Link to home
Start Free TrialLog in
Avatar of dsteinschneider
dsteinschneider

asked on

DOS Client 3.11 and W2K3 SP1 upgrade - access denied error 5 when trying to reach shares

I have been using a Bart corpmb bootable cd for several years to boot DOS, logon to network, run ghost and thensave image to a share on the network. After applying W2K3 SP1 I have been getting access denied error 5 when trying to access a share. I've tried domain\username password, machine\username password to no avail. On a related topic after the SP1 upgrade I've been getting an error on my domain controller as follows:

The file it references does exist and it seems that permissions for it are correct. I'm not so sure my DNS setup is working correctly. I have no DNS errors - its setup was performed during the promotion of the member server to DC. One question I have is where to assign my ISP's DNS servers - should that only be in the DHCP server?

Event Type:      Error
Event Source:      Userenv
Event Category:      None
Event ID:      1058
Date:            1/18/2006
Time:            1:29:19 PM
User:            NT AUTHORITY\SYSTEM
Computer:      XYZ002
Description:
Windows cannot access the file gpt.ini for GPO CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=xyz,DC=local. The file must be present at the location <\\xyz.local\sysvol\xyz.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini>. (Access is denied. ). Group Policy processing aborted.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Thanks
Avatar of Jay_Jay70
Jay_Jay70
Flag of Australia image

Hi dsteinschneider,

as far as ISP servers go i find it best to add them in as a forwarder on your DNS server itself and leave it there

can you run dcdiag for me and see if we can get more info on the error

Cheers!
ASKER CERTIFIED SOLUTION
Avatar of carl_legere
carl_legere

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of dsteinschneider
dsteinschneider

ASKER

This weekend I got my domain policy mmc working again by following instructions from an MS KB regarding exaclty carl's post - I will boot the bart network disk tonight - It looks like Carl's suggestion will be the correct one.
Still get the message from one server and one workstation - I'm guessing that I need to change the SMB signing on each machine I want to reach by modifying the local policy?
I have one question - I'm not sure when this problem started because I only use DOS networking once in a while for ghosting. It must have been caused by both an XP and Windows Server 2003 security update that required SMB signing? I'm wondering if anyone knows which update implemented this behaviour?