckGroup adsgroup.name, username, home, server & "\students\2009", "student" [/b]

2009 is the new group, the 1999 to 2002 is commented out because we deleted those groups from AD, they aren't needed anymore.

Those are the only changes i can think of.

We have 2 servers, one is the DC and other is used for ISA (firewall) both windows 2000 - all workstations are either XP or Vista and are a member of the domain.

To connect to the internet the computers connect to the firewall then through to the cachepilot

All computers are connected via switches.. we have 3 main hubs.. we do have some wireless access points setup for notebooks.

When we re-image the computers we remove-add them to the domain manually.. we delete the computer from the domain and we then add them using the same name. We are using software which relies on ISA Access Rules, this is setup to control group of computers with certain names, so we re-add the same name to save going into ISA and deleting/adding computers from the access rules.

The system log is full with only 1 error:

MRxSmb - The redirector was unable to initialize security context or query context attributes.

application_log_client.txt

system_log_client.txt

[sc302 Veteran]

when you image your computers, in the image creation process (before the initial image using whatever your favorite imaging tool is) do you use sysprep? or do you use some sort of sid generator during your imaging process like ghostwalker, or acronis's option to regenerate a random sid during the imaging process, or do you run microsoft's new sid? if you just simply have a default image without some sort of sid regeneration tool every pc has the same sid. think of it as every computer has the same name and the dc has no way to determine which pc is which and causes random conflicts.

[sc302 Veteran]

those txt files don't give me a whole lot of info to go off of.

you can google yourself and find multiple fixes for those errors. I do not know which ones pertain to you as I don't know what your system is like. I would have to go through each fix and find the one that fixes you. there are a few out there.

[game_over]

when you image your computers, in the image creation process (before the initial image using whatever your favorite imaging tool is) do you use sysprep? or do you use some sort of sid generator during your imaging process like ghostwalker, or acronis's option to regenerate a random sid during the imaging process, or do you run microsoft's new sid? if you just simply have a default image without some sort of sid regeneration tool every pc has the same sid. think of it as every computer has the same name and the dc has no way to determine which pc is which and causes random conflicts.

I don't think i can answer that question because our images were created by an external company who came in and installed some specific software we use, they set the workstations up in this particular room... is there a way i can find out now?

We have been using the computers for 4 years with the same image and never run into this issue, or any other issues. if that helps! and it's also doing it on some Vista stations that use the manufacturer's default image that came with the PC.

Funnily enough, i've had no problems today, i've tried \\net view server on a lot of computers and it's worked... everyone can access their shares just fine...

Except i am getting an error with a new notebook i just added saying the trust relationship between this workstation and the primary domain failed.

[edit] i think i spoke to soon, just checked it on a limited account and got some errors, checked log and it said the NTP server didn't respond, so i'm wondering if its just unreliable server i'm going to try another

Edited September 24, 2009 by forcer

[sc302 Veteran]

there are so many ways that this could be wrong..........ugh.

It could even come down to a bad network switch or a bad nic. If budman has the time to fully troubleshoot this from a network issue to a domain database issue I would take him up on it, it seems that he is eager to find out anyway (as his life doesn't have enough challenge in it, lol). I don't think it is going to be a simple fix. I would but I have my own issues to contend with today between mail servers being down, dc's mia, and a drive that failed, I have the feeling that I am being set up to fail today by a higher power (gods don't like me, stars aligned right to cause emp waves in my area, whatever you want to call it).

[game_over]

there are so many ways that this could be wrong..........ugh.

It could even come down to a bad network switch or a bad nic. If budman has the time to fully troubleshoot this from a network issue to a domain database issue I would take him up on it, it seems that he is eager to find out anyway (as his life doesn't have enough challenge in it, lol). I don't think it is going to be a simple fix. I would but I have my own issues to contend with today between mail servers being down, dc's mia, and a drive that failed, I have the feeling that I am being set up to fail today by a higher power (gods don't like me, stars aligned right to cause emp waves in my area, whatever you want to call it).

Yeah thanks man i'm really appreciating the help from BudMan and yourself, pulling networks apart isn't really my specialty which is why i'd rather work from advice.

I've just tried restarting the switches and disconnected a wireless AP i installed a few days a go, clutching at straws now lol.

[game_over]

Those SMB errors have disappeared... but we sometimes get The NTP server didn't respond.

does this mean the time source is unreliable?

[sc302 Veteran]

Could be having other network issues. You could try a dif time source.

Edit: what did you fix?

Edited September 25, 2009 by sc302

[game_over]

Nothing by looks of things, those SMB warnings are coming in thick and fast.

we're also getting the odd NTP Server didn't respond.

Bud, you up for taking a look?

[game_over]

I'm starting to think we have a virus.

I had to re-install windows XP on a machine, i ran updates and it downloaded Microsoft malicious software removal tool... it then said it removed a Trojan.. but after restart i noticed that i could not get back on windows update because critical services had been disabled

Automatic Updates

Background Intelligence Transfer Service (BITS)

Event Log

Now i just tried to run updates on the server and i got the same error.

[game_over]

this is the virus we're infected with:

http://www.ca.com/securityadvisor/virusinf...s.aspx?id=76852

[Mr. Gibs]

this is the virus we're infected with:

http://www.ca.com/securityadvisor/virusinf...s.aspx?id=76852

http://support.microsoft.com/kb/962007

Has links to the removal tool, and also steps for manually removing it.

[+BudMan MVC]

hehehe -- yeah that would cause you all kinds of grief ;)

But not sure how you would of gotten infected with it, info has been out for quite some time.. You should prob address your patching method and virus scanner and other settings.. Ie is auto run disabled for media, etc.