DOS Client 3.11 and W2K3 SP1 upgrade - access denied error 5 when trying to reach shares

I have been using a Bart corpmb bootable cd for several years to boot DOS, logon to network, run ghost and thensave image to a share on the network. After applying W2K3 SP1 I have been getting access denied error 5 when trying to access a share. I've tried domain\username password, machine\username password to no avail. On a related topic after the SP1 upgrade I've been getting an error on my domain controller as follows:

The file it references does exist and it seems that permissions for it are correct. I'm not so sure my DNS setup is working correctly. I have no DNS errors - its setup was performed during the promotion of the member server to DC. One question I have is where to assign my ISP's DNS servers - should that only be in the DHCP server?

Event Type:      Error
Event Source:      Userenv
Event Category:      None
Event ID:      1058
Date:            1/18/2006
Time:            1:29:19 PM
User:            NT AUTHORITY\SYSTEM
Computer:      XYZ002
Windows cannot access the file gpt.ini for GPO CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=xyz,DC=local. The file must be present at the location <\\xyz.local\sysvol\xyz.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini>. (Access is denied. ). Group Policy processing aborted.

For more information, see Help and Support Center at

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Hi dsteinschneider,

as far as ISP servers go i find it best to add them in as a forwarder on your DNS server itself and leave it there

can you run dcdiag for me and see if we can get more info on the error

Also look into if your server now insists on receiving only signed SMB packets.  Try disabling signed SMB for kicks

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Become a Certified Penetration Testing Engineer

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

dsteinschneiderAuthor Commented:
This weekend I got my domain policy mmc working again by following instructions from an MS KB regarding exaclty carl's post - I will boot the bart network disk tonight - It looks like Carl's suggestion will be the correct one.
dsteinschneiderAuthor Commented:
Still get the message from one server and one workstation - I'm guessing that I need to change the SMB signing on each machine I want to reach by modifying the local policy?
dsteinschneiderAuthor Commented:
I have one question - I'm not sure when this problem started because I only use DOS networking once in a while for ghosting. It must have been caused by both an XP and Windows Server 2003 security update that required SMB signing? I'm wondering if anyone knows which update implemented this behaviour?
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Networking

From novice to tech pro — start learning today.