Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

DOS Client 3.11 and W2K3 SP1 upgrade - access denied error 5 when trying to reach shares

Posted on 2006-04-14
6
Medium Priority
?
432 Views
Last Modified: 2008-01-09
I have been using a Bart corpmb bootable cd for several years to boot DOS, logon to network, run ghost and thensave image to a share on the network. After applying W2K3 SP1 I have been getting access denied error 5 when trying to access a share. I've tried domain\username password, machine\username password to no avail. On a related topic after the SP1 upgrade I've been getting an error on my domain controller as follows:

The file it references does exist and it seems that permissions for it are correct. I'm not so sure my DNS setup is working correctly. I have no DNS errors - its setup was performed during the promotion of the member server to DC. One question I have is where to assign my ISP's DNS servers - should that only be in the DHCP server?

Event Type:      Error
Event Source:      Userenv
Event Category:      None
Event ID:      1058
Date:            1/18/2006
Time:            1:29:19 PM
User:            NT AUTHORITY\SYSTEM
Computer:      XYZ002
Description:
Windows cannot access the file gpt.ini for GPO CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=xyz,DC=local. The file must be present at the location <\\xyz.local\sysvol\xyz.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini>. (Access is denied. ). Group Policy processing aborted.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Thanks
0
Comment
Question by:dsteinschneider
  • 3
  • 2
6 Comments
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16452800
Hi dsteinschneider,

as far as ISP servers go i find it best to add them in as a forwarder on your DNS server itself and leave it there

can you run dcdiag for me and see if we can get more info on the error

Cheers!
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16452813
0
 
LVL 18

Accepted Solution

by:
carl_legere earned 750 total points
ID: 16466039
Also look into if your server now insists on receiving only signed SMB packets.  Try disabling signed SMB for kicks

http://support.microsoft.com/?kbid=887429
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 1

Author Comment

by:dsteinschneider
ID: 16471210
This weekend I got my domain policy mmc working again by following instructions from an MS KB regarding exaclty carl's post - I will boot the bart network disk tonight - It looks like Carl's suggestion will be the correct one.
0
 
LVL 1

Author Comment

by:dsteinschneider
ID: 16557692
Still get the message from one server and one workstation - I'm guessing that I need to change the SMB signing on each machine I want to reach by modifying the local policy?
0
 
LVL 1

Author Comment

by:dsteinschneider
ID: 16647475
I have one question - I'm not sure when this problem started because I only use DOS networking once in a while for ghosting. It must have been caused by both an XP and Windows Server 2003 security update that required SMB signing? I'm wondering if anyone knows which update implemented this behaviour?
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Enterprise networks where VoIP phones have been deployed frequently use port configurations that allow both a computer and an IP phone to be plugged into the same switch port but use different VLANs. On Cisco equipment I'm referring to the "native V…
A common practice in small networks is making file sharing easy which works extremely well when intra-network security is not an issue. In essence, everyone, that is "Everyone", is given access to all of the shared files - often the entire C: drive …
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
Suggested Courses

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question