Cannot access root shares (sysvol, netlogon ,etc) by using domain.local, but can if I use fqdn of server or IP.
Hi,
Here is the current situation:
1- I can see list of shares if I access domain.local.
2- I cannot enter any share if I use domain.local (clicking from the list of shares). GPupdate is failing too...
3- If I use fqdn of server i can access each folder without issues.
4- If I use IP i can access each folder without issues.
5- nslookup of domain.local is ok
6- computers can join without issue to domain.
7-No errors in dfs (event viewer). But this does not disqualify dfs as the problem.
8- This was working a few days ago perfectly. In a previous setup the server was only AD / DC , no dns or dhcp involved. Recently we moved all the dns, dhcp , wins, etc to the core AD/DC server (same server im talking above), because we were having issues integrating with some other systems (user integrations).
9- Issues with integration / sync of AD cleared, but now this new problem arise. This cause suspect for dns issues , though i can resolve and ping anything.
Its been a few crazy hours, literally no sleep, maybe some of the real experts have an idea :D?
Windows Server 2012 R2. Workstations are Windows 7.
Everything passed ,except the following:
Starting test: MachineAccount
Checking machine account for DC SERVER1 on DC SERVER1.
The account SERVER1 is not trusted for delegation. It cannot
replicate.
The account SERVER1 is not a DC account. It cannot replicate.
Warning: Attribute userAccountControl of SERVER1 is:
0x11000 = ( WORKSTATION_TRUST_ACCOUNT | DONT_EXPIRE_PASSWD )
Typical setting for a DC is
0x82000 = ( SERVER_TRUST_ACCOUNT | TRUSTED_FOR_DELEGATION )
Could this be causing such sysvol access issues?
Answering your question: just one dc. Thank your for answering.
Will Szymkowski
Yes this is the issue with your replicaiton. Can you also run netdom query fsmo and netdom query dc.
You will need to follow the link i have provided above and make sure that you perform an authoritative restore of Sysvol.
Just curious when you ran net share where the Sysvol and Netlogon shared out?
Will.
Hugo Rosa
ASKER
net share, executed inside dc:
SYSVOL C:\Windows\SYSVOL\sysvol Logon server share
Something is wrong with this DC. I mean why would I be able to access it via server1.thedomain.local and click each share, and when I do the same for thedomain.local i see the shares but i get denied!
Will Szymkowski
Yes you are correct, there is something definitely wrong with this DC. When you run netdom query fsmo you should see ALL DC's that are in your domain. If you are not seeing anything then there is something definitely wrong. Do you have a system state backup of the DC?
You might have to restore the entire server using the Authoritative Restore method.
Starting test: MachineAccount
Checking machine account for DC SERVER1 on DC SERVER1.
The account SERVER1 is not trusted for delegation. It cannot
replicate.
The account SERVER1 is not a DC account. It cannot replicate.
Warning: Attribute userAccountControl of SERVER1 is:
0x11000 = ( WORKSTATION_TRUST_ACCOUNT | DONT_EXPIRE_PASSWD )
Typical setting for a DC is
0x82000 = ( SERVER_TRUST_ACCOUNT | TRUSTED_FOR_DELEGATION )
Could this be causing such sysvol access issues?
Answering your question: just one dc. Thank your for answering.