maryatroasters
asked on
Users Must Reauthenticate in SBS2003
I have recently set up a Windows SBS2003 server and domain. All users were running fine. Last week a few started having to reauthenticate to the SBS server at "random" points during the day when they accessed their e-mail and/or network mapped drives. This problem has been worsening, with more and more users experiencing it each day. Now, when some log on, they can't see the network drives at all (mapping applied at logon by a group policy script), yet the mappings to the old server (Windows 2000 Server) are fine, so I know they are running the script. Once they log on (apparently not authenticating properly?), click on a network resource, they get asked to reauthenticate. Then, once they do, they can manually run this vbs drive-mapping script and everything is peachy. Any ideas?
ASKER
Yes, we had a Windows 2000 Server and different domain. In fact, that server is still in use, and the same users and passwords are set up on both servers. The .vbs script I have running maps drives on both servers, and interestingly enough, is always successful in mapping the drives on the older server, but it is the NEW server shares that are not getting mapped (though they USED to). And this problem is not happening for all users... just a few, but getting worse.
And, yes, I added the users and computers via the wizards, and all affected clients were migrated using the connectcomputer utility (along with many other users who are NOT experiencing the loss of authentication). Everyone was running fine until last week, and I can't recall an event that might have triggered this.
And, yes, I added the users and computers via the wizards, and all affected clients were migrated using the connectcomputer utility (along with many other users who are NOT experiencing the loss of authentication). Everyone was running fine until last week, and I can't recall an event that might have triggered this.
So, when users want to access files on the old server you have them log onto that separately?? That doesn't make any sense at all... can you please explain?
Also, can you please post a complete IPCONFIG /ALL from both the SBS as well as the Win2K server? I'm sure this has to do with the relationship between these two servers... whether it be DNS, NETBIOS/WINS or a combination of the two... because SBS domains do not support trusts and SBS will not tollerate another domain controller on the same subnet, I would suspect that the SBCore service is interfering.
Jeff
TechSoEasy
Also, can you please post a complete IPCONFIG /ALL from both the SBS as well as the Win2K server? I'm sure this has to do with the relationship between these two servers... whether it be DNS, NETBIOS/WINS or a combination of the two... because SBS domains do not support trusts and SBS will not tollerate another domain controller on the same subnet, I would suspect that the SBCore service is interfering.
Jeff
TechSoEasy
ASKER
Thank you for your quick reply, Jeff.
When the users log onto their PC, the authentication takes place on BOTH servers at that time, even though they are logging onto the SBS domain (one logon). The 2000 domain server has been playing nicely withing the SBS domain that way since day 1. (Have I been taking advantage of an "undocumented feature?") The login script maps drives on both servers, and this has worked up to last week. As I stated earlier, the drive mappings to the 2000 server are solid and there every time.
I have taken printscreens of IPCONFIG /ALL on both servers and will post them promptly (when I figure out how to do that here).
Thanks again.
When the users log onto their PC, the authentication takes place on BOTH servers at that time, even though they are logging onto the SBS domain (one logon). The 2000 domain server has been playing nicely withing the SBS domain that way since day 1. (Have I been taking advantage of an "undocumented feature?") The login script maps drives on both servers, and this has worked up to last week. As I stated earlier, the drive mappings to the 2000 server are solid and there every time.
I have taken printscreens of IPCONFIG /ALL on both servers and will post them promptly (when I figure out how to do that here).
Thanks again.
ASKER
OK, I'll have to copy/paste, I guess. :o)
Here is the SBS Server:
Windows IP Configuration
Host Name . . . . . . . . . . . . : serversbs
Primary Dns Suffix . . . . . . . : Diedrich.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Diedrich.local
Ethernet adapter Server LAN:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
Physical Address. . . . . . . . . : 00-14-22-78-93-13
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.1.1
Primary WINS Server . . . . . . . : 192.168.1.1
Ethernet adapter Internet:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : NETGEAR GA311 Gigabit Adapter
Physical Address. . . . . . . . . : 00-0F-B5-FE-8F-32
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.253
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.254
DNS Servers . . . . . . . . . . . : 192.168.1.1
Primary WINS Server . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Disabled
Here is the Win2K server:
Windows 2000 IP Configuration
Host Name . . . . . . . . . . . . : server2000
Primary DNS Suffix . . . . . . . : diedrichmfg.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : diedrichmfg.local
Ethernet adapter Intel Fast Ethernet LAN Controller - onboard:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/100 Network Connection
Physical Address. . . . . . . . . : 00-06-5B-3F-69-CC
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.168
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.1
69.41.131.4
Here is the SBS Server:
Windows IP Configuration
Host Name . . . . . . . . . . . . : serversbs
Primary Dns Suffix . . . . . . . : Diedrich.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Diedrich.local
Ethernet adapter Server LAN:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
Physical Address. . . . . . . . . : 00-14-22-78-93-13
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.1.1
Primary WINS Server . . . . . . . : 192.168.1.1
Ethernet adapter Internet:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : NETGEAR GA311 Gigabit Adapter
Physical Address. . . . . . . . . : 00-0F-B5-FE-8F-32
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.253
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.254
DNS Servers . . . . . . . . . . . : 192.168.1.1
Primary WINS Server . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Disabled
Here is the Win2K server:
Windows 2000 IP Configuration
Host Name . . . . . . . . . . . . : server2000
Primary DNS Suffix . . . . . . . : diedrichmfg.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : diedrichmfg.local
Ethernet adapter Intel Fast Ethernet LAN Controller - onboard:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/100 Network Connection
Physical Address. . . . . . . . . : 00-06-5B-3F-69-CC
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.168
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.1
69.41.131.4
Well, I see how this may be happening... in that you have configured the same subnet on both of the SBS's NICs which essentially makes RRAS a totally ineffective firewall. But, we'll get back to that...
Can you please explain how "the authentication takes place on BOTH servers at that time, even though they are logging onto the SBS domain (one logon). "???
Jeff
TechSoEasy
Can you please explain how "the authentication takes place on BOTH servers at that time, even though they are logging onto the SBS domain (one logon). "???
Jeff
TechSoEasy
ASKER
Well... *blush*... perhaps I cannot explain it, and hence one of my problems. :o) But for over a month, the users were logging into the SBS domain, and the script was running and authenticating them properly to the WIN2K server when the script called for mapping to the WIN2K server shares. The application running on the WIN2K server runs properly, too (utilizing one of the 2 mapped drives to the older WIN2K server). The users never actually authenticate to this WIN2K server explicitly. But it has always worked. Again... an undocumented feature that is now biting me in the behind?
- TTT
- TTT
Perhaps you want to provide the content of the script here?
It's definitely not an undocumented feature... but what I don't understand is why you haven't joined the Win2K server to your SBS domain??
http://sbsurl.com/addserver will explain how.
Jeff
TechSoEasy
It's definitely not an undocumented feature... but what I don't understand is why you haven't joined the Win2K server to your SBS domain??
http://sbsurl.com/addserver will explain how.
Jeff
TechSoEasy
ASKER
Script:
' logon script for all users
' v1.0 (09/13/02)
' v1.1 (10/21/02) added AVG workstation communications
' v1.2 (11/14/02) change location of drive T, add drive U
' v1.3 (11/10/03) change location of drive T
' v1.4 (01/05/04) add drive X for Epicor (Vista)
' v1.5 (01/26/05) add drive W for Schedules
' v1.6 (03/17/05) add drive Y for VSS
' v1.7 (10/24/05) add drive J for Fedex
' v1.8 (05/05/06) clean up for ServerSBS
'
' map drives onlogin, unmap previous mappings
'
option explicit
on error resume next
dim i, d_drv(9), d_map(9)
dim wshnet
dim ofs
dim drive_coll
dim drive_item
' define mapped drives
d_drv(0)="I:" :d_drv(1)="M:" :d_drv(2)="P:" :d_drv(3)="S:"
d_drv(4)="T:" :d_drv(5)="R:" :d_drv(6)="V:" :d_drv(7)="X:"
d_drv(8)="W:" :d_drv(9)="Y:"
' define mappings
d_map(0)="\\serversbs\ups"
d_map(1)="\\serversbs\mana ge"
d_map(2)="\\serversbs\apps "
d_map(3)="\\serversbs\tech supp"
d_map(4)="\\serversbs\Died rich_db"
d_map(5)="\\serversbs\pt"
d_map(6)="\\server2000\Vis ta"
d_map(7)="\\server2000\epi cor"
d_map(8)="\\serversbs\Sche dules"
d_map(9)="\\serversbs\VSS"
set wshnet=wscript.createobjec t("wscript .network")
set drive_coll=wshnet.enumnetw orkdrives
for i=0 to 9
for each drive_item in drive_coll
if drive_item=d_drv(i) then wshnet.removenetworkdrive d_drv(i),true,true
next
wshnet.mapnetworkdrive d_drv(i),d_map(i),true
next
set drive_item=nothing
set drive_coll=nothing
set wshnet=nothing
' logon script for all users
' v1.0 (09/13/02)
' v1.1 (10/21/02) added AVG workstation communications
' v1.2 (11/14/02) change location of drive T, add drive U
' v1.3 (11/10/03) change location of drive T
' v1.4 (01/05/04) add drive X for Epicor (Vista)
' v1.5 (01/26/05) add drive W for Schedules
' v1.6 (03/17/05) add drive Y for VSS
' v1.7 (10/24/05) add drive J for Fedex
' v1.8 (05/05/06) clean up for ServerSBS
'
' map drives onlogin, unmap previous mappings
'
option explicit
on error resume next
dim i, d_drv(9), d_map(9)
dim wshnet
dim ofs
dim drive_coll
dim drive_item
' define mapped drives
d_drv(0)="I:" :d_drv(1)="M:" :d_drv(2)="P:" :d_drv(3)="S:"
d_drv(4)="T:" :d_drv(5)="R:" :d_drv(6)="V:" :d_drv(7)="X:"
d_drv(8)="W:" :d_drv(9)="Y:"
' define mappings
d_map(0)="\\serversbs\ups"
d_map(1)="\\serversbs\mana
d_map(2)="\\serversbs\apps
d_map(3)="\\serversbs\tech
d_map(4)="\\serversbs\Died
d_map(5)="\\serversbs\pt"
d_map(6)="\\server2000\Vis
d_map(7)="\\server2000\epi
d_map(8)="\\serversbs\Sche
d_map(9)="\\serversbs\VSS"
set wshnet=wscript.createobjec
set drive_coll=wshnet.enumnetw
for i=0 to 9
for each drive_item in drive_coll
if drive_item=d_drv(i) then wshnet.removenetworkdrive d_drv(i),true,true
next
wshnet.mapnetworkdrive d_drv(i),d_map(i),true
next
set drive_item=nothing
set drive_coll=nothing
set wshnet=nothing
Okay, that looks pretty clean... how about logging onto one of the workstations with an account that's having trouble... run the following at the command prompt and post that as well:
cd c:\
gpresult /z >result.txt
Jeff
TechSoEasy
cd c:\
gpresult /z >result.txt
Jeff
TechSoEasy
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
What ever happened to this? Did you resolve your problems?
Jeff
TechSoEasy
Jeff
TechSoEasy
I'm wondering as well about your drive mapping script... generally you wouldn't do this through group policy... it would be done by adding a CALL line to the SBS_LOGIN_SCRIPT.bat file that calls up a second .bat file in the same directory (which is \\SERVERNAME\NETLOGON).
And THAT makes me wonder if you added your users and computers via the required SBS Add-User and Add-Computer Wizards. These make sure that a number of things are properly configured, and they ensure that users and computers are placed in the proper default OUs.
Jeff
TechSoEasy