Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 488
  • Last Modified:

Having multiple AD problems with enterprise server and exch 2003

I'm having several problems with my domain right now, and I believe it is coming from an authentication error from all of the clients that are connecting to my DC. I'm running two servers; (1) DC w/ server 2003 sp2, and (1) Exch server w/ 2003 sp2. I was forced to run the DISA GoldDisk on my servers, and since then nothing has worked right. DISA GoldDisk is a collection of hotfixes, patches, and changes to group policies that harden servers to DoD standards. I can't simply uninstall or wipe the servers since we're online right now. All I have is internet browsing. I've looked up all of my errors I'm getting, and they all lead me in different directions.

My exchange services won't start. MSExchangeSA is giving me an error, event id 1005. Unexpected error Logon failure: unknown user name or bad password. Facility: LDAP Provider ID no: 9007052e Microsoft Exchange System Attendant  occured.

Also, Userenv is giving me a event id 1053: Windows cannot determine the suer or computer name. (Access is denied.). Group Policy processing aborted.

Steps I've taken with this:
Ran setup.exe /domainprep again to reset the servers permissions
Scrubbed the Local, Domain, and Domain Controller security policies (might of missed something, don't know exactly what I'm looking for)
Ran gpupdate /force MANY times.

Problem #2:
I can't connect to our domain controller shares with a \\<ip addr> when I'm on a user account. I can do this just fine when I'm on a Domain Admin account. Haven't been able to figure this one out, but I'm sure it's related to the rest of my problems. The funny thing is, if I log on to a client with a local account, I can get to the shares. The error I'm getting is:

\\<ip addr> is not accessible. You might not have permission to use this network resource. Contact the administrator of this server to find out if you have access permissions.

Problem #3:
None of our network print shares (we tried on our DC and Exch servers) are working. For users, they don't show in active directory, but they do if you're logged in as a domain admin.

All of these sound they're related, I've tried to drop the security policies on the DC, i checked the time and synced it with another time source, and still no joy. Everyone can log on and surf the internet though.
0
blizzard907
Asked:
blizzard907
  • 4
  • 2
1 Solution
 
jderaCommented:
It sounds like your best bet here is to do a restore of the image of these servers prior to the golddisk install.  You could really just end up chasing your tail on these.
0
 
blizzard907Author Commented:
That's not an option, because they were all scanned for vulnerabilities prior to them coming on line, and I can't scan them again.
0
 
blizzard907Author Commented:
Update: We can print on some computers if we add the printer as an admin and we defined the print spooler service as auto in the domain policy. it's still hit or miss.
0
Fill in the form and get your FREE NFR key NOW!

Veeam is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

 
snusgubbenCommented:
> Scrubbed the Local, Domain, and Domain Controller security policies (might of missed something, don't know exactly what I'm looking for)

If you want to "revert" the Default Domain Policy and the Default Domain Controller Policy back to default, you can use the Dcgpofix tool that will do the task. Every custom made changes to these GPO's will be lost!

"dcgpofix /target: both"

You should also check the security settings on the Default Domain Controller Policy:

http://support.microsoft.com/kb/833783


SG

0
 
blizzard907Author Commented:
we're still having all the same problems. i went through this, and forced the policies down, but they're not taking. I think the userenv 1053 error is the trumping factor in all of this.
0
 
snusgubbenCommented:
If you have run a tool that is a lock down tool, I recomend you to contact the vendor of this product. They should know what the tool does.

Just some quick tips:

Have you checked that both computer- and users accounts is not disabled?

Is there a firewall on?

Verify that "File and Printer Sharing for Microsoft Networks" is enabled on the NIC.

If not, call the vendor!


SG
0
 
blizzard907Author Commented:
I ended up getting authorization to wipe the servers and start over. You were leading me in the right direction though, and I kind of wish that I had more time to troubleshoot it.

All of our ghost images come with Windows Firewall/ICS disabled, and the File/Print sharing enabled. We checked AD user and computers, all were enabled.

Thanks for all the help
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now