[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 865
  • Last Modified:

Adding Active Directory users to SharePoint Portal

I have installed SharePoint Portal 2003 on a Windows 2003 server. I have installed Active Directory on another Windows 2003 domain controller.

When trying to populate users from the Active Directory to the portal site through the portal interface, I get the following error:

Unable to retrieve user information from Active Directory directory service.

I have run out of tricks, trips and Googling. Hope someone can help.

 
0
shmuel20
Asked:
shmuel20
  • 46
  • 45
1 Solution
 
Netman66Commented:
Is the sharepoint server in the same domain?  as a member or a DC?  or are these two separate domains / forests?

0
 
shmuel20Author Commented:
The SharePoint server is a member of the DC (Another dedicated DC server). They are in one domain.
0
 
Netman66Commented:
Ok, this much is good.

Are there any specific errors in a logfile you could provide?

This could be a DNS issue - where the SPS server cannot find an LDAP server via DNS, but I don't want to jump to conclusions.

Let us know.

0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
shmuel20Author Commented:
Well I checked the event log on the SharePoint server, and the only thing that may apply is the following:

Event Type:      Error
Event Source:      NETLOGON

Description:
This computer was not able to set up a secure session with a domain controller in domain ORIEL due to the following:
There are currently no logon servers available to service the logon request.  
This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator.

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

All computers are on the network and see each other.
0
 
Netman66Commented:
This looks like DNS.

1)  Make sure every computer inside your LAN points only to your DNS server.
2)  Put the ISP DNS address in the Forwarder tab of your DNS.
3)  Make sure the Forward and Reverse Lookup Zones are Active Directory Integrated and allow Dynamic updates.
4)  If any server has 2 NICs, make sure the LAN-connected card is at the top of the binding order.
5)  All NICs should be set to register in DNS.

If all this checks out, can you give me an IPCONFIG /ALL from the DC and the Sharepoint server?

0
 
shmuel20Author Commented:
Please bear with me. I'm a developer, not a Network person, even though I'm impersonating...

How do I make sure every computer inside my LAN points only to my DNS server?
0
 
Netman66Commented:
That's okay - ask away if you're uncertain.  That's why we're here.

If you are using DHCP addressing, then the DNS IP will be given out by the Scope or the Server Options - 005 and/or 006.

If you have static addressing, then it'll be on the Properties of TCP/IP on the NIC.

0
 
shmuel20Author Commented:
I actually deployed the AD myself. I'm in a home network with a router, and was told that the ip addresses are distributed by the router and will not change. So I gave the DC a static IP address (same one that he got from the router), and am using DHCP to distribute dynamic addresses to my 2 other computers - the SharePoint server and the XP development machine.

Can you explain to me in more details the steps you outlined above?
0
 
Netman66Commented:
Ok, this is likely the problem.

It gets a little more complicated when the router is handing out addresses because most routers can't tell the client to use the local DNS server but rather give out the ISP's DNS address or it's own address instead.

What needs to happen is to do one of two things:

1)  Turn off DHCP on the router LAN connection.  Assign static IP addresses to everything and point DNS to your server.  Your server should then be setup to forward to the ISP.

2)  Turn off DHCP on the router and install it on the server.  Use the same network range and exclude the server address.  Set option 003 as the router, 005 and 006 as your servername.  This isn't as difficult as it sounds.

What I think is going on is that not much is registered in your own DNS server because the clients don't have the right DNS server to register with.

0
 
shmuel20Author Commented:
I had static IP addresses initially, but was getting errors and lost Internet connectivity so I changed that. I can try again, but am afraid to...

How do I point DNS to my (assume DC) server?
0
 
Netman66Commented:
OK, here's what to do.

1)  Configure your PC and the Sharepoint server to static addressing.
2)  Use the IP information you have from IPCONFIG /ALL on each computer - except, change the DNS setting to only point to your DNS server.  The gateway will be the router's LAN IP address.
3)  On your DNS server make sure the NIC setting points to itself for DNS.
4)  In the DNS console (dnsmgmt.msc) right-click the servername and select Properties.  On the Forwarder tab, add the ISP DNS addresses there.  If the settings on this tab are "greyed out" then see step 5.
5)  In the Forward Lookup Zone there might be a "." (root) zone.  Highlight it and delete it.  Reboot the server.  
6)  If you actioned step 5, then repeat step 4.

Restart all computers except the DC.

Go into the router config and uncheck the option for DHCP server - in other words, turn off DHCP.

0
 
Netman66Commented:
Oh, one more thing:

Each Zone in DNS should be Active Directory Integrated and allow Dynamic Updates.

Right-click each zone and select Properties to determine.

0
 
shmuel20Author Commented:
I have a couple of questions.

1. My XP machine is looking for a range of IP addresses and does not ask for a preferred DNS server.

2. Is the preferred DNS server my AD domain controller IP address, or the default 127.0.0.1?

Again, apologies for my ignorance---
0
 
Netman66Commented:
1)  That's not normal...  how are you attempting to configure this?  Right click My Network Places select Properties, right click Local Area Connection and select Properties.  Double-click TCP/IP.  Select Use the Following IP address - fill in the IP, subnet mask and gateway from your IPCONFIG.  Select Unse the following DNS server addresses - Preferred DNS server is your Domain Controller's IP.

2)  Your Domain Controller's IP address.

No trouble at all.
0
 
Netman66Commented:
Got to head off to bed..late here.

Will check back in the AM.  

Follow the thread and instructions above - if you can't get DHCP turned off then as long as the 3 computers are static and on the same network as the router and all point to your DNS that has correct Forwarder setup - then you should be off and running.

Talk then.
NM
0
 
shmuel20Author Commented:
I gave all the computers static addresses and pointed them to the DNS server, including the DC who points to itself.

Not sure what you mean by "Turn off DHCP on the router LAN connection". I know how to disable the DHCP on AD.

0
 
Netman66Commented:
You should be able to get into the router's setup via web browser:

http://ip of router

There you should see an option for DHCP - you want to turn it off there.

0
 
shmuel20Author Commented:
My router is a Linksys wireless-G 2.4 GHz, doesn't seem to have a user interface that I can detect...
0
 
Netman66Commented:
I have a linksys too.

Take your gateway IP address from IPCONFIG /ALL

Open up a web browser and put the IP in the address line.  It's in the manual - if you have not changed the default password on this thing then you should.

0
 
shmuel20Author Commented:
I'm back.

Did everything you said. ipconfig /all on all 3 machines says DHCP enabled = no.

Now I have a new problem. I can no longer view the portal site from my XP.
0
 
Netman66Commented:
How are you accessing it?

http://yourservername

?

0
 
shmuel20Author Commented:
Same way I did before. http://servername/default.aspx.

HTTP 500 - Internal server error
0
 
shmuel20Author Commented:
Here are some event logs:

Event Type:      Error
Event Source:      NETLOGON
Event Category:      None
Event ID:      5722
Date:            5/3/2006
Time:            11:20:26 AM
User:            N/A
Computer:      ORIELTECH (DC)
Description:
The session setup from the computer SHAREPOINT failed to authenticate. The name(s) of the account(s) referenced in the security database is SHAREPOINT$.  The following error occurred:
Access is denied.

Event Type:      Warning
Event Source:      BROWSER
Event Category:      None
Event ID:      8021
Date:            5/3/2006
Time:            11:27:33 AM
User:            N/A
Computer:      MICHAEL (XP)
Description:
The browser was unable to retrieve a list of servers from the browser master \\ORIELTECH on the network \Device\NetBT_Tcpip_{5F6219C2-C28D-42A5-B526-4B44BFB3A158}. The data is the error code.
0
 
Netman66Commented:
I think the first error is due to permissions.  Try accessing it from somewhere other than itself.

0
 
shmuel20Author Commented:
I tried to access the portal from my other computer (DC) as well, but getting the same error.

Another thing I noticed: all the event logs (other the security audit) on the DC are now empty. Never seen that before.
0
 
shmuel20Author Commented:
I'm really at a loss as to what to do now. Any ideas?
0
 
Netman66Commented:
Check DNS and make sure that everything appears to be registered correctly.

On the server:

Start>Run>dnsmgmt.msc

Expand the domain then each zone and look for entries for the servers.


From any machine: open a CMD window and type - nslookup -d2 > C:\nslookup.txt

Post the contents of that file.


Not sure why the logs are empty - we did nothing to clear them.

0
 
shmuel20Author Commented:
The DC sees itself and the XP machine only, not the SharePoint server.

From the command line, I get the following:

Can't find server name for address 192.168.1.102: Non-existant domain
(this is the DC's ip)
0
 
shmuel20Author Commented:
Should I now decommission the DC and start from scratch?
0
 
Netman66Commented:
No, that won't be necessary.

We really have not changed much at all.  We made the existing IPs static and pointed everyone at your DNS server - that's it.  So Sharepoint throwing 500 errors is something entirely different.

When you say the DC sees itself and the XP machine, this sounds to me like the Sharepoint server did not register in DNS.  Check the NIC entries once more - make sure the DNS is pointed to the right IP address and that it is set to register in DNS (Advanced button on Properties of TCP/IP - on the DNS tab).

Please run an "IPCONFIG /ALL > C:\ipconfig.txt" on each machine.  Copy and paste the contents of C:\ipconfig.txt to a post here.

You're close to making this work - there is just some element missing or miconfigured.  Don't worry, we'll find it.

0
 
shmuel20Author Commented:
I went back to having all the non-DC computers obtain dynamic ip addresses.

Now I can work on my Portal from the development machine again. The DC is also displaying events in the event viewer. I don't know why I can't make the static addresses work.

Here are the ipconfig /all results:

1. The XP:

Windows IP Configuration

        Host Name . . . . . . . . . . . . : michael
        Primary Dns Suffix  . . . . . . . : oriel.local
        Node Type . . . . . . . . . . . . : Broadcast
        IP Routing Enabled. . . . . . . . : Yes
        WINS Proxy Enabled. . . . . . . . : Yes
        DNS Suffix Search List. . . . . . : oriel.local
                                            hsd1.ma.comcast.net.

Ethernet adapter VMware Network Adapter VMnet8:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for
VMnet8
        Physical Address. . . . . . . . . : 00-50-56-C0-00-08
        Dhcp Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : 192.168.211.1
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        IP Address. . . . . . . . . . . . : fe80::250:56ff:fec0:8%4
        Default Gateway . . . . . . . . . :
        DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%3
                                            fec0:0:0:ffff::2%3
                                            fec0:0:0:ffff::3%3

Ethernet adapter VMware Network Adapter VMnet1:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for
VMnet1
        Physical Address. . . . . . . . . : 00-50-56-C0-00-01
        Dhcp Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : 192.168.20.1
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        IP Address. . . . . . . . . . . . : fe80::250:56ff:fec0:1%5
        Default Gateway . . . . . . . . . :
        DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%2
                                            fec0:0:0:ffff::2%2
                                            fec0:0:0:ffff::3%2

Ethernet adapter Local Area Connection 3:

        Connection-specific DNS Suffix  . : hsd1.ma.comcast.net.
        Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Cont
roller
        Physical Address. . . . . . . . . : 00-14-22-45-ED-EB
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 192.168.1.101
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        IP Address. . . . . . . . . . . . : fe80::214:22ff:fe45:edeb%6
        Default Gateway . . . . . . . . . : 192.168.1.1
        DHCP Server . . . . . . . . . . . : 192.168.1.1
        DNS Servers . . . . . . . . . . . : 68.87.71.226
                                            68.87.73.242
                                            fec0:0:0:ffff::1%1
                                            fec0:0:0:ffff::2%1
                                            fec0:0:0:ffff::3%1
        Lease Obtained. . . . . . . . . . : Wednesday, May 03, 2006 4:03:46 PM
        Lease Expires . . . . . . . . . . : Thursday, May 04, 2006 4:03:46 PM

Tunnel adapter Teredo Tunneling Pseudo-Interface:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
        Physical Address. . . . . . . . . : 80-00-02-3A-B8-17-4E-BF
        Dhcp Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : 3ffe:831f:4136:e378:8000:23a:b817:4e
bf
        IP Address. . . . . . . . . . . . : fe80::5445:5245:444f%7
        Default Gateway . . . . . . . . . : ::
        NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Automatic Tunneling Pseudo-Interface:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface

        Physical Address. . . . . . . . . : C0-A8-D3-01
        Dhcp Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : fe80::5efe:192.168.211.1%2
        Default Gateway . . . . . . . . . :
        DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%3
                                            fec0:0:0:ffff::2%3
                                            fec0:0:0:ffff::3%3
        NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Automatic Tunneling Pseudo-Interface:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface

        Physical Address. . . . . . . . . : C0-A8-14-01
        Dhcp Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : fe80::5efe:192.168.20.1%2
        Default Gateway . . . . . . . . . :
        DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%2
                                            fec0:0:0:ffff::2%2
                                            fec0:0:0:ffff::3%2
        NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Automatic Tunneling Pseudo-Interface:

        Connection-specific DNS Suffix  . : hsd1.ma.comcast.net.
        Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface

        Physical Address. . . . . . . . . : C0-A8-01-65
        Dhcp Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : fe80::5efe:192.168.1.101%2
        Default Gateway . . . . . . . . . :
        DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                            fec0:0:0:ffff::2%1
                                            fec0:0:0:ffff::3%1
        NetBIOS over Tcpip. . . . . . . . : Disabled

2. The DC:

Windows IP Configuration

   Host Name . . . . . . . . . . . . : orieltech
   Primary Dns Suffix  . . . . . . . : oriel.local
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : oriel.local

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : 3Com EtherLink XL 10/100 PCI For Complete
 PC Management NIC (3C905C-TX)
   Physical Address. . . . . . . . . : 00-50-DA-10-98-42
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.1.102
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.1
   DNS Servers . . . . . . . . . . . : 192.168.1.102

3. The SharePoint server:

Windows IP Configuration

   Host Name . . . . . . . . . . . . : sharepoint
   Primary Dns Suffix  . . . . . . . : oriel.local
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : oriel.local
                                       hsd1.ma.comcast.net.

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : hsd1.ma.comcast.net.
   Description . . . . . . . . . . . : Embedded Broadcom NetXtreme 5721 PCI-E Gi
gabit NIC
   Physical Address. . . . . . . . . : 00-15-60-A3-8A-AE
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IP Address. . . . . . . . . . . . : 192.168.1.100
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DNS Servers . . . . . . . . . . . : 68.87.71.226
                                       68.87.73.242
   Lease Obtained. . . . . . . . . . : Wednesday, May 03, 2006 4:00:01 PM
   Lease Expires . . . . . . . . . . : Thursday, May 04, 2006 4:00:01 PM
0
 
Netman66Commented:
For starters, it looks like you have IPv6 installed on the XP box.  

Next, the Sharepoint server is getting a DNS suffix and address from comcast - not what you want.

Static addressing will work - it's the Sharepoint server that's not right.

It doesn't appear that it is joined to your domain.  The DNS suffix should be oriel.local.  The DNS address needs to be your DNS server.  It won't register in your DNS unless two things are true:

1)  The DNS suffix matches the Forward Lookup zone in your DNS.
2)  Your DNS zones are set for Secure and Non-Secure updates - this applies only if your Sharepoint is not a member of the domain - if it is, then Secure updates are all that is needed.

For the XP box, you need to set each VM to share the real NIC - right now it appears you have NAT or something else setup because the IPs are all over the map.  In terms of DNS, you're pointing at Comcast so it won't resolve to your DNS or local infrastucture.

Let's take this in steps:

1)  On the Sharepoint server - set the IP address to static.  Use 192.168.1.103, subnet mask 255.255.255.0, gateway 192.168.1.1, DNS 192.168.1.102.
2)  Right-click on My Computer, select Properties.  Select the Computername tab then press the change button.  Join ORIEL.LOCAL.
3)  Reboot.
4)  Check DNS.  It should now be there.

Let me know how this goes.
0
 
shmuel20Author Commented:
Doesn't it say:  Primary Dns Suffix  . . . . . . . : oriel.local on Sharepoint?
0
 
shmuel20Author Commented:
I just cheked the computername tab properties. It shows SharePoint as a member of oriel.local domain.

What am I missing?...
0
 
Netman66Commented:
Ok I missed that - but I did see this:

DNS Suffix Search List. . . . . . : oriel.local
                                       hsd1.ma.comcast.net.

Connection-specific DNS Suffix  . : hsd1.ma.comcast.net.

Perhaps they were added by Comcast's DHCP?

At any rate, let's toast that - because as long as that looks as it does then it won't work properly.  Your server appears to be joined to your domain - like you said.  Just do step 1,3 & 4.

When you are in there, check the Advanced section of the Properties of TCP/IP on the DNS tab - DNS suffix for this connection should be empty - do not enter anything in there.

Let me know.
0
 
shmuel20Author Commented:
Now I am really confused.

I repeated all the steps above.

When I enter the DNS in the general tab of the tcp/ip it automatically puts it in the advanced tab. When I remove it from there it gets removed from the general tab...

By the way, as soon as I rebooted I went back to the same problems I had before.
0
 
shmuel20Author Commented:
... and it still doesn't show up in the DNS.
0
 
Netman66Commented:
Yes, it will show up in the Advanced section on the IP Settings tab.  However, on the DNS tab there should be no DNS suffix entered there and the checkbox for "register this connection in DNS" should be checked.

You will experience issues until we sort this out completely - this isn't complicated at all - but helping like this takes an eternity.

Do you have VPN access?  It would be easier.

0
 
shmuel20Author Commented:
I don't have VPN, but assume we can set it up.

I'm sorry being such a pain, but I'm very frustrated since I've been dealing with this for quite a while. My apologies again, and thanks for your patience. I will raise the points to 500 when we get this fixed.
0
 
Netman66Commented:
I understand your frustration.  It's not easy being on my side trying to walk you through this in this manner.

In order to fix this, we'll have to break it initially during the reconfiguration.

What is happening is that your domain traffic doesn't work since it's looking out to the ISP for stuff that should be resolved on your own DNS server.

So where did you finish up?

0
 
shmuel20Author Commented:
I understand what you're saying and agree.

I haven't changed anything since our last conversation. How about the VPN?
0
 
Netman66Commented:
Do you still have the Linksys CD?  On there is the instructions on setting up the router to accept a VPN connection - what model do you have?  Maybe yours doesn't support it - so we should find out before trying that.


0
 
shmuel20Author Commented:
Yes. In fact, I just recently replaced it so i have the newest version. The model is the one I sent you above - Linksys wireless-G 2.4 GHz 54 MBps.
0
 
Netman66Commented:
The model is on the bottom - something like WRT54GS.

It's important as some models don't allow VPN connections to them.

0
 
shmuel20Author Commented:
WRT54G V 5
0
 
shmuel20Author Commented:
Hi - I sent you the model number WRT54G V 5.
0
 
Netman66Commented:
I got it.

No VPN capability.

Why don't you send me a Remote Assistance invitation - make sure you have Remote Desktop enabled on each machine.  If I can accept and connect, then we may be okay that way.

0
 
shmuel20Author Commented:
I need to enable remote assistance on my 2 servers.

I have a dinner engagement this evening. What is a good time to connect with you tomorrow?
0
 
Netman66Commented:
What time zone are you in?

In in Atlantic.
0
 
shmuel20Author Commented:
I'm in Eastern Zone, US & Canada.
0
 
Netman66Commented:
So I'm one hour ahead of you.

I'm normally home by 6pm my time.

0
 
shmuel20Author Commented:
Hi - got all my pcs set up for remote control.
0
 
Netman66Commented:
okay....


Send me a remote assistance invitation.

My EE username at gmail.

0
 
Netman66Commented:
Thanks Lee.

This isn't going to work anyhow...

0
 
Netman66Commented:
This isn't going to work - you'll have to change settings on your router and that will be a challenge.

The issue is pretty clear.

You're using DHCP stuff from Comcast internally.  Your domain won't function like this.

I've walked you through changing IP addresses on the Sharepoint server and I'm pretty sure they were correct.  You couldn't connect from your XP workstation and that was likely because you're using Comcast's DNS there too.

Here it is in a nutshell:

Your router is setup as default: 192.168.1.1, subnet 255.255.255.0

Your DC is set to 192.168.1.102, subnet mask 255.255.255.0, g/w 192.168.1.1, DNS set to itself.
Your Sharepoint should be 192.168.1.103, subnet mask 255.255.255.0, g/w 192.168.1.1, DNS 192.168.1.102
Your XP workstation should be 192.168.1.104, subnet mask 255.255.255.0, g/w 192.168.1 1, DNS 192.168.1.102

Your router is accessible by web browser - do it from the DC - http://192.168.1.1, the password is in the guide.  Turn off DHCP.  Change the password too.

Go into DNS console on the DC, right-click each zone and select Properties.  Make sure each zone is set to AD Integrated and allows Secure and Non-secure dynamic updates.  If the DC has 2 network cards, be sure that DNS is servicing the internal (LAN) card.  On the Forwarder tab - this is where you put the ISP DNS addresses - so write them down from IPCONFIG on one of the machines before you make the changes.

Your Virtual Machines should be set to use NAT.

Restart the Sharepoint and your workstation after the changes so they register with DNS.

If you follow these guides, you should find everything works as expected.  You should NOT have any ISP DNS entry on any network card configuration inside your network or you will never get the domain stuff working.


0
 
Netman66Commented:
Let me know of your progress.
0
 
shmuel20Author Commented:
Performed all the above steps.

DNS is showing all computers. Comcast ISP is gone.

Stopped and restarted the router and broadband. Got network connectivity back.

Went into the SharePoint console to add users from AD. Getting error "Unexpected error occurred".
0
 
Netman66Commented:
OK, that's looking a little better.

Can you surf the internet?

Can you post the error from the Event Log?

0
 
shmuel20Author Commented:
Internet is working on all 3 machines (and also my laptop, which I didn't mention before).

Error log from DC:

Event Type:      Error
Event Source:      NETLOGON
Event Category:      None
Event ID:      5722
Date:            5/7/2006
Time:            2:28:25 PM
User:            N/A
Computer:      ORIELTECH
Description:
The session setup from the computer SHAREPOINT failed to authenticate. The name(s) of the account(s) referenced in the security database is SHAREPOINT$.  The following error occurred:
Access is denied.

Error log from SharePoint server:

vent Type:      Error
Event Source:      Userenv
Event Category:      None
Event ID:      1053
Date:            5/7/2006
Time:            4:07:47 PM
User:            NT AUTHORITY\SYSTEM
Computer:      SHAREPOINT
Description:
Windows cannot determine the user or computer name. (Access is denied. ). Group Policy processing aborted.

Also, SharePoint portal connectivity from the XP is lost again.
0
 
Netman66Commented:
On the DC do the following:

Start>Run>Gpedit.msc
Expand Computer Configuration>Windows Settings>Security Settings>Local Policies>User Rights Assignment :: Access this computer from the Network

Make sure Authenticated Users is in there as well as your IUSR_ and IWAM_ user accounts from IIS.  There may be others in there and you should leave them, just make sure those 3 are in there.

Close out of Group Policy Editor.

Install the Support Tools on the DC (can be found in the Support folder on the server CD).

Run this command after -

Netdom /reset SHAREPOINT

Let me know.
0
 
shmuel20Author Commented:
All 3 user groups are there.

Installed Support tools

Ran the command. Getting "The command failed to complete successfully" message.
0
 
Netman66Commented:
Ok try this one:

netdom reset machine /server:sharepoint

0
 
shmuel20Author Commented:
Did that.

Got:
The RPC Server is unavailable.
The command failed to complete successfully.
0
 
Netman66Commented:
This still looks like a DNS issue.

You're certain no ISP DNS settings are on the Sharepoint NIC?  

Is the DC pointed to itself?  If so, stop and start the Netlogon service on the DC then try the command again.

0
 
shmuel20Author Commented:
Did that. Still getting the same eror message.
0
 
shmuel20Author Commented:
Recent ipconfig results:

Windows IP Configuration

   Host Name . . . . . . . . . . . . : sharepoint
   Primary Dns Suffix  . . . . . . . : oriel.local
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : oriel.local

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Embedded Broadcom NetXtreme 5721 PCI-E Gi
gabit NIC
   Physical Address. . . . . . . . . : 00-15-60-A3-8A-AE
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.1.100
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.1
   DNS Servers . . . . . . . . . . . : 192.168.1.102

Windows IP Configuration

   Host Name . . . . . . . . . . . . : orieltech
   Primary Dns Suffix  . . . . . . . : oriel.local
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : oriel.local

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : 3Com EtherLink XL 10/100 PCI For Complete
 PC Management NIC (3C905C-TX)
   Physical Address. . . . . . . . . : 00-50-DA-10-98-42
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.1.102
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.1
   DNS Servers . . . . . . . . . . . : 192.168.1.102
0
 
Netman66Commented:
From sharepoint can you run this?:

netdiag /v > c:\Netdiag.txt

post the contents of netdiag.txt.

0
 
shmuel20Author Commented:
Get:
'netdiag' is not recognized as an internal or external command,
operable program or batch file.
0
 
Netman66Commented:
You'll need to install the Support Tools on Sharepoint also.

0
 
shmuel20Author Commented:
Should have thought about that...

Installed and read the log. What are we looking for?
0
 
Netman66Commented:
Errors.

Post any portions of the log with errors in it.  If there are errors in a section - post the entire section.

0
 
shmuel20Author Commented:
OK. I listed warnings, errors and things that look suspicious to my uninformed mind...

Gathering the list of Domain Controllers for domain 'ORIEL'
Testing trust relationships... Failed

[WARNING] The net card 'RAS Async Adapter' may not be working because it has not received any packets.

[WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names is missing.

NetBios Resolution : via DHCP (?)

WINS service test. . . . . : Skipped
            There is no primary WINS server defined for this adapter.
            There is no secondary WINS server defined for this adapter.
            There are no WINS servers configured for this interface.
        IPX test : IPX is not installed on this machine.

Global results:


IP General configuration
    LMHOSTS Enabled. . . . . . . . : Yes
    DNS for WINS resolution. . . . : Enabled
    Node Type. . . . . . . . . . . : Hybrid
    NBT Scope ID . . . . . . . . . :
    Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled . . . . . . : No
    DNS resolution for NETBIOS . . : No

Trust relationship test. . . . . . : Failed
    Test to ensure DomainSid of domain 'ORIEL' is correct.
    [FATAL] Secure channel to domain 'ORIEL' is broken. [ERROR_ACCESS_DENIED]

Kerberos test. . . . . . . . . . . : Skipped
    [WARNING] You are logged on as a local user.
    Kerberos cannot be tested.

    [WARNING] You are logged on as a local user. (SHAREPOINT\Administrator)
        Cannot test NTLM Authentication to 'orieltech.oriel.local'.

IP  Statistics

    Packets Received              =   22,480
    Received Header Errors        =   0
    Received Address Errors       =   152
    Datagrams Forwarded           =   0
    Unknown Protocols Received    =   0
    Received Packets Discarded    =   0
    Received Packets Delivered    =   22,341
    Output Requests               =   22,286
    Routing Discards              =   0
    Discarded Output Packets      =   0
    Output Packet No Route        =   0
    Reassembly  Required          =   0
    Reassembly Successful         =   0
    Reassembly Failures           =   0
    Datagrams successfully fragmented  =   0
    Datagrams failing fragmentation    =   0
    Fragments Created                  =   0
    Forwarding                        =    2
    Default TTL                       =    128
    Reassembly  timeout               =    60


    TCP Statistics

    Active Opens               =    612
    Passive Opens              =    398
    Failed Connection Attempts =    7
    Reset Connections          =    159
    Current Connections        =    15
    Received Segments          =    21,069
    Segment Sent               =    20,519
    Segment Retransmitted      =    767
    Retransmission Timeout Algorithm  =   vanj
    Minimum Retransmission Timeout  = 300
    Maximum Retransmission Timeout  = 120,000
    Maximum Number of Connections   = -1

WAN configuration test . . . . . . : Skipped
    No active remote access connections.

Note: run "netsh ipsec dynamic show /?" for more detailed information
0
 
Netman66Commented:
This is likely causing some poblems: The net card 'RAS Async Adapter' may not be working because it has not received any packets.

Ok, right-click on My Network Places and select Properties.
On the tool menu select Advanced>Advanced Settings.

In the top white pane, my guess is the real Network Card is not at the top of that list.  If it isn't highlight it and move it up to the top using the arrows to the right.

Reboot the server.

0
 
shmuel20Author Commented:
I see "Local area connection" on top and "Remote access connection" below it.
0
 
Netman66Commented:
Do you need the Remote access connection?

Are you using RRAS on this server?

0
 
shmuel20Author Commented:
I disabled all of them.
0
 
Netman66Commented:
It looks like we need to put Sharepoint back into a workgroup, reboot, delete the computer account from AD, then rejoin the server to your domain.

Can you at least ping oriel.local sucessfully first?

0
 
shmuel20Author Commented:
Just reinabled it on this server.
0
 
Netman66Commented:
Re-enabled what?

0
 
shmuel20Author Commented:
Remote access. We crossed messages.

I will ping the dc.

0
 
Netman66Commented:
If you don't need remote access then disable it.

0
 
Netman66Commented:
Ping the actual domain name.

0
 
shmuel20Author Commented:
I pinged both servers and they respond. Should I follw the rejoin to workgroup above?
0
 
shmuel20Author Commented:
Just rejoined Sharepoint to WORKGROUP and rebooted. It disappeared from the list on the DC. Will try to rejoin to AD next.
0
 
shmuel20Author Commented:
Succsessfully rejoined SHAREPOINT to the domain. Still can't add users ("Unexpected error occured").
0
 
Netman66Commented:
Are you logged into the server using the Domain Admin account?  From your last logfile, it's telling me you're using a local account.

0
 
shmuel20Author Commented:
Not sure I understand.

I do have some progress - no errors in logs, can now connect from the XP to SharePoint Portal, everything looks fine. I think we are getting close.
0
 
Netman66Commented:
Well, then I think the worst of it is over - you're at a point now where you wanted to be - you just need to figure out what is going on with the load from AD.

In your log you posted above, you'll see errors because you were logged on with the local Administrator account.  You need to log in with the Administrator account for the domain - which is the Administrator account on the DC.

Just change the "log onto" in the Details box - the third box on the logon window - to read the ORIEL rather than SHAREPOINT.

0
 
Netman66Commented:
Did you manage to get things loaded up?
0
 
shmuel20Author Commented:
Yes. Had to grant the DC Admin role Administrator access privileges to the SharePoint databases in SQL Server.

Thanks you very much for your help and support. It has greately improved my system administration skills...
0
 
Netman66Commented:
Interesting...the Domain Admin should have had access by default.  Good piece of investigative work!

You're welcome - sorry it took so long!

Glad to help.

NM

0

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

  • 46
  • 45
Tackle projects and never again get stuck behind a technical roadblock.
Join Now