Mach03
asked on
I have a client machine that gives me an "access denied" when trying to open up a service.
A while back, I configured the domain policy to disable the "Routing and Remote" server and reduced the security to only allow administrators. Now, if I log into any client machine, I can't start the server nor can I even open it up to change the settings. I've removed all the policies that pertain to this service, ran secedit /enforce, created an entire new "blank" policy and enforced it, even disjoined it from the domain. I tried to apply a default security to the local machine, but it only apply to the security folder, not the services folder. Does anyone know how I can get the security lifted on a particular server on a client machine locally?
Thanks,
Daryl
Thanks,
Daryl
ASKER
Here's what I found when runing dcdiag to one of my domain controllers. I have two domain controllers, one is passing with flying colors, the other is giving me netlog on errors. What is the best place to start resolving this issue, the GC?
* Missing SPN :(null)
......................... TRAILHEAD failed test MachineAccount
Starting test: Services
......................... TRAILHEAD passed test Services
Starting test: ObjectsReplicated
......................... TRAILHEAD passed test ObjectsReplicated
Starting test: frssysvol
[TRAILHEAD] An net use or LsaPolicy operation failed with error 6
specified network name is no longer available..
......................... TRAILHEAD passed test frssysvol
Starting test: kccevent
Failed to enumerate event log records, error The specified networ
is no longer available.
......................... TRAILHEAD failed test kccevent
Starting test: systemlog
Failed to enumerate event log records, error The specified networ
is no longer available.
......................... TRAILHEAD failed test systemlog
Running enterprise tests on : wildwest.du.edu
Starting test: Intersite
......................... wildwest.du.edu passed test Intersite
Starting test: FsmoCheck
Warning: DcGetDcName(GC_SERVER_REQU
A Global Catalog Server could not be located - All GC's are down.
Warning: DcGetDcName(GOOD_TIME_SERV
2
A Good Time Server could not be located.
......................... wildwest.du.edu failed test FsmoCheck
* Missing SPN :(null)
* Missing SPN :(null)
* Missing SPN :(null)
......................... TRAILHEAD failed test MachineAccount
Starting test: Services
......................... TRAILHEAD passed test Services
Starting test: ObjectsReplicated
......................... TRAILHEAD passed test ObjectsReplicated
Starting test: frssysvol
[TRAILHEAD] An net use or LsaPolicy operation failed with error 6
specified network name is no longer available..
......................... TRAILHEAD passed test frssysvol
Starting test: kccevent
Failed to enumerate event log records, error The specified networ
is no longer available.
......................... TRAILHEAD failed test kccevent
Starting test: systemlog
Failed to enumerate event log records, error The specified networ
is no longer available.
......................... TRAILHEAD failed test systemlog
Running enterprise tests on : wildwest.du.edu
Starting test: Intersite
......................... wildwest.du.edu passed test Intersite
Starting test: FsmoCheck
Warning: DcGetDcName(GC_SERVER_REQU
A Global Catalog Server could not be located - All GC's are down.
Warning: DcGetDcName(GOOD_TIME_SERV
2
A Good Time Server could not be located.
......................... wildwest.du.edu failed test FsmoCheck
* Missing SPN :(null)
* Missing SPN :(null)
Is the server that is giving you problems the PDC Emulator? If so try to transfer that role to other server and if the other server is not a GC make it one. Let me know if you need the steps for both of those tasks.
Brian
Brian
ASKER
I belive that I have two issues here so I"m going to create a new question for the GC errors. I've moved the GC's to both machines and nothing happened and I see this causeign another issue.
Anyway, the service on the client machine is still locted and it it's a Win2k client so doesn't support RSOP. Any other ideas?
Anyway, the service on the client machine is still locted and it it's a Win2k client so doesn't support RSOP. Any other ideas?
ASKER
I've used dcdiag and netdiag and everythign is checkign out fine, but my group polices are not beign applied to some client machine (on another network). Is there another command I can use to check the gpo?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
My clients are Windows 2000
ASKER
For some reason, the policy wouldn't lift. So we deceided to just rebuild the machine.. all works fine now.
Thanks for your help
Thanks for your help
By running one of those tools you should see where the problem is and then try to resolve it from there. Let me know what your results are if you need more help.
Brian