game_over Posted September 23, 2009 Author Share Posted September 23, 2009 http://www.eventid.net/display.asp?eventid...Smb&phase=1if you imaged your pc's, did you sysprep them, or regenerate the SID, or did you just image and change the name? when i run w32tm /resync /rediscover it gives me a list of commands i'm still in the dark ages of Windows 2000 so those registry settings are completely different. Link to comment Share on other sites More sharing options...
sc302 Veteran Posted September 23, 2009 Veteran Share Posted September 23, 2009 that command will not work on a windows 2000 server. you would have to do a w32tm -s servername w32tm -v the -v you can verify that it is connecting to your local server for time you should change your ntpserver to be a local atomic time clock to you. i provided the link for uk time clocks in one of my other posts. like this for instance: ntp2d.mcc.ac.uk,0x1 vs time.windows.com,0x1 Link to comment Share on other sites More sharing options...
game_over Posted September 23, 2009 Author Share Posted September 23, 2009 (edited) changed to ntp.exnet.com,0x1 C:\Documents and Settings\username>w32tm -s server RPC to server server returned 0x0 C:\Documents and Settings\username>w32tm -v 2Time: BEGIN:InitAdjIncr 2Time: Adj 156250 , Incr 156250 fAdjust 0 2Time: END:Line 2503 2Time: BEGIN:TsUpTheThread 2Time: END Line 1407 2Time: TimeMMInit() 2Time: Kernel timer : using default maximum resolution 2Time: MaximumTime = 156250 2Time: CurrentTime = 156250 2Time: Timer calibrated, looped 1 times 2Time: BEGIN:InitTmCfg 2Time: END:Line 807 2Time: BEGIN:InitTmCli 2Time: END:Line 2596 2Time: BEGIN:InitTmData 2Time: END:Line 2618 2Time: AvoidTimeSyncOnWan 0 2Time: ntpserver - ntp.exnet.com,0x1 2Time: BEGIN:CMOSSynchSet 2Time: Setting adjustment 156250 - Bool 0 2Time: BEGIN:SetTSTimeRes 2Time: END:Line 1295 2Time: END:Line 864 2Time: BEGIN:InitializeDC 2Time: BEGIN:GetRole 2Time: Role is 'PDC' 2Time: END Line 672 2Time: BEGIN:FetchParentDomainName 2Time: NetLogonGetTimeServiceParentDomain() returned 54b with ptr 0 2Time: END:Line 782 2Time: END:Line 704 2Time: Server: Binding to 1 NIC. 2Time: bind failed: 0x80072740 2Time: Logging event 0xC0000031. 15 min until this event is allowed again. 2Time: 0xC0000031 reported to System Log in Event Viewer 2Time: BEGIN:FinishCleanup 2Time: BEGIN:TsUpTheThread 2Time: END Line 1407 2Time: BEGIN:UnInitializeDC 2Time: Ptrs 0 - 0 2Time: END:Line 727 2Time: Time service stopped. 2Time: END:Line 407 Edited September 23, 2009 by forcer Link to comment Share on other sites More sharing options...
sc302 Veteran Posted September 23, 2009 Veteran Share Posted September 23, 2009 i don't see an issue. go to your xp workstation(s) and look in the system event log to verify that w32time is pulling from the dc. Link to comment Share on other sites More sharing options...
game_over Posted September 23, 2009 Author Share Posted September 23, 2009 Yes it's pulling it from server.domain just fine. I checked down the list of the event viewer and there was plenty of w32time errors... is this likely to have fixed the problem, i'm going to try testing now. Link to comment Share on other sites More sharing options...
sc302 Veteran Posted September 23, 2009 Veteran Share Posted September 23, 2009 look at post 25...once you get rid of those MRxSmb errors, that will fix your problem and if you look at the link I provided it has to do with the name, which is why I asked about imaging and the sid. Link to comment Share on other sites More sharing options...
game_over Posted September 23, 2009 Author Share Posted September 23, 2009 The time seems to be working fine. I have clicked on Microsoft Windows Network from a work station, and it replies with the error: Unable to browse the network The network is not present or not started ... and there is no error showing in the server System Event Log. Link to comment Share on other sites More sharing options...
sc302 Veteran Posted September 23, 2009 Veteran Share Posted September 23, 2009 check your services on your workstation....check logs on the server Link to comment Share on other sites More sharing options...
+BudMan MVC Posted September 23, 2009 MVC Share Posted September 23, 2009 "Unable to browse the network" Browsing can be a finicky thing. I have gone over it so many times all the issues that can cause you problems, for one Im getting really bored with going over it like every other day! And to be honest never understood why anyone would even use it. MS themselves call it unreliable. Do you not know the name of the computer your wanting to access the shares on, just run \\computername With a DC and clients, the the DC should always be the master browser.. But you can have issues with elections when machines come on and off the network. Are you using wins? If you having browsing issues -- these are good articles to read and understand. http://www.microsoft.com/downloads/details...;displaylang=en Computer Browsing for SOHO Networks with Microsoft Windows http://www.microsoft.com/downloads/details...;displaylang=en Troubleshooting Computer Browsing on SOHO Networks with Microsoft Windows What I would suggest is all clients on your network should disable the ability to be the browse master. 2k, XP boxes HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser\Parameters IsDomainMaster=FALSE You can have issues with wins, if you have boxes coming on the network and registering themselves as the master browser, and possible master browser for the domain. I would really suggest you disable the ability for a box to be the master browser unless you want it perform that function. So when you get these issues with users access shares, are they all trying to use the network neighborhood, or directly accessing the shares via \\computername, or mapping the share to a drive letter? On a box your having an issue with -- what exact error do you get when from a command line you do net view \\servercomputername This should give you either a list of the shares, and access denied error 5, or maybe an error 53 Your problem could come down to be a simple name resolution issue? Link to comment Share on other sites More sharing options...
game_over Posted September 23, 2009 Author Share Posted September 23, 2009 Your right, we never use network neighbourhood, this was just another way of me testing it to see if it worked. When users are trying to access shares it's from the mapped drive letter or by going to \\server which gives access to all the network resources The problem we're having now is that drives are not mapping and when we go to \\server or any directory within it, we're getting permission denied errors, even if they are trying direct access to their own location eg \\server\staff\staff.name ... no one can access their files or save onto the network.. Also internet and network printing still seems to be operating fine I'll run net view from command line tomorrow and let you know my results as i'm not on the network at the moment. Link to comment Share on other sites More sharing options...
sc302 Veteran Posted September 23, 2009 Veteran Share Posted September 23, 2009 sounds like you have a mess on your hands. Link to comment Share on other sites More sharing options...
+BudMan MVC Posted September 23, 2009 MVC Share Posted September 23, 2009 Yeah I agree -- something is really messed up.. But these issues just came about recently, before everything was working fine? What else has changed is the key. I love these sorts of problems!! Sorry your having them, but fixing them is where all the FUN is ;) If need be I would be happy to take a direct look, if you could you give me access to the server and one of the clients having problems.. You could run teamviewer on the server and client and we could directly access.. PM me if your open to this sort of thing -- or otherwise we can work through it this way, which is fine too. If you could give us some more details of your setup that would be helpful.. You mention 2k, is all 2k ie both servers and clients? Are there XP clients as well? This is a standalone domain, ie your server is the only DC, and then your clients are members of this domain? Are you running wins? Do all the clients point to the DC for dns? How do the machines on your domain get to the internet? Or are they all completely isolated? How are they all connected together - a switch they all plug into, or is there wireless? etc.. A diagram could be very helpful. Could you post up the event logs from your server and your clients if your not wanting to all direct access to the machines with teamviewer, etc. You mentioned machines being imaged, but you never went into the details of the method used to image them, etc. How are you putting these imaged machines into the domain? When you reimage them you give them a new unique name, or are you re using the name? Are you deleting the old computer name from the domain before you rejoin the reimaged machine, etc. etc.. The answer is in the details ;) Link to comment Share on other sites More sharing options...
game_over Posted September 24, 2009 Author Share Posted September 24, 2009 Kool man thanks for the offer, we'll go through these next lot of questions and if we get nowhere i'd be happy for you to do that :) Yes, everything was working fine, it did seem random, although.. i'm pretty sure i changed the time manually on the server. I also recently created another group with around 30 accounts in. I also added a line of code to the VBS logon script to map the drives of these accounts. here is the code i edited.. the bold is where i added to it ' Sets / collects fixed setings UserName = UCase(WshNetwork.UserName) server = "\\server" home = "W:" ' Put the users home drive letter here. ' add new groups and drives to be checked / mapped below here ' If group = UCase("1999") then CheckGroup adsgroup.name, Username, home, server & "\students\1999", "student" ' If group = UCase("2000") then CheckGroup adsgroup.name, Username, home, server & "\students\2000", "student" ' If group = UCase("2001") then CheckGroup adsgroup.name, Username, home, server & "\students\2001", "student" ' If group = UCase("2002") then CheckGroup adsgroup.name, Username, home, server & "\students\2002", "student" If group = UCase("2003") then CheckGroup adsgroup.name, Username, home, server & "\students\2003", "student" If group = UCase("2004") then CheckGroup adsgroup.name, Username, home, server & "\students\2004", "student" If group = UCase("2005") then CheckGroup adsgroup.name, Username, home, server & "\students\2005", "student" If group = UCase("2006") then CheckGroup adsgroup.name, Username, home, server & "\students\2006", "student" IF group = UCase("KS1") then CheckGroup adsgroup.name, username, home, server & "\students\KS1", "student" IF group = UCase("2007") then CheckGroup adsgroup.name, username, home, server & "\students\2007", "student" [b]IF group = UCase("2009") then CheckGroup adsgroup.name, username, home, server & "\students\2009", "student" [/b] 2009 is the new group, the 1999 to 2002 is commented out because we deleted those groups from AD, they aren't needed anymore. Those are the only changes i can think of. We have 2 servers, one is the DC and other is used for ISA (firewall) both windows 2000 - all workstations are either XP or Vista and are a member of the domain. To connect to the internet the computers connect to the firewall then through to the cachepilot All computers are connected via switches.. we have 3 main hubs.. we do have some wireless access points setup for notebooks. When we re-image the computers we remove-add them to the domain manually.. we delete the computer from the domain and we then add them using the same name. We are using software which relies on ISA Access Rules, this is setup to control group of computers with certain names, so we re-add the same name to save going into ISA and deleting/adding computers from the access rules. The system log is full with only 1 error: MRxSmb - The redirector was unable to initialize security context or query context attributes. application_log_client.txt system_log_client.txt Link to comment Share on other sites More sharing options...
sc302 Veteran Posted September 24, 2009 Veteran Share Posted September 24, 2009 when you image your computers, in the image creation process (before the initial image using whatever your favorite imaging tool is) do you use sysprep? or do you use some sort of sid generator during your imaging process like ghostwalker, or acronis's option to regenerate a random sid during the imaging process, or do you run microsoft's new sid? if you just simply have a default image without some sort of sid regeneration tool every pc has the same sid. think of it as every computer has the same name and the dc has no way to determine which pc is which and causes random conflicts. Link to comment Share on other sites More sharing options...
sc302 Veteran Posted September 24, 2009 Veteran Share Posted September 24, 2009 those txt files don't give me a whole lot of info to go off of. you can google yourself and find multiple fixes for those errors. I do not know which ones pertain to you as I don't know what your system is like. I would have to go through each fix and find the one that fixes you. there are a few out there. Link to comment Share on other sites More sharing options...
game_over Posted September 24, 2009 Author Share Posted September 24, 2009 (edited) when you image your computers, in the image creation process (before the initial image using whatever your favorite imaging tool is) do you use sysprep? or do you use some sort of sid generator during your imaging process like ghostwalker, or acronis's option to regenerate a random sid during the imaging process, or do you run microsoft's new sid? if you just simply have a default image without some sort of sid regeneration tool every pc has the same sid. think of it as every computer has the same name and the dc has no way to determine which pc is which and causes random conflicts. I don't think i can answer that question because our images were created by an external company who came in and installed some specific software we use, they set the workstations up in this particular room... is there a way i can find out now? We have been using the computers for 4 years with the same image and never run into this issue, or any other issues. if that helps! and it's also doing it on some Vista stations that use the manufacturer's default image that came with the PC. Funnily enough, i've had no problems today, i've tried \\net view server on a lot of computers and it's worked... everyone can access their shares just fine... Except i am getting an error with a new notebook i just added saying the trust relationship between this workstation and the primary domain failed. [edit] i think i spoke to soon, just checked it on a limited account and got some errors, checked log and it said the NTP server didn't respond, so i'm wondering if its just unreliable server i'm going to try another Edited September 24, 2009 by forcer Link to comment Share on other sites More sharing options...
sc302 Veteran Posted September 24, 2009 Veteran Share Posted September 24, 2009 there are so many ways that this could be wrong..........ugh. It could even come down to a bad network switch or a bad nic. If budman has the time to fully troubleshoot this from a network issue to a domain database issue I would take him up on it, it seems that he is eager to find out anyway (as his life doesn't have enough challenge in it, lol). I don't think it is going to be a simple fix. I would but I have my own issues to contend with today between mail servers being down, dc's mia, and a drive that failed, I have the feeling that I am being set up to fail today by a higher power (gods don't like me, stars aligned right to cause emp waves in my area, whatever you want to call it). Link to comment Share on other sites More sharing options...
game_over Posted September 24, 2009 Author Share Posted September 24, 2009 there are so many ways that this could be wrong..........ugh.It could even come down to a bad network switch or a bad nic. If budman has the time to fully troubleshoot this from a network issue to a domain database issue I would take him up on it, it seems that he is eager to find out anyway (as his life doesn't have enough challenge in it, lol). I don't think it is going to be a simple fix. I would but I have my own issues to contend with today between mail servers being down, dc's mia, and a drive that failed, I have the feeling that I am being set up to fail today by a higher power (gods don't like me, stars aligned right to cause emp waves in my area, whatever you want to call it). Yeah thanks man i'm really appreciating the help from BudMan and yourself, pulling networks apart isn't really my specialty which is why i'd rather work from advice. I've just tried restarting the switches and disconnected a wireless AP i installed a few days a go, clutching at straws now lol. Link to comment Share on other sites More sharing options...
game_over Posted September 25, 2009 Author Share Posted September 25, 2009 Those SMB errors have disappeared... but we sometimes get The NTP server didn't respond. does this mean the time source is unreliable? Link to comment Share on other sites More sharing options...
sc302 Veteran Posted September 25, 2009 Veteran Share Posted September 25, 2009 (edited) Could be having other network issues. You could try a dif time source. Edit: what did you fix? Edited September 25, 2009 by sc302 Link to comment Share on other sites More sharing options...
game_over Posted September 28, 2009 Author Share Posted September 28, 2009 Nothing by looks of things, those SMB warnings are coming in thick and fast. we're also getting the odd NTP Server didn't respond. Bud, you up for taking a look? Link to comment Share on other sites More sharing options...
game_over Posted September 28, 2009 Author Share Posted September 28, 2009 I'm starting to think we have a virus. I had to re-install windows XP on a machine, i ran updates and it downloaded Microsoft malicious software removal tool... it then said it removed a Trojan.. but after restart i noticed that i could not get back on windows update because critical services had been disabled Automatic Updates Background Intelligence Transfer Service (BITS) Event Log Now i just tried to run updates on the server and i got the same error. Link to comment Share on other sites More sharing options...
game_over Posted September 28, 2009 Author Share Posted September 28, 2009 this is the virus we're infected with: http://www.ca.com/securityadvisor/virusinf...s.aspx?id=76852 Link to comment Share on other sites More sharing options...
Mr. Gibs Posted September 28, 2009 Share Posted September 28, 2009 this is the virus we're infected with:http://www.ca.com/securityadvisor/virusinf...s.aspx?id=76852 http://support.microsoft.com/kb/962007 Has links to the removal tool, and also steps for manually removing it. Link to comment Share on other sites More sharing options...
+BudMan MVC Posted September 28, 2009 MVC Share Posted September 28, 2009 hehehe -- yeah that would cause you all kinds of grief ;) But not sure how you would of gotten infected with it, info has been out for quite some time.. You should prob address your patching method and virus scanner and other settings.. Ie is auto run disabled for media, etc. Link to comment Share on other sites More sharing options...
Recommended Posts