Solved

SBS 2003, AD clients disconecting

Posted on 2013-01-28
11
229 Views
Last Modified: 2013-03-17
Hi,

A client's SBS 2003 server keeps disconnecting users. They complain that they loose their desktop icons. They can login and open outlook (Exchange) and see their inbox but can't send/recieve email so sounds like they are being disconnected from Active Directory.

They can still get to the Internet and login to the domain uisng the domain users account login. I have checked the logs and I can't see anyting that might explain it but don't really know what to look for.

Logging in/out or rebooting workstations seems to work most of the time but sometimes doesn't.

They have GPO redirecting their documents to a folder on the server and a logon bat file assigning a network drive. There are also assigned applications.

What can I do to find out what is causing the issue?
0
Comment
Question by:OsakaKiwi
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3
  • 2
11 Comments
 
LVL 58

Expert Comment

by:Cliff Galiher
ID: 38829176
It could be intermittent network issues. An overworked server, switch, or bad network card can do this. It could also be DNS. I see sysadmins add ISP DNS often and that will cause AD issues.
0
 

Author Comment

by:OsakaKiwi
ID: 38829262
Ok, thanks.

It is a .local domain and not over worked (according to preformance reports and only three workstations). Should I check the system logs for network card issues?

It is multiholmend and last time I could remote in and the clients can get the Internet so that suggests the NICs are working fine doesn't it?
0
 
LVL 58

Expert Comment

by:Cliff Galiher
ID: 38829314
Not necessarily. Some protocols are designed to recover from intermittent issues or similar poor network conditions, while others are not. AD really relies on a healthy LAN setup.
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 

Author Comment

by:OsakaKiwi
ID: 38829351
Ok, thanks. I'll make sure to ceck all connections and keep an eye for network issues in the log. I'll leave the question open for a while in case there are other sugestions.

Cheers
Dennis
0
 
LVL 11

Expert Comment

by:hecgomrec
ID: 38833134
Do you know how many users does the server has?

Do this machines are running windows xp, vista or win7?

Most of the Network cards are setup by default to turn off to save power this has to be remove in the NIC properties.

SBS2003 has a limit of 85 users if you have more or you are close to that you will start getting a message in the server as a warning and in your event logs and SBS will disconnect users randomly... must of the time the oldest credential authenticated in the system.

That's why sometimes rebooting won't work as the server can't authenticate more users.

Good Luck
0
 

Author Comment

by:OsakaKiwi
ID: 38834071
Hi, thanks but the server is not being overworked at att. There are only three AD users and about one or two other stand alone systems that connect to get shared folders or to print.

I checked the server power settings and it was set to 'always on' but the local network nic was checked to let the system turn it off so I uncheked it anyway. The client workstations are left on all the time so I would think the clients would keep the network open as the server runs WSUS and client antivirus manager.
0
 

Author Comment

by:OsakaKiwi
ID: 38961243
Sorry, this question has been left for a long time but this issue still persists. I have been able to narrow it down and it seems like the clients are loosing the AD domain connection after a server re-boot (after a patch or update which requires a reboot). The clients will loose the shared folders and desktop icons, etc. After a while or a reboot of the client machine the connection to the domain restores. However, there are some instances where the client machines take a long time to re-connect.  

Does anyone know what may be causing this issue?

Thanks
0
 
LVL 11

Expert Comment

by:hecgomrec
ID: 38961904
For this scenario I'm guessing you are working with a SBS.

You should never shutdown a server without having the users to log off or reboot their machines right after the "down" time.

The issue you're experiencing might be related to the DNS.  Make sure your server has an static IP, if not please do so and reboot again and have the clients to reboot to take the changes.  Less possibility is that your switch is not working properly... shut it down move cables to different ports and reboot everything.

Try all the above to discard any possible DNS issues.

Post back your findings.... Good Luck
0
 

Author Comment

by:OsakaKiwi
ID: 38970291
Hi, thank you for that. The server does have a fixed IP and switch seems ok as the network works most of the time but workstations do not shut down. The staff leave them on 24/7. The server is set to install updates every night about 3am then reboot if needed. The staff always try and reboot the workstations if the AD network is lost but sometimes that doesn't work.

Last week there was a power failure and when power was resorted no AD connect could be made after starting all machines. I logged on remotely to the server and answered the question about the server shutting down expectantly then one workstation connected to the network automatically but the others didn't. I told the staff to shut down the other PCs and leave then for 10min or so. After that things seemed ok.

Should I advise the staff to always shut down the workstations every night to avoid loosing the AD connection or what? I can't seem to find a definitive answer or best practice for this problem or situation.
0
 
LVL 11

Accepted Solution

by:
hecgomrec earned 500 total points
ID: 38973478
No... I don't believe any machine has to be rebooted everynight.

Today computers are design to operate on a 24/7 basis, but I do recommend users to log off from the network everyday.  This is an option as sooner or later, depending on your settings users credentials will be required and users must log in again to gain access to network resources.

Now according to what you said about your server having a "Power Failure" then loosing your stations... seem a common issue specially if your configuration is very small, DNS has to be rebuild and IP authenticated.  Also, you mentioned about 1 station getting connected... you should check the settings on that machine to find out the difference on its config to try to sort out how to duplicate this on the others computers.  Must of the time the machine will power off the network card turn this feature off but again check and compare your stations.
0
 

Author Comment

by:OsakaKiwi
ID: 38992966
Thanks for that. I think the problem as you sugested is the clients not logging off at the end of their shift. I will recomend the staff log off from now on and see what happens. I will also check the logs of the PC that connected after the power failure. If the or similar problem appears again I will open a new ticket.

Cheers
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question