Solved

NT4 workstations get access is denied when trying to browse a domain controller

Posted on 2006-06-22
14
388 Views
Last Modified: 2013-12-04
When logged into a Windows NT4 sp6 workstation (as Administrator) and using Network Neighborhood to browse the network, I am unable to browse the domain controllers (all 3 of them).  The domain controllers are Windows2000.  On one of the domain controllers there are printer shares that the XP and 2000 computers can see.  The only ones having issues seeing the printer shares are the NT4 boxes.  

This is what I have seen.

The NT4 boxes can browse all non domain controller boxes at my location.  The reason I say my location is because there are some domain controllers that are located in the UK and I am able to browse thoes servers on the same NT4 box.  I think it has to be a security setting that was changed unknowingly.  I just find it strange it would effect all the controllers here.  The other guy here thinks it has to do with me adding back in the Default group policies for domain and domain controllers.  If that was the case I would think I would have the same issue browsing the UK domain servers as I do here, but I dont want to rule that out as I had to create them from scratch as someone went into the sysvol and deleted them from there and I might have missed a setting or enabled a setting that shouldnt have been done.  But like I said, if it was a group policy that stopped all NT4 boxes from browsing the domain controllers, it would have happened to the UK servers also.

I also did find something on here that sounds like the same issue as mine, but it didnt work out plus the topic ended with something about SMB signing and that isnt the answer for me.

0
Comment
Question by:x30n
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
14 Comments
 
LVL 7

Expert Comment

by:CharliePete00
ID: 16964510
Check the NIC properties on your DCs to see if NetBIOS support is enabled.
0
 
LVL 7

Expert Comment

by:CharliePete00
ID: 16964578
Also, look in the event logs of the NT 4 systems for Master Browser election notifications.

If you ping your DCs by computer name so you get name resolution?

If you try to connect the DCs directly through the command-line with "\\<server>" are you able to connect?  If not, how about with "\\<ip address>"?

Try running "ipconfig /all" from the command-line and see if your WINS and DNS server info is correct
0
 
LVL 1

Author Comment

by:x30n
ID: 16964789
NetBIOS is enabled
I can ping
WINS isnt installed (I was just hired here so...)
command-line I still get access denied.
found browser election saying:

The browser has forced an election on network \Device\NetBT_EI90x1 because a master browser was stopped.
0
Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

 
LVL 7

Accepted Solution

by:
CharliePete00 earned 168 total points
ID: 16964902
Make sure the time is correct on the problem machines and the DCs.  You also may want to try resetting the computer (not user) account passwords.  To do this execute the following from the command-line of the problemed machines:

netdom resetpwd /server:<Server> /userd:<Domain>\<Domain Admin Account> /passwordd:*

Where <Server> = The name of a DC (PDC Emulator is best)
<Domain> = The name of your domain
<Domain Admin Account> = A member of the Domain Admins group

example

netdom resetpwd /server:MyServer /userd:MyDomain\Administrator /passwordd:*
0
 
LVL 1

Author Comment

by:x30n
ID: 16965117
I will let you know how that works out tomorrow when I get back in.
0
 
LVL 13

Assisted Solution

by:hstiles
hstiles earned 166 total points
ID: 16968743
We have encountered some similar(ish) problems on MAC clients attaching to shares on a DC.  Best way to troubleshoot would be to do the following

Examine your domain security policy and compare it to your domain controller security policy.  It may be that the domain controller security policy is insisting on a much higher level of security.  Check the security log on the DC as well

0
 
LVL 1

Author Comment

by:x30n
ID: 16969858
Ok will, netdom isnt in the workstation so I downloaded the support tools and netdom isnt included also.  I tried nltest /bdc_query:(mydomain) and it showed both bdcs  but I got a I_NetLogonControl failed: Status = 5 0x5 ERROR_ACCESS_DENIED


Right now for giggles I am downloading sp6a for it to reinstall it.  Man, before comming here I havnt touched a NT4 box in like 6 years so I am so out of touch with it.  I am also going to google that error to see what I get.


hstiles: I guess if there was something in the group policys that was blocking nt4 from browseing DC's then it would have effected my UK controllers also.  I can browse the UK dc's on the same nt4 box so....

If there is something you need to know that I might not a mentioned ask.
0
 
LVL 1

Author Comment

by:x30n
ID: 16970668
Ok I am going to start thowing things out.  Maybe it will help

Workstation:

nt4 sp6a High Encryption insalled.
Disk format: FAT
used to see printer shares on domain controllers but no longer can.
used to be able to browse domain controllers in the US, but not longer can
still able to browse domain controllers in the same domain in the UK and also see the printer shares on the domain controllers.


Domain:

Win2k (upgraded from nt4, not clean install)
RID Operations Master is the 'PDC'
PDC Operation Master (emulates) is the 'PDC'
Infrastructure Master is a 'BDC'
No WINs
DNS is the 'PDC' and I am starting to notice some name resolution issues, but that is something I will tackle later.

If I think of anything or come across anything I will post it.
 
0
 
LVL 1

Author Comment

by:x30n
ID: 16970679
Oh, all three DCs here are mulit-homed.  (I remember something about that being an issue, but what I hear is well it worked in the pasted.)
0
 
LVL 12

Assisted Solution

by:gidds99
gidds99 earned 166 total points
ID: 16978979
Has there been any changes to the US network or US security policies which may account for this change in behaviour?
0
 
LVL 1

Author Comment

by:x30n
ID: 16984752
other then adding in the default domain controller and default domain group policy back in, no.


I even removed them to see if that was the issue, but it wasnt. Also if it was an issue, it should have affected the UK's DC and not allow the workstation to browse them also, but it didnt.
0
 
LVL 1

Author Comment

by:x30n
ID: 16985158
Today-

Friday there was an issue with AD and needed to restart the DC and one of the BDCs.  

Now that I am back working on this issue, I am able to connect and browse the DC and the BDC I had to reboot.  However, the BDC I really need to browse for the printer shares I still dont have access too.   So I am thinking a reboot might be in order for that one also, but it will be something I have to take care of after hours and test it.

I hate to have to reboot a server for no reason, so I hope this is all that was needed for the NT boxes to see the printer shares once again.

I will let you know as soon as I get it done.  
0
 
LVL 1

Author Comment

by:x30n
ID: 16995722
OK, rebooting it worked.
0
 
LVL 1

Author Comment

by:x30n
ID: 16995749
I will split the points up between the three of you for trying to help.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The term "Bad USB" is a buzz word that is usually used when talking about attacks on computer systems that involve USB devices. In this article, I will show what possibilities modern windows systems (win8.x and win10) offer to fight these attacks wi…
Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question