Solved

2k3 Domain - XP Client - Client can't acces Server Shares.

Posted on 2004-10-03
7
1,935 Views
Last Modified: 2008-03-10
Here are the computers:
2k3_DC:  A Win2k3 Server running- File Server, Domain Controller, DNS, DHCP, WINS
2k3_App:  A Win2k3 Server running- File Server, Application Server, Mail Server, Streaming Media Server (My main File Server)
2k_Term:  A Win2k Server running- Terminal Server
XP_1: Standard XP Client w/SP2
XP_2: Standard XP Client w/SP2 (Works fine)

The entire domain is a new domain functioning at level: Windows Server 2003.  (Originally was 2000 mixed, but changed in hopes of solving the problem.)

Basically I can set-up the entire network (minus XP_1) and have everything run fine.  The problem occurs when I try to join XP_1 to the domain.  The problem is also isolated to XP_1.  Since I've stated that the problem exists after XP_1 is added I'll start this iwht the Set-up process I went through with XP_1.  I want to note that XP_1 has worked on a domain fine in prior circumstances, it's just something with this domain that's messing things up.

Clean install of XP, I ran through the Windows Updates and Accessed 2k3_App for my Anti-Virus and a few other programs.  I didn't even get a password box when accessing the files without joining the domain.  I mapped 3 drives to 2k3_App.  Added XP_1 to the domain and rebooted.  Now when I click the Mapped drive, I get the following:

~~~~~Err1~~~~~
An error occurred while reconnecting I: to \\2k3_App\pgms
Microsoft Windows Network:  The local device name is already in use.
This connection has not been restored.
~~~~~/Err1~~~~~

The error is the same for all 3 of my mapped drives.  When I browse to "My Network Places > Entire Network > Microsoft Windows Netwok > Domain > 2k3_App", I'm prompted with a Password box.  I put in my credntials (I'm a Domain User, Domain Admin, and Enterprise Admin) and I get the following error:

~~~~~Err2~~~~~
\\2k3_App is not accessible.  You might not have permission to use this network resource.  Contact the administrator of this server to find out if you have access permissions.
Multiple connections to a server or shared resource by the same user, using more than one user name, are not  allowed.  Disconnect all previous connections to the server or shared resource and try again.
~~~~~/Err2~~~~~

If I put in the Domain Administrator credentials I get the same error.  I even get the same error if I put in fake credentials.  I can access 2k3_DC with my Windows credentials (No Password box is prompted, it just lets me in).  

Event Viewer is turning up a few regular Errors.  These first 2, are under Application.  I've been told are ignoreable and shouldn't be causing any issues (although they light up my Event Viewer so red I think it's almost Christmas).

~~~~~EV1~~~~~
Event Type:      Error
Event Source:      Userenv
Event Category:      None
Event ID:      1053
Date:            10/3/2004
Time:            2:51:35 AM
User:            NT AUTHORITY\SYSTEM
Computer:      XP_1
Description:
Windows cannot determine the user or computer name. (The requested service provider could not be loaded or initialized. ). Group Policy processing aborted.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
~~~~~/EV1~~~~~

~~~~~EV2~~~~~
Event Type:      Error
Event Source:      AutoEnrollment
Event Category:      None
Event ID:      15
Date:            10/3/2004
Time:            1:17:27 AM
User:            N/A
Computer:      XP_1
Description:
Automatic certificate enrollment for local system failed to contact the active directory (0x80072095).  A directory service error has occurred.
  Enrollment will not be performed.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
~~~~~/EV2~~~~~

These next ones are under System:

~~~~~EV3~~~~~
Event Type:      Error
Event Source:      W32Time
Event Category:      None
Event ID:      29
Date:            10/3/2004
Time:            3:01:16 AM
User:            N/A
Computer:      XP_1
Description:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible.  No attempt to contact a source will be made for 120 minutes. NtpClient has no source of accurate time.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
~~~~~/EV3~~~~~

~~~~~EV4~~~~~
Event Type:      Warning
Event Source:      W32Time
Event Category:      None
Event ID:      18
Date:            10/3/2004
Time:            3:01:16 AM
User:            N/A
Computer:      XP_1
Description:
The time provider NtpClient failed to establish a trust relationship between this computer and the Domain.com domain in order to securely synchronize time. NtpClient will try again in 120 minutes. The error was: The interface is unknown. (0x800706B5)

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
~~~~~/EV4~~~~~

~~~~~EV5~~~~~
Event Type:      Warning
Event Source:      LSASRV
Event Category:      SPNEGO (Negotiator)
Event ID:      40961
Date:            10/3/2004
Time:            2:49:25 AM
User:            N/A
Computer:      XP_1
Description:
The Security System could not establish a secured connection with the server cifs/2k3_App.Domain.com.  No authentication protocol was available.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
~~~~~/EV5~~~~~

~~~~~EV6~~~~~
Event Type:      Warning
Event Source:      LSASRV
Event Category:      SPNEGO (Negotiator)
Event ID:      40960
Date:            10/3/2004
Time:            2:49:25 AM
User:            N/A
Computer:      XP_1
Description:
The Security System detected an attempted downgrade attack for server cifs/2k3_App.Domain.com.  The failure code from authentication protocol Kerberos was "There are currently no logon servers available to service the logon request.
 (0xc000005e)".

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
~~~~~/EV6~~~~~

I can't think of anything else to include with this question, but feel free to ask me anything.

Thanks in advance for any help you can provide!
0
Comment
Question by:VertigoRay
7 Comments
 
LVL 1

Expert Comment

by:jpierson_jerome
Comment Utility
I believe that all four of these problems may be related.  

I also think this is related to DHCP / DNS.  

Make sure and read the links at the bottom.

Here is a checklist:
1) DNS service is running correctly.
2) DHCP is running and the scope is setup correctly with specifications for DNS and WINS
3) The client is able to lease an IP Address

Things to try in order:
Disable the XP Firewall and any other Firewall software
Statically assign IP Address, DNS, WINS
Add a domain entry to the LMHost file on the client  - you can do a google and find instructions.
Remove the client from the domain, rename it and add it back to the domain.
Make sure group policy is set to allow certificate auto enrollment

Here are some links that may be helpful:
http://eventid.net/display.asp?eventid=40960&eventno=787&source=LsaSrv&phase=1
http://eventid.net/display.asp?eventid=29&eventno=1524&source=W32Time&phase=1
http://eventid.net/display.asp?eventid=40961&eventno=1398&source=LsaSrv&phase=1
http://eventid.net/display.asp?eventid=15&eventno=1397&source=AutoEnrollment&phase=1
http://eventid.net/display.asp?eventid=1053&eventno=1584&source=Userenv&phase=1
0
 
LVL 20

Expert Comment

by:ikm7176
Comment Utility
1.Check for the DNS settings on the client machine.

2.Remove the machine from the domain and join again

3. Check Date and Time properties-Time Zone. Also check the time on the client

0
 
LVL 2

Author Comment

by:VertigoRay
Comment Utility
jpierson_jerome~

1)
As far as I can tell, DNS is running correctly (Under DNS Events):
~~~~~EV7~~~~~
Event Type:      Information
Event Source:      DNS
Event Category:      None
Event ID:      2
Date:            10/2/2004
Time:            10:37:48 PM
User:            N/A
Computer:      2k3_DC
Description:
The DNS server has started.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
~~~~~/EV7~~~~~
That's the onle EV(DNS Events) Entry for the past week (had some DNS issues I resolved prior).

2)
DHCP is running.  However, I never did configure to your specifications.  Here are the entries in DNS now:
~2k3_DC.Domain.com [92.168.2.10]
~~Scope [192.168.2.0] Scope1
~~~Address Pool - 192.168.2.200 - 192.168.2.254
~~~Address Leases - *Empty*
~~~Reservations - *Empty*
~~~Scope Options - 003 Router                        Standard     192.168.2.1
                              004 Time Server                Standard     192.168.2.10
                              006 DNS Servers                Standard     192.168.2.10
                              044 WINS/NBNS Servers     Standard     192.168.2.10
~~Server Options -  003 Router                         Standard     192.168.2.1
                              004 Time Server                 Standard     192.168.2.10
                              006 DNS Servers                 Standard     192.168.2.10
                              044 WINS/NBNS Servers      Standard     192.168.2.10

3)
The client is able to lease IP Addresses, however, all computers on my network are static, here's the list of IP Addresses on my Network:
2k3_DC:  192.168.2.10
2k3_App:  192.168.2.11
2k_Term:  192.168.2.12
XP_1: 192.168.2.100 ( LAN Connection); 1394 Connection (Uses DHCP, Connection Disabled*, No USB Jack Connecting to the network)
XP_2: 192.168.2.101

* = When I was configuring the DHCP (Original Scope was *.10 - *.254) in the Previous Step, I noticed that XP_1 had a lease for *.17.  I deleted the lease and Disabled the 1394 Connection on XP_1 (Even though there's no USB cable connecting XP_1 to the network).  As I'm typing this, I'm rebooting XP_1 to see if the *.17 entry was messing things up...

XP_1 Rebooted:
Address Leases is still empty on the DHCP server.  Same Error Received when trying to click mapped drive.  When I try to browse to \\2k3_App\pgms I receive a password box (quickly).  I enter my credentials and receive another password box.  I enter my credentials again and get the following error:
~~~~~Err3~~~~~
Windows cannot find '\\2k3_App\pgms'.  Check the spelling and try again, or try searching for the item by clicking the Start button and then clicking Search.
~~~~~/Err3~~~~~
NOTE: This was the point I was receiving Err2.

Checked Event Viewer.  I'm still getting EV1 - EV6.  I've now got 2 new ones that I didn't notice before (Under System):
~~~~~EV8~~~~~
Event Type:      Error
Event Source:      Service Control Manager
Event Category:      None
Event ID:      7023
Date:            10/3/2004
Time:            2:20:07 PM
User:            N/A
Computer:      XP_1
Description:
The IPSEC Services service terminated with the following error:
The requested service provider could not be loaded or initialized.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.
~~~~~/EV8~~~~~
~~~~~EV9~~~~~
Event Type:      Error
Event Source:      Service Control Manager
Event Category:      None
Event ID:      7023
Date:            10/3/2004
Time:            2:20:07 PM
User:            N/A
Computer:      XP_1
Description:
The Net Logon service terminated with the following error:
The requested service provider could not be loaded or initialized.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
~~~~~/EV9~~~~~

ikm7176~
1)
DNS setting is pointing to *.10 (2k3_DC) as it should.

2)
Removed XP_1 from domain.  Password resolution happened quickly (in about 3 secs) as it should.  Rebooting...

I log into the computer as Administrator.  (No mapped drives) When I browse to \\2k3_App, I get full access to the shares (I created and deleted a txt on one of them).  EV has none of the old EV#s that I've listed during this reboot.  However there is a new one:
~~~~~EV10~~~~~
Event Type:      Warning
Event Source:      MRxSmb
Event Category:      None
Event ID:      3019
Date:            10/3/2004
Time:            2:38:06 PM
User:            N/A
Computer:      XP_1
Description:
The redirector failed to determine the connection type.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 04 00 4e 00   ......N.
0008: 00 00 00 00 cb 0b 00 80   ....Ë..€
0010: 00 00 00 00 84 01 00 c0   ....„..À
0018: 00 00 00 00 00 00 00 00   ........
0020: 00 00 00 00 00 00 00 00   ........
~~~~~/EV10~~~~~

Deleted XP_1 from the Computers list in AD Users and Comps.  Adding XP_1 back to the domain.  Password resolution happened quickly (in about 3 secs) as it should.  Rebooting...

When I click the Domain drop down list at the login screen, a window pops up that says:  "Please wait while the domain list is created."  This window is there for about 2.5 minutes before the Drop down list expands.  When I select "Domain",  I get the same message for about 2 minutes before "Domain" appears in the "Log on to:" field.  When I click ok, I get the following message:
~~~~~Err4~~~~~
Unable to log you on because the netlogon service is not running on this machine.
~~~~~/Err4~~~~~
I attempt to switch back to "XP_1 (this computer)" with the same" Please wait ..." message as before slowing down the process.  This time, the "Please wait message was up for over 10 minutes before I rebooted XP_1.  Rebooting...

I log into the computer as Administrator (with the computer still joined to the Domain).  During the time of the initial reboot (with the "Please wait..." message), I received EV1-EV9 again (not EV7).  During my previous reboot, I received EV1-EV9 again (not EV7).

Note:  XP_1 did add itself back to the Computers list in AD Users and Comps.

3)
2k3_DC is 33 Seconds faster than XP_1.  They are both in the correct Time Zone.

~~~~~~~~~~~~~~~~~~~~~~~~~~~
Currently I'm reading through the links that jpierson_jerome provided.  I figured I would post this for now.
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 
LVL 2

Author Comment

by:VertigoRay
Comment Utility
From reading through the links that jpierson_jerome provided, I did the following:

1)
On XP_1:  Created a registry value manually (DWORD):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters\MaxPacketSize=1

After reboot, nothing appeared changed/better/worse.

2)
On the local DNS Server (2k3_DC), created a Reverse Lookup Zone, and verified that there was a record for "Name Server".

After reboot, nothing appeared changed/better/worse.

3)
On 2k3_DC:  Created a registry value manually (DWORD):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\ReliableTimeSource=1

4)
On XP_1:  At the command prompt, typed:  net time /setsntp:192.168.2.10
On XP_1:  Noticed a registry value was changed (REG_SZ):
From- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\NtpServer=time.windows.com,0x1
To-     HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\NtpServer=192.168.2.10

5)
Created a user ("DNSDynamicUpdate") and made it a member of the "DNSUpdateProxy" group.  Changed the "DNS dynamic update credentials" to match the credentials for the "DNSDynamicUpdate" user that I just created.  Applied the settings.

Note: Previously, "DNS dynamic update credentials" was using administrator credentials.  I don't know if this will change anything.

6)
On XP_1:  Changed a registry value manually (DWORD):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters\MaxPacketSize=1465

On 2k3_DC:  Created a registry value manually (DWORD):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters\MaxPacketSize=1465

Rebooted 2k3_DC and  XP_1 (2k3_DC rebooted completely prior to reboot of XP_1).
After reboot of both, nothing appeared changed/better/worse.
Logged back into "XP_1 (this computer)" as Administrator to continue troubleshooting...

7)
On XP_1:  Noticed in Services that the "Net Logon" service wasn't started.  I attempted to start it, however it failed with the following error:
~~~~~Err5~~~~~
Could not start the Net Logon service on the Local Computer.
Error 10106:  The requested service provider could not be loaded or initialized.
~~~~~/Err5~~~~~
Event Viewer displays the following:
~~~~~EV11~~~~~
Event Type:      Error
Event Source:      NETLOGON
Event Category:      None
Event ID:      5737
Date:            10/3/2004
Time:            6:16:11 PM
User:            N/A
Computer:      XP_1
Description:
The system returned the following unexpected error code:
The requested service provider could not be loaded or initialized.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 7a 27 00 00  
~~~~~/EV11~~~~~
~~~~~EV12~~~~~
Event Type:      Error
Event Source:      Service Control Manager
Event Category:      None
Event ID:      7023
Date:            10/3/2004
Time:            6:16:11 PM
User:            N/A
Computer:      XP_1
Description:
The Net Logon service terminated with the following error:
The requested service provider could not be loaded or initialized.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
~~~~~/EV12~~~~~

8)
Removed a duplicated XP_1 entry from DNS.  More specifically:  I had 2 entries pointing to the same IP with different names (Don't know why I never noticed this before).
IE:  XP_1   192.168.2.100     &     XP_1b   192.168.2.100     -- I removed XP_1b

Rebooted XP_1.
On 2k3_DC:  At the command prompt, typed:  ipconfig /flushdns
On 2k3_App:  At the command prompt, typed:  ipconfig /flushdns

9)
Ran DCPromo and demoted 2k3_DC.  Rebooted.  Ran DCPromo again and set it back up.  When I get to DNS Registration Verification in DCPromo, I get the following:
~~~~~Err6~~~~~
Diagnostic Results
The registration diagnostic has been run 1 time.

The wizard encountered an error while trying to determine if the DNS server with which this domain controller will register supports dynamic updates.

For more information, including steps to correct this problem, see Help.
Details
The primary DNS server tested was: ns.consoltec.net (69.33.179.114)

The zone was: Domain.com

The test for dynamic DNS update support returned:
"DNS bad key."
(error code 0x00002339 RCODE_BADKEY)
~~~~~/Err6~~~~~
I selected: "Install DNS on this machine and set the server to point to itself."  Didn't understand why I did that for a minute, since I already had DNS installed and the server should have already been pointing to itself, but my best guess is that when I demoted the DC, it removed entries of Domain.com from the DNS, so the DNS server passed the query for Domain.com on to ns.consoltec.net since it no longer carried recordes for that name.
Rebooted 2k3_DC

Added XP_1 to Domain.com.  Rebooted XP_1.
After reboot, nothing appeared changed/better/worse.

Added 2k_Term, 2k3_App to Domain.com.
Rebooted both.
After reboot, nothing appeared changed/better/worse.

~~~~~~~~~~~~~~~~~~~~~~~~~~~
About now, you're probably wondering what kind of a domain I'm running over here.  I assure you that XP_1 is a clean install with all Windows Updates (+SP2) + Panda AntiVirus.  2k3_DC, 2k3_App, and 2k_Term all are fresh installs + AVG Anti-Virus Free Edition.  2k3_App has MySQL, PHP, and TeamSpeak_RC2 Server configured and running correctly.  XP_2 is configured identical to XP_1, except it works ... and has more applications installed, since it does work (Such As: Office 2k3, Dreamweaver, TeamSpeak, etc ...)

Also note, when/if this is resolved, I will buy more points to assign to this question.  The amount of points is dependant on how in-depth this becomes.
0
 
LVL 1

Accepted Solution

by:
rpone605 earned 145 total points
Comment Utility
Just out of curiosity what happens when you ping the server's full domain name?

Also get the full info on how your ip setup and paste it up here.

Go to start>run>cmd>type ipconfig /all

This sounds alot like a dns issue with the client directly.  Also maybe try removing sp2 from the machine and make sure there is no other firewall running.

Let us know what you get from there.
0
 
LVL 2

Author Comment

by:VertigoRay
Comment Utility
Microsoft Windows XP [Version 5.1.2600]
<C> Copyright 1985-2001 Microsoft Corp.

C:\>ping domain.com

Pinging domain.com [192.168.2.10] with 32 bytes of data:

Reply from 192.168.2.10: bytes=32 time<1ms TTL=128
Reply from 192.168.2.10: bytes=32 time<1ms TTL=128
Reply from 192.168.2.10: bytes=32 time<1ms TTL=128
Reply from 192.168.2.10: bytes=32 time<1ms TTL=128

Ping statistics for 192.168.2.10:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\>ipconfig /all

Windows IP Configuration

        Host Name . . . . . . . . . . . . : XP_1
        Primary Dns Suffix  . . . . . . . : Domain.com
        Node Type . . . . . . . . . . . . : Hybrid
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : Domain.com

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : Realtek RTL8139/810X Family PCI Fast Ethernet NIC
        Physical Address. . . . . . . . . : **-**-**-**-**-**
        Dhcp Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : 192.168.2.100
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.2.1
        DNS Servers . . . . . . . . . . . : 192.168.2.10
        Primary WINS Server . . . . . . . : 192.168.2.10

(** = MAC Address removed.)

I completely agree that this sounds like DNS, but I can't pinpoint it.  I also think there's an issue with SP2 still, because I just dropped my Laptop from my old domain and Net Logon wasn't started.  Of course XP_2 shows Net Logon as not started either and I can get on fine with it.  The Laptop however is experienceing the same ordeals that  XP_1 is experiencing.

I've also done a DCPromo on 2k3_DC and remade the domain and rebuild my reverse zone.  Still nothing.
0
 
LVL 2

Author Comment

by:VertigoRay
Comment Utility
Well, problem appears to be solved.  The problem was SP2.

I removed SP2  and had all kinds of driver issues that I opted to reformat instead of troubleshoot. Got everything running correctly without SP2.  I installed SP2 and it all broke.  Reformatting again now.  This time I won't install SP@. ;)

Thanks for all your help.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Resolve DNS query failed errors for Exchange
Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now