psuwtb
asked on
Domain Policy Changes Automatically - Blocks access to DC
Hi—
I recently setup a new Windows 2003 domain with about fifteen Windows XP SP1 workstations. These PCs were migrated from a Windows 2000 domain. I took the Windows 2003 Domain Controller Policy from another one of our networks with exactly the same setup, just a different domain name. The network policies seem to work fine until several hours later when the users cannot access the DC (also our file server). I double-checked the policy and block inheritance is checked, and the policy does not seem to change. If I re-import the old policy and run gpupdate to refresh it, and the users login/logout it works fine again until a few hours later when access is blocked to the server.
I am not running any firewall software and the Windows XP firewall is disabled. All PCs can see each other and connect at all times, even when they cannot connect to the DC.
Does anyone have any suggestions to resolve the problem, or determine the source of the problem?
Thanks for your help!
Bill
I recently setup a new Windows 2003 domain with about fifteen Windows XP SP1 workstations. These PCs were migrated from a Windows 2000 domain. I took the Windows 2003 Domain Controller Policy from another one of our networks with exactly the same setup, just a different domain name. The network policies seem to work fine until several hours later when the users cannot access the DC (also our file server). I double-checked the policy and block inheritance is checked, and the policy does not seem to change. If I re-import the old policy and run gpupdate to refresh it, and the users login/logout it works fine again until a few hours later when access is blocked to the server.
I am not running any firewall software and the Windows XP firewall is disabled. All PCs can see each other and connect at all times, even when they cannot connect to the DC.
Does anyone have any suggestions to resolve the problem, or determine the source of the problem?
Thanks for your help!
Bill
ASKER
Kelo501--
Thanks for the advice but I was able to solve the problem on my own. As part of the migration process, I left the old DC running. The only difference between the new DC and the old one to the rest of the workstations, was a different IP address. This causes numerous conflicts. Once I removed the old DC was the network and changed it's IP and hostname, the problems resolved on there own.
Bill
Thanks for the advice but I was able to solve the problem on my own. As part of the migration process, I left the old DC running. The only difference between the new DC and the old one to the rest of the workstations, was a different IP address. This causes numerous conflicts. Once I removed the old DC was the network and changed it's IP and hostname, the problems resolved on there own.
Bill
Wow yea that will cause alot of issues.
It is a good idea to leave the old server around for a bit just to mak sure but alway pull the network connection.
Its the silly things that get us all the time.
kelo
It is a good idea to leave the old server around for a bit just to mak sure but alway pull the network connection.
Its the silly things that get us all the time.
kelo
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If you have not already started useing it, download GPMC from microsoft downloads. In there you can run a result of policy against and machine based on the current logged on user or anyother user. http://www.microsoft.com/windowsserver2003/gpmc/default.mspx
reset your machine so that it works wioth the steps above and run a report.
then check in 90 min to see if the issue returns. 90 min is the defult gprefresh period.
once the issue returns run the report again and compare the two reports.
In most cases you will clearly see where the the change is comming from and can then change it.
If you need help just post back...
Kelo501