• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 106
  • Last Modified:

User Name/password loses connection

I have a win2k domain. I have a few computers mapped to a member server share. The connection works fine after i create it, but several hours later it tells me "access denied". If i disconnect the network drive, then re-map it, i get on fine. But then several hours later it doesn't work again. It's like it times out after a certain amount of time. Any Ideas ??
0
itly09
Asked:
itly09
  • 4
  • 3
1 Solution
 
Debsyl99Commented:
Hi
Not sure about the access denied part - how have you got dns set up in this network - ie what is the preferred dns server setting in your nic in tcp/ip on the server and on clients? Also any errors in the event logs on the server and/or clients? It's worth trying the following article, also how are the drives mapped in the first place, manually, logon script?
Mapped Drive Connection to Network Share May Be Lost
http://support.microsoft.com/kb/297684/EN-US

Deb :))
0
 
itly09Author Commented:
Ok I have 2 DNS servers Active Directory Integrated. I have all computers in Domain pointing to those 2 servers. I Mapped this drive manually.
There are two errors in the event log:

Event ID: 3019
MrxSmb

Event ID: 1265
NTDS KCC

As far as the article...This relates to when theres a red X, and when u click on it, it reconnects. MY Problem is different than this. If i click on it, i must Dissconect the mapped drive, then remap it.
0
 
Debsyl99Commented:
Hmmm
The first error is probably more a symptom or by-product of the second - what's the full error listing of the 1265 error? This indicates a replication issue between the two dc's. Where are both servers' tcp/ip preferred dns servers pointing? Have you demoted or lost any dc's on this network at all? What service packs are you on for the servers - should really be sp4 for 2000. If you are on sp4, and you haven't done so already download the following support tools. They're very useful anyway. Then in the 1st instance run dcdiag from a command prompt on one or both of the dc's and list the output.  
Windows 2000 SP4 Support Tools
http://www.microsoft.com/windows2000/downloads/servicepacks/SP4/supporttools.asp

Deb :))
0
Prep for the ITIL® Foundation Certification Exam

December’s Course of the Month is now available! Enroll to learn ITIL® Foundation best practices for delivering IT services effectively and efficiently.

 
itly09Author Commented:
The 1265 Error is:
Event Type:      Warning
Event Source:      NTDS KCC
Event Category:      (1)
Event ID:      1265
Date:            11/11/2004
Time:            3:46:14 PM
User:            N/A
Computer:      LARONYC
Description:
The attempt to establish a replication link with parameters
 
 Partition: DC=laro,DC=com
 Source DSA DN: CN="NTDS Settings
CNF:bf00cd46-5fcb-4c20-b99b-4ee133f2bcdc",CN=LARODC1,CN=Servers,CN=laroli,CN=Sites,CN=Configuration,DC=laro,DC=com
 Source DSA Address: bf00cd46-5fcb-4c20-b99b-4ee133f2bcdc._msdcs.laro.com
 Inter-site Transport (if any):
 
 failed with the following status:
 
 The DSA operation is unable to proceed because of a DNS lookup failure.
 
 The record data is the status code.  This operation will be retried.
Data:
0000: 4c 21 00 00               L!..    


I lost a DC a while back and could never demote it properly. But  seized the roles to other/new servers. I've had this replication error for quite some time now. Here are the results of DCDIAG: Hopefully this helps...

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: laroli\laronyc
      Starting test: Connectivity
         ......................... laronyc passed test Connectivity

Doing primary tests

   Testing server: laroli\laronyc
      Starting test: Replications
         ......................... laronyc passed test Replications
      Starting test: NCSecDesc
         ......................... laronyc passed test NCSecDesc
      Starting test: NetLogons
         ......................... laronyc passed test NetLogons
      Starting test: Advertising
         ......................... laronyc passed test Advertising
      Starting test: KnowsOfRoleHolders
         Warning: laronyc returned role-holder name
         CN="NTDS Settings
CNF:bf00cd46-5fcb-4c20-b99b-4ee133f2bcdc",CN=LARODC1,CN=Servers,CN=laroli,CN=Sit
es,CN=Configuration,DC=laro,DC=com that is unknown to this Enterprise.
         Warning: laronyc returned role-holder name
         CN="NTDS Settings
CNF:bf00cd46-5fcb-4c20-b99b-4ee133f2bcdc",CN=LARODC1,CN=Servers,CN=laroli,CN=Sit
es,CN=Configuration,DC=laro,DC=com that is unknown to this Enterprise.
         Warning: laronyc returned role-holder name
         CN="NTDS Settings
CNF:bf00cd46-5fcb-4c20-b99b-4ee133f2bcdc",CN=LARODC1,CN=Servers,CN=laroli,CN=Sit
es,CN=Configuration,DC=laro,DC=com that is unknown to this Enterprise.
         ......................... laronyc failed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... laronyc passed test RidManager
      Starting test: MachineAccount
         ......................... laronyc passed test MachineAccount
      Starting test: Services
         ......................... laronyc passed test Services
      Starting test: ObjectsReplicated
         ......................... laronyc passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... laronyc passed test frssysvol
      Starting test: kccevent
         An Warning Event occured.  EventID: 0x800004F1
            Time Generated: 11/11/2004   16:01:15
            (Event String could not be retrieved)
         An Warning Event occured.  EventID: 0x800004F1
            Time Generated: 11/11/2004   16:01:15
            (Event String could not be retrieved)
         An Warning Event occured.  EventID: 0x800004F1
            Time Generated: 11/11/2004   16:01:15
            (Event String could not be retrieved)
         ......................... laronyc failed test kccevent
      Starting test: systemlog
         ......................... laronyc passed test systemlog

   Running enterprise tests on : laro.com
      Starting test: Intersite
         ......................... laro.com passed test Intersite
      Starting test: FsmoCheck
         ......................... laro.com passed test FsmoCheck
0
 
Debsyl99Commented:
Hi
This could be related - not sure but it certainly needs clearing up anyway.
First confirm that all the roles are held by existing domain controllers - looks like they are, but would be irresponsible of me not to suggest this,
Windows 2000 Domain Controller Operations Master Roles
http://www.windowsnetworking.com/kbase/WindowsTips/Windows2000/AdminTips/ActiveDirectory/Windows2000DomainControllerOperationsMasterRoles.html

Then follow this to ensure that you've cleaned up active directory properly and removed traces of your lost dc. Always take a good back up first (again just good practise). If you never ran ntdsutil to clean up the metabase then you'll need to - the server you need to run it on and connect to is your main existing dc. You then use it to remove your dead dc. If you have done this successfully then you may need to look in adsiedit and remove the object from there, but be ultra careful in what you delete as there's no "undo" option - likewise in AD sites and services. It's hard to tell if this is contibuting to your problem but it needs sorting anyway, so you may as well do it,
How to remove data in Active Directory after an unsuccessful domain controller demotion
http://support.microsoft.com/kb/216498

If you have any probs then post as I've done this way too many times myself,

Deb :))
0
 
itly09Author Commented:
Ok, I cleaned up the old server using nudsutil. It was successfully removed. Could this have anything to do with "dissconecting a session" after a certain idle time ??
0
 
Debsyl99Commented:
Hi again,

Very difficult to tell - certainly in my domains I've not had the same problem, but the access denied error would definitely suggest that there's some conflict going on. Best thing to do for now is to monitor your situation and post back any further problems. The issue that you've (hopefully) cleared up needed sorting out anyway, but keep us posted with how it goes from now on, and if necessary post any specific error logs showing up on the server or clients, should the access denied error recur.

Deb :))

0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now