Solved

SBS 2003, AD clients disconecting

Posted on 2013-01-28
11
223 Views
Last Modified: 2013-03-17
Hi,

A client's SBS 2003 server keeps disconnecting users. They complain that they loose their desktop icons. They can login and open outlook (Exchange) and see their inbox but can't send/recieve email so sounds like they are being disconnected from Active Directory.

They can still get to the Internet and login to the domain uisng the domain users account login. I have checked the logs and I can't see anyting that might explain it but don't really know what to look for.

Logging in/out or rebooting workstations seems to work most of the time but sometimes doesn't.

They have GPO redirecting their documents to a folder on the server and a logon bat file assigning a network drive. There are also assigned applications.

What can I do to find out what is causing the issue?
0
Comment
Question by:OsakaKiwi
  • 6
  • 3
  • 2
11 Comments
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 38829176
It could be intermittent network issues. An overworked server, switch, or bad network card can do this. It could also be DNS. I see sysadmins add ISP DNS often and that will cause AD issues.
0
 

Author Comment

by:OsakaKiwi
ID: 38829262
Ok, thanks.

It is a .local domain and not over worked (according to preformance reports and only three workstations). Should I check the system logs for network card issues?

It is multiholmend and last time I could remote in and the clients can get the Internet so that suggests the NICs are working fine doesn't it?
0
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 38829314
Not necessarily. Some protocols are designed to recover from intermittent issues or similar poor network conditions, while others are not. AD really relies on a healthy LAN setup.
0
 

Author Comment

by:OsakaKiwi
ID: 38829351
Ok, thanks. I'll make sure to ceck all connections and keep an eye for network issues in the log. I'll leave the question open for a while in case there are other sugestions.

Cheers
Dennis
0
 
LVL 11

Expert Comment

by:hecgomrec
ID: 38833134
Do you know how many users does the server has?

Do this machines are running windows xp, vista or win7?

Most of the Network cards are setup by default to turn off to save power this has to be remove in the NIC properties.

SBS2003 has a limit of 85 users if you have more or you are close to that you will start getting a message in the server as a warning and in your event logs and SBS will disconnect users randomly... must of the time the oldest credential authenticated in the system.

That's why sometimes rebooting won't work as the server can't authenticate more users.

Good Luck
0
Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

 

Author Comment

by:OsakaKiwi
ID: 38834071
Hi, thanks but the server is not being overworked at att. There are only three AD users and about one or two other stand alone systems that connect to get shared folders or to print.

I checked the server power settings and it was set to 'always on' but the local network nic was checked to let the system turn it off so I uncheked it anyway. The client workstations are left on all the time so I would think the clients would keep the network open as the server runs WSUS and client antivirus manager.
0
 

Author Comment

by:OsakaKiwi
ID: 38961243
Sorry, this question has been left for a long time but this issue still persists. I have been able to narrow it down and it seems like the clients are loosing the AD domain connection after a server re-boot (after a patch or update which requires a reboot). The clients will loose the shared folders and desktop icons, etc. After a while or a reboot of the client machine the connection to the domain restores. However, there are some instances where the client machines take a long time to re-connect.  

Does anyone know what may be causing this issue?

Thanks
0
 
LVL 11

Expert Comment

by:hecgomrec
ID: 38961904
For this scenario I'm guessing you are working with a SBS.

You should never shutdown a server without having the users to log off or reboot their machines right after the "down" time.

The issue you're experiencing might be related to the DNS.  Make sure your server has an static IP, if not please do so and reboot again and have the clients to reboot to take the changes.  Less possibility is that your switch is not working properly... shut it down move cables to different ports and reboot everything.

Try all the above to discard any possible DNS issues.

Post back your findings.... Good Luck
0
 

Author Comment

by:OsakaKiwi
ID: 38970291
Hi, thank you for that. The server does have a fixed IP and switch seems ok as the network works most of the time but workstations do not shut down. The staff leave them on 24/7. The server is set to install updates every night about 3am then reboot if needed. The staff always try and reboot the workstations if the AD network is lost but sometimes that doesn't work.

Last week there was a power failure and when power was resorted no AD connect could be made after starting all machines. I logged on remotely to the server and answered the question about the server shutting down expectantly then one workstation connected to the network automatically but the others didn't. I told the staff to shut down the other PCs and leave then for 10min or so. After that things seemed ok.

Should I advise the staff to always shut down the workstations every night to avoid loosing the AD connection or what? I can't seem to find a definitive answer or best practice for this problem or situation.
0
 
LVL 11

Accepted Solution

by:
hecgomrec earned 500 total points
ID: 38973478
No... I don't believe any machine has to be rebooted everynight.

Today computers are design to operate on a 24/7 basis, but I do recommend users to log off from the network everyday.  This is an option as sooner or later, depending on your settings users credentials will be required and users must log in again to gain access to network resources.

Now according to what you said about your server having a "Power Failure" then loosing your stations... seem a common issue specially if your configuration is very small, DNS has to be rebuild and IP authenticated.  Also, you mentioned about 1 station getting connected... you should check the settings on that machine to find out the difference on its config to try to sort out how to duplicate this on the others computers.  Must of the time the machine will power off the network card turn this feature off but again check and compare your stations.
0
 

Author Comment

by:OsakaKiwi
ID: 38992966
Thanks for that. I think the problem as you sugested is the clients not logging off at the end of their shift. I will recomend the staff log off from now on and see what happens. I will also check the logs of the PC that connected after the power failure. If the or similar problem appears again I will open a new ticket.

Cheers
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

I work for a company that primarily works with small businesses as their outsourced IT vendor. As such the majority of these customers utilize some version of Small Business Server. Due to the economics of running a small business, many of these cus…
This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now