johnpitt
asked on
Page cannot be displayed. dns working fine. Local intranet. XP SP2
I have one of those issues that should be "impossible" but it is what it is. I have a 2k domain running in mixed mode. I am running integrated active directory dns. I have an Intranet setup that users log into to use various apps. I got tired of people complaining about logging into the intranet so I set up the group policy to use windows authentication and added the intranet to the intranet security zone in IE. This is working fine for everyone with XP SP2, as I expected. One machine with XP sp2 however was using the intranet site fine in the morning then could not access it that afternoon. We would get a page cannot be displayed error (DNS error at bottom of page) when using the FQDN. I ran nslookup through both configured dns servers and the names resolved fine. The same type computer sitting next to it could access the site fine. I changed the ip configuration from manual config to dhcp and it didn't help any. (I have it set manual for filtering purposes.) If I type in the ip address of the website I can get to it just fine. Therefore, it does look like a dns issue. However, as I said, I have no trouble resolving the name. I have never seen anything like it. I ran the "repair connection" utility in XP, no help. I am at a loss. I set up a shortcut for the user to hit it by ip address and this is fine for a workaround but I would really like to get this one solved.
ASKER
When I access it through the ip address I am prompted for credentials. When entered it works fine. I thought security for a while as well, but I was curious why I wouldn't get the access denied message which I usually get when user security is an issue.
johnpitt,
Being asked for credentials does indicate that the user is not otherwise authenticated. I suggest that you get the user to change his/her password and try again (or log in as another user and see if the problem still exists).
.. Alan
Being asked for credentials does indicate that the user is not otherwise authenticated. I suggest that you get the user to change his/her password and try again (or log in as another user and see if the problem still exists).
.. Alan
I would also check to see the login times for the user account. You can specify the times that the login can be used, meaning you can lockout a user from logging in bewteen certain parts of the day, some admin's use that for interns and such.
ASKER
This user can and does logon to the domain through his computer. We restarted and he logged on, then we started troubleshooting. When prompted for credentials we enter the same ones he logged on as and he gets in fine. It is the fact that he DOES NOT get prompted when using the FQDN that troubles me. Thanks for the attempts though. keep 'em coming.
Ok, I would then check to see what membership rights the user's account has. Make sure taht they are allowed to properly access whatever it is they are accessing.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Wouldn't you think by providing the credentials when asked and subsequently being allowed access to the resource that the account has the proper rights?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I posted the entire result and conclusions. it was quite lengthy. i will wait to see if it ever appears. I hate typing this stuff twice.
Could be one of the 'GotCha's of Windows security. Access to network resources fine in the morning, can't do in the afternoon. Check whether the user's password has expired in the meantime.
Regards .. Alan