sirvodka
asked on
Cannot access server shares or join workstation to domain
Experts,
I have completed the process of migrating SBS 2003 to a new server. It has the same server name, domain name, and IP address of the old server. The new server is running on an isolated hub for testing purposes. I have connected a couple of workstations to the hub and Exchange seems to be working fine. My problem is the workstations cannot browse or map a drive to the new servers shares. I keep getting a login prompt. Have tried all logins including administrator and domain admin. If I right click on the servername in Explorer I get "You do not have appropriate access rights to this server". I decided to remove and then re-join the workstation to the domain. When trying to join back to the domain I get an "access denied" error. Any help would be greatly appreciated. Thanks.
Steve
I have completed the process of migrating SBS 2003 to a new server. It has the same server name, domain name, and IP address of the old server. The new server is running on an isolated hub for testing purposes. I have connected a couple of workstations to the hub and Exchange seems to be working fine. My problem is the workstations cannot browse or map a drive to the new servers shares. I keep getting a login prompt. Have tried all logins including administrator and domain admin. If I right click on the servername in Explorer I get "You do not have appropriate access rights to this server". I decided to remove and then re-join the workstation to the domain. When trying to join back to the domain I get an "access denied" error. Any help would be greatly appreciated. Thanks.
Steve
ASKER
kprad,
>>what about window firewall. Is it enabled
disabled on server, enabled on workstation
>>what credentials are you using
I'm assuming by credentials you mean username/password. I have tried mine(domain admin) and the administrator
>>what about the default gp "add w/s to the domain"
Authenticated Users
>>what error is reported in the eventvwr ?
I assume you want eventviewer on the server.
APPLICATION
Event Type: Error
Event Source: MSExchangeTransport
Event Category: Routing Engine/Service
Event ID: 929
Date: 6/14/2006
Time: 12:37:01 PM
User: N/A
Computer: ---
Description:
Failed in reading Connector's DS Info Process Id: 1712 Process location:
C:\WINDOWS\system32\inetsr
connector,CN=Connections,C
administrative group,CN=Administrative Groups,CN=(server),CN=Micr
Exchange,CN=Services,CN=Co
Attribute:[]
Event Type: Warning
Event Source: WinMgmt
Event Category: None
Event ID: 5603
Date: 6/21/2006
Time: 9:26:24 AM
User: NT AUTHORITY\SYSTEM
Computer: SHEPSBS
Description:
A provider, PerfProv, has been registered in the WMI namespace,
ROOT\CIMV2\MicrosoftHealth
HostingModel property. This provider will be run using the LocalSystem account.
This account is privileged and the provider may cause a security violation
if it does not correctly impersonate user requests. Ensure that provider has
been reviewed for security behavior and update the HostingModel property
of the provider registration to an account with the least privileges possible for the required functionality.
SYSTEM
Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 5722
Date: 6/21/2006
Time: 2:40:41 PM
User: N/A
Computer: SHEPSBS
Description:
The session setup from the computer TRAIN02 failed to authenticate.
The name(s) of the account(s) referenced in the security database is TRAIN02$.
The following error occurred:
Access is denied.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 22 00 00 c0 "..À
Event Type: Error
Event Source: Kerberos
Event Category: None
Event ID: 4
Date: 6/21/2006
Time: 2:35:44 PM
User: N/A
Computer: SHEPSBS
Description:
The kerberos client received a KRB_AP_ERR_MODIFIED error from the server TRAIN02$.
The target name used was cifs/Train02. This indicates that the password used
to encrypt the kerberos service ticket is different than that on the target server.
Commonly, this is due to identically named machine accounts in the target
realm (SHEPHERDDATA.LOCAL), and the client realm. Please contact your system administrator.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Train02 is the workstation I was trying to join to the domain. Thanks.
Steve
>>what about window firewall. Is it enabled
disabled on server, enabled on workstation
>>what credentials are you using
I'm assuming by credentials you mean username/password. I have tried mine(domain admin) and the administrator
>>what about the default gp "add w/s to the domain"
Authenticated Users
>>what error is reported in the eventvwr ?
I assume you want eventviewer on the server.
APPLICATION
Event Type: Error
Event Source: MSExchangeTransport
Event Category: Routing Engine/Service
Event ID: 929
Date: 6/14/2006
Time: 12:37:01 PM
User: N/A
Computer: ---
Description:
Failed in reading Connector's DS Info Process Id: 1712 Process location:
C:\WINDOWS\system32\inetsr
connector,CN=Connections,C
administrative group,CN=Administrative Groups,CN=(server),CN=Micr
Exchange,CN=Services,CN=Co
Attribute:[]
Event Type: Warning
Event Source: WinMgmt
Event Category: None
Event ID: 5603
Date: 6/21/2006
Time: 9:26:24 AM
User: NT AUTHORITY\SYSTEM
Computer: SHEPSBS
Description:
A provider, PerfProv, has been registered in the WMI namespace,
ROOT\CIMV2\MicrosoftHealth
HostingModel property. This provider will be run using the LocalSystem account.
This account is privileged and the provider may cause a security violation
if it does not correctly impersonate user requests. Ensure that provider has
been reviewed for security behavior and update the HostingModel property
of the provider registration to an account with the least privileges possible for the required functionality.
SYSTEM
Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 5722
Date: 6/21/2006
Time: 2:40:41 PM
User: N/A
Computer: SHEPSBS
Description:
The session setup from the computer TRAIN02 failed to authenticate.
The name(s) of the account(s) referenced in the security database is TRAIN02$.
The following error occurred:
Access is denied.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 22 00 00 c0 "..À
Event Type: Error
Event Source: Kerberos
Event Category: None
Event ID: 4
Date: 6/21/2006
Time: 2:35:44 PM
User: N/A
Computer: SHEPSBS
Description:
The kerberos client received a KRB_AP_ERR_MODIFIED error from the server TRAIN02$.
The target name used was cifs/Train02. This indicates that the password used
to encrypt the kerberos service ticket is different than that on the target server.
Commonly, this is due to identically named machine accounts in the target
realm (SHEPHERDDATA.LOCAL), and the client realm. Please contact your system administrator.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Train02 is the workstation I was trying to join to the domain. Thanks.
Steve
Since the new server is really a new domain (even if named the same) as the Domain SID is completely different, you will have to rejoin all workstations to the domain.
In SBS, you use the Wizards, then http://servername/connectcomputer (where servername is your server's name).
In SBS, you use the Wizards, then http://servername/connectcomputer (where servername is your server's name).
ASKER
I forgot to mention this in my original post.
I did try http://servername/connectcomputer and got the following error.
"You are not authorized to view this page"
I did try http://servername/connectcomputer and got the following error.
"You are not authorized to view this page"
ASKER
Just a quick update.
I was able to resolve the /computerconnect "not authorized" error by fixing the IWAM and IUSER passwords but of course it created another issue.
Now I get a "an error occured when configuring network settings" error after clicking finish.
I was able to resolve the /computerconnect "not authorized" error by fixing the IWAM and IUSER passwords but of course it created another issue.
Now I get a "an error occured when configuring network settings" error after clicking finish.
ASKER
Another quick update.
After renaming the PC I was able to join it to the domain through /computerconnect and it was now able to browse the server.
I removed it from the domain again, named it back to the original name, and was able to join the domain through /computerconnect and browse the server.
Will it be necessary to do this on all the workstations and how will this affect my user profiles?
Thanks
After renaming the PC I was able to join it to the domain through /computerconnect and it was now able to browse the server.
I removed it from the domain again, named it back to the original name, and was able to join the domain through /computerconnect and browse the server.
Will it be necessary to do this on all the workstations and how will this affect my user profiles?
Thanks
It shouldn't be - however, I can't state that with any certainty.
You'll have to attack each PC on a case-by-case basis.
Your profiles will remain on the PC, however they may not be used for the new domain - that part you will need to test.
You'll have to attack each PC on a case-by-case basis.
Your profiles will remain on the PC, however they may not be used for the new domain - that part you will need to test.
ASKER
Along with the previously stated problems I am also getting the following Application Event Errors. Can anyone help me with these? Thanks
Event Type: Error
Event Source: MSExchangeTransport
Event Category: Routing Engine/Service
Event ID: 929
Date: 6/22/2006
Time: 12:38:30 PM
User: N/A
Computer: SHEPSBS
Description:
Failed in reading Connector's DS Info Process Id: 1572 Process location: C:\WINDOWS\system32\inetsr
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Warning
Event Source: Perflib
Event Category: None
Event ID: 2003
Date: 6/22/2006
Time: 10:37:44 AM
User: N/A
Computer: SHEPSBS
Description:
The configuration information of the performance library "C:\WINDOWS\system32\inets
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Warning
Event Source: Perflib
Event Category: None
Event ID: 1016
Date: 6/22/2006
Time: 10:37:19 AM
User: N/A
Computer: SHEPSBS
Description:
The data buffer created for the "MSExchangeIS" service in the "C:\Program Files\Exchsrvr\bin\mdbperf
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 80 c9 84 00 fc 2b 00 00 ?É?.ü+..
Event Type: Warning
Event Source: WinMgmt
Event Category: None
Event ID: 5603
Date: 6/22/2006
Time: 10:37:16 AM
User: NT AUTHORITY\SYSTEM
Computer: SHEPSBS
Description:
A provider, PerfProv, has been registered in the WMI namespace, ROOT\CIMV2\MicrosoftHealth
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: MSExchangeTransport
Event Category: Routing Engine/Service
Event ID: 929
Date: 6/22/2006
Time: 12:38:30 PM
User: N/A
Computer: SHEPSBS
Description:
Failed in reading Connector's DS Info Process Id: 1572 Process location: C:\WINDOWS\system32\inetsr
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Warning
Event Source: Perflib
Event Category: None
Event ID: 2003
Date: 6/22/2006
Time: 10:37:44 AM
User: N/A
Computer: SHEPSBS
Description:
The configuration information of the performance library "C:\WINDOWS\system32\inets
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Warning
Event Source: Perflib
Event Category: None
Event ID: 1016
Date: 6/22/2006
Time: 10:37:19 AM
User: N/A
Computer: SHEPSBS
Description:
The data buffer created for the "MSExchangeIS" service in the "C:\Program Files\Exchsrvr\bin\mdbperf
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 80 c9 84 00 fc 2b 00 00 ?É?.ü+..
Event Type: Warning
Event Source: WinMgmt
Event Category: None
Event ID: 5603
Date: 6/22/2006
Time: 10:37:16 AM
User: NT AUTHORITY\SYSTEM
Computer: SHEPSBS
Description:
A provider, PerfProv, has been registered in the WMI namespace, ROOT\CIMV2\MicrosoftHealth
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I used the Swing Migration method and have been struggling with problems for 3 weeks. At this point I am just going to do a fresh install and forget about the migration. I have no more time to spend on troubleshooting the issues. Is seems once I fix one another pops up. Thanks to everyone for their help.
Steve
Steve
Your struggles, I would think, have come from making manual configurations before you have everything working. SBS really MUST be configured with the wizards.
If you run into any problems, don't try to fix things the "normal" server 2003 way... make sure it's an SBS way... because it's easy to break one thing by fixing another. I mention that again because of your comment about " fixing the IWAM and IUSER passwords ".
Definitely start with this: http://sbsurl.com/start
Jeff
TechSoEasy
If you run into any problems, don't try to fix things the "normal" server 2003 way... make sure it's an SBS way... because it's easy to break one thing by fixing another. I mention that again because of your comment about " fixing the IWAM and IUSER passwords ".
Definitely start with this: http://sbsurl.com/start
Jeff
TechSoEasy
ASKER
I would only run the fixes when directed to by Jeff. Anyway, I have shelved the migration idea and am reloading from scratch. So far all is well except I have a corrupted system event log. What would be the best way to fix this. Thanks.
ahh... milking the question for another topic! okay, you win...
Did you happen to run windows updates before completing the To-Do list? I know it tells you to on screen, but you shouldn't. If you have... you need to start over. Sorry.
FYI... legend has it that it takes a minimum of three sbs installs before one gets it right... (it took me 4).
Jeff
TechSoEasy
Did you happen to run windows updates before completing the To-Do list? I know it tells you to on screen, but you shouldn't. If you have... you need to start over. Sorry.
FYI... legend has it that it takes a minimum of three sbs installs before one gets it right... (it took me 4).
Jeff
TechSoEasy
ASKER
I love milk!
Anyway, I'll take what I can get at this point.
I also did about 4 installs setting up my current online server.
What part of the TO-DO list are you referring to?
I did run the CEICW first, then all the service pack updates that come with SBS 2003 SP1, Exchange SP2, and then windows update.
Anyway, I'll take what I can get at this point.
I also did about 4 installs setting up my current online server.
What part of the TO-DO list are you referring to?
I did run the CEICW first, then all the service pack updates that come with SBS 2003 SP1, Exchange SP2, and then windows update.
That's the problem... do ALL of the to-do list, such as adding users, computers, configure fax, configure monitoring, configure backup.
If you want a really good book (one that I follow each time I install... even after more than 50 installations) check out http://sbsurl.com/best
Jeff
TechSoEasy
If you want a really good book (one that I follow each time I install... even after more than 50 installations) check out http://sbsurl.com/best
Jeff
TechSoEasy
ASKER
Thanks. I'll reinstall.
what credentials are you using.
what about the default gp "add w/s to the domain"
what error is reported in the eventvwr ?