"Applying your personal settings", cannot browse network, "Domain is not accessible"
Posted on 2009-04-23
Hardware: one Windows 2003 RC2 server, ten Win XP Pro sp3 clients, one SonicWALL security/firewall appliance sitting in between the ISP's internet box and our server/LAN.
History: ten computers used to be more or less workgroup based, ie- users would log on to their assigned computer with a locally created user account, shares were setup on the server, drive mapping created on the workstations so users could access data stored/backed up on that server. Server basically acted like a file server.
Now the SMB wants to move away from workgroups and move to domain based environment, to get benefit of a domain: single sign-on pass-through, shared printers, access permissions on accounting data folders, etc.
Actions: First thing I did was verify that the workstations were in fact joined to the domain, joined them if they weren't, and verified domain user accounts were setup in Active Directory Users & Computers ("ADUC"). Done. Next, I asked all users (not all at once) to log on to their domain computers with their newly created domain accounts.
- when any domain user logs onto any domain computer they get "Applying your personal settings" for ~1-2 mins. This is consistent, ie- happens every time any domain user logs on to any domain workstation, for just about the exact same amount of time every time, 1-2 minutes.
- domain users can "connect to" but NOT browse in Windows Explorer: "My Network Places, Entire Network, Microsoft Windows Network" displays the domain but when I click on it to browse it responds with "Domain is not accessible. You might not have permission to use this network resource"
Server: not configured to use DHCP, WINS, or DNS.
- Client for Windows Networks is enabled
- File and Print Sharing is enabled
- static LAN IP addresses are configured, IP: 10.0.0.x, SM: 255.255.255.0, GW: 10.0.0.1(?); ie- no DHCP leased addresses
- DNS: TCP/IP is configured to point to ISP's DNS (which probably gives users their access to the outside internet world)
- domain users can connect to network resources through net use or \\sever\share (assuming access permissions have been set correctly on the object.
- share permissions are set to Everyone: Read/Change and Folder/File permissions set to Everyone: Modify. Set this way because not all users are using domain accounts to log onto workstations, some still use local user accounts. By setting the permissions this way the users who are still logged on to local user accounts can access those network shares/resources
- domain user accounts have their My Documents folder redirection redirected to Q:\My Documents on \\server (10.0.0.23)
- Offline Folders for all domain users is now DISABLED (even though they are turned ON by default)
My guess is this is probably an easy fix for some my issues, like setting up DNS, verifying my client TCP/IP settings are correct, etc, but the more I think about it the more I confuse myself. So my typing this all out may be helpful... or not ;) am not a server/network administrator, ie- I have never setup a Windows 2003 server, implemented DNS, or a domain in AD. I primarily deal with Help Desk support. Thanks in advance!