Jump to content

Recommended Posts

Guest Adrian Marsh (NNTP)
Posted

Hi,

 

Looking at the event logs of some of my DCs, I've seeing a complaint:

 

Event Type: Error

Event Source: Userenv

Event Category: None

Event ID: 1058

Date: 23/07/2009

Time: 16:32:59

User: NT AUTHORITY\SYSTEM

Computer: UBIQ-SERV9

Description:

Windows cannot access the file gpt.ini for GPO

CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=ubiquisys,DC=local.

The file must be present at the location

.

(Access is denied. ). Group Policy processing aborted.

 

 

but the gpt.ini file is there (GPT.INI)

 

It has access perms:

 

Authenticated Users: Read & Execute

Server Operators R & E

Administrators Full Control

SYSTEM Full Control

 

seems ok to me !?!

Guest Adrian Marsh (NNTP)
Posted

Just to add: As I've seen some posts about multi-homed DCs.

 

This is from one of the DCs itself. It has a single NIC, but it does

provide RRAS (PPTP VPN) services to Internet clients. Not sure if that

classifies it as multi-homed or not.

 

DNS is configured for the internal DNS server (and as far as I can tell

all the SRV records are good).

 

There are some other issues on the DC I'm checking into about

Autoenrollment and DC certificate failures (0x80070005), but clients

seem to be ok using this server as a DC.

 

 

Adrian Marsh (NNTP) wrote:

> Hi,

>

> Looking at the event logs of some of my DCs, I've seeing a complaint:

>

> Event Type: Error

> Event Source: Userenv

> Event Category: None

> Event ID: 1058

> Date: 23/07/2009

> Time: 16:32:59

> User: NT AUTHORITYSYSTEM

> Computer: UBIQ-SERV9

> Description:

> Windows cannot access the file gpt.ini for GPO

> CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=ubiquisys,DC=local.

> The file must be present at the location

> .

> (Access is denied. ). Group Policy processing aborted.

>

>

> but the gpt.ini file is there (GPT.INI)

>

> It has access perms:

>

> Authenticated Users: Read & Execute

> Server Operators R & E

> Administrators Full Control

> SYSTEM Full Control

>

> seems ok to me !?!

Guest Meinolf Weber [MVP-DS]
Posted

Hello Adrian,

 

Please post an unedited ipconfig /all from the server. And to answer your

question, using RRAS on a DC is a kind of multihoming.

 

Best regards

 

Meinolf Weber

Disclaimer: This posting is provided "AS IS" with no warranties, and confers

no rights.

** Please do NOT email, only reply to Newsgroups

** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

 

> Just to add: As I've seen some posts about multi-homed DCs.

>

> This is from one of the DCs itself. It has a single NIC, but it does

> provide RRAS (PPTP VPN) services to Internet clients. Not sure if that

> classifies it as multi-homed or not.

>

> DNS is configured for the internal DNS server (and as far as I can

> tell all the SRV records are good).

>

> There are some other issues on the DC I'm checking into about

> Autoenrollment and DC certificate failures (0x80070005), but clients

> seem to be ok using this server as a DC.

>

> Adrian Marsh (NNTP) wrote:

>

>> Hi,

>>

>> Looking at the event logs of some of my DCs, I've seeing a complaint:

>>

>> Event Type: Error

>> Event Source: Userenv

>> Event Category: None

>> Event ID: 1058

>> Date: 23/07/2009

>> Time: 16:32:59

>> User: NT AUTHORITYSYSTEM

>> Computer: UBIQ-SERV9

>> Description:

>> Windows cannot access the file gpt.ini for GPO

>> CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=ub

>> iquisys,DC=local.

>> The file must be present at the location

>> > 2-945F-00C04FB984F9}gpt.ini>.

>> (Access is denied. ). Group Policy processing aborted.

>> but the gpt.ini file is there (GPT.INI)

>>

>> It has access perms:

>>

>> Authenticated Users: Read & Execute

>> Server Operators R & E

>> Administrators Full Control

>> SYSTEM Full Control

>> seems ok to me !?!

>>

Guest Adrian Marsh (NNTP)
Posted

Hi Meinolf,

 

serv9 (DC + RRAS + DNS/WINS secondary) config below. Static assigned IPs.

 

serv1 (192.168.50.3) is the main DNS/WINS server (an old SBS 2003 server)

 

Looking at it, I'm not sure why there are two .28 IPs defined on the LAN

interface... I'll try removing one.

 

 

C:\Documents and Settings\adm1n>ipconfig /all

 

Windows IP Configuration

 

Host Name . . . . . . . . . . . . : ubiq-serv9

Primary Dns Suffix . . . . . . . : mynetwork.local

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : Yes

WINS Proxy Enabled. . . . . . . . : Yes

DNS Suffix Search List. . . . . . : mynetwork.local

 

PPP adapter RAS Server (Dial In) Interface:

 

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface

Physical Address. . . . . . . . . : 00-53-45-00-00-00

DHCP Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 192.168.50.154

Subnet Mask . . . . . . . . . . . : 255.255.255.255

Default Gateway . . . . . . . . . :

 

Ethernet adapter Local Area Connection:

 

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit

Controller

Physical Address. . . . . . . . . : 00-1A-A0-5E-6F-E3

DHCP Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 192.168.52.28

Subnet Mask . . . . . . . . . . . : 255.255.255.0

IP Address. . . . . . . . . . . . : 192.168.50.28

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.50.1

DNS Servers . . . . . . . . . . . : 192.168.50.28

Primary WINS Server . . . . . . . : 192.168.50.28

Secondary WINS Server . . . . . . : 192.168.50.3

 

 

 

Meinolf Weber [MVP-DS] wrote:

> Hello Adrian,

>

> Please post an unedited ipconfig /all from the server. And to answer

> your question, using RRAS on a DC is a kind of multihoming.

>

> Best regards

>

> Meinolf Weber

> Disclaimer: This posting is provided "AS IS" with no warranties, and

> confers no rights.

> ** Please do NOT email, only reply to Newsgroups

> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

>

>> Just to add: As I've seen some posts about multi-homed DCs.

>>

>> This is from one of the DCs itself. It has a single NIC, but it does

>> provide RRAS (PPTP VPN) services to Internet clients. Not sure if that

>> classifies it as multi-homed or not.

>>

>> DNS is configured for the internal DNS server (and as far as I can

>> tell all the SRV records are good).

>>

>> There are some other issues on the DC I'm checking into about

>> Autoenrollment and DC certificate failures (0x80070005), but clients

>> seem to be ok using this server as a DC.

>>

>> Adrian Marsh (NNTP) wrote:

>>

>>> Hi,

>>>

>>> Looking at the event logs of some of my DCs, I've seeing a complaint:

>>>

>>> Event Type: Error

>>> Event Source: Userenv

>>> Event Category: None

>>> Event ID: 1058

>>> Date: 23/07/2009

>>> Time: 16:32:59

>>> User: NT AUTHORITYSYSTEM

>>> Computer: UBIQ-SERV9

>>> Description:

>>> Windows cannot access the file gpt.ini for GPO

>>> CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=ub

>>> iquisys,DC=local.

>>> The file must be present at the location

>>> >> 2-945F-00C04FB984F9}gpt.ini>.

>>> (Access is denied. ). Group Policy processing aborted.

>>> but the gpt.ini file is there (GPT.INI)

>>>

>>> It has access perms:

>>>

>>> Authenticated Users: Read & Execute

>>> Server Operators R & E

>>> Administrators Full Control

>>> SYSTEM Full Control

>>> seems ok to me !?!

>>>

>

>

Guest Meinolf Weber [MVP-DS]
Posted

Hello Adrian,

 

As said before remove the RRAS form the DC and use a dedicated member server

instead. Additional the DC has 2 fixed ip addresses (192.168.52.28 and 192.168.50.28),

so remove 192.168.52.28(different subnet), check the advanced NIC settings.

 

Serv1 is a bot strange for you wrote an old SBS server, is it still used

and configured as DC? Wich DC has the 5 FSMO roles?

 

Best regards

 

Meinolf Weber

Disclaimer: This posting is provided "AS IS" with no warranties, and confers

no rights.

** Please do NOT email, only reply to Newsgroups

** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

 

> Hi Meinolf,

>

> serv9 (DC + RRAS + DNS/WINS secondary) config below. Static assigned

> IPs.

>

> serv1 (192.168.50.3) is the main DNS/WINS server (an old SBS 2003

> server)

>

> Looking at it, I'm not sure why there are two .28 IPs defined on the

> LAN interface... I'll try removing one.

>

> C:Documents and Settingsadm1n>ipconfig /all

>

> Windows IP Configuration

>

> Host Name . . . . . . . . . . . . : ubiq-serv9

> Primary Dns Suffix . . . . . . . : mynetwork.local

> Node Type . . . . . . . . . . . . : Unknown

> IP Routing Enabled. . . . . . . . : Yes

> WINS Proxy Enabled. . . . . . . . : Yes

> DNS Suffix Search List. . . . . . : mynetwork.local

> PPP adapter RAS Server (Dial In) Interface:

>

> Connection-specific DNS Suffix . :

> Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface

> Physical Address. . . . . . . . . : 00-53-45-00-00-00

> DHCP Enabled. . . . . . . . . . . : No

> IP Address. . . . . . . . . . . . : 192.168.50.154

> Subnet Mask . . . . . . . . . . . : 255.255.255.255

> Default Gateway . . . . . . . . . :

> Ethernet adapter Local Area Connection:

>

> Connection-specific DNS Suffix . :

> Description . . . . . . . . . . . : Broadcom NetXtreme 57xx

> Gigabit

> Controller

> Physical Address. . . . . . . . . : 00-1A-A0-5E-6F-E3

> DHCP Enabled. . . . . . . . . . . : No

> IP Address. . . . . . . . . . . . : 192.168.52.28

> Subnet Mask . . . . . . . . . . . : 255.255.255.0

> IP Address. . . . . . . . . . . . : 192.168.50.28

> Subnet Mask . . . . . . . . . . . : 255.255.255.0

> Default Gateway . . . . . . . . . : 192.168.50.1

> DNS Servers . . . . . . . . . . . : 192.168.50.28

> Primary WINS Server . . . . . . . : 192.168.50.28

> Secondary WINS Server . . . . . . : 192.168.50.3

> Meinolf Weber [MVP-DS] wrote:

>

>> Hello Adrian,

>>

>> Please post an unedited ipconfig /all from the server. And to answer

>> your question, using RRAS on a DC is a kind of multihoming.

>>

>> Best regards

>>

>> Meinolf Weber

>> Disclaimer: This posting is provided "AS IS" with no warranties, and

>> confers no rights.

>> ** Please do NOT email, only reply to Newsgroups

>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

>>> Just to add: As I've seen some posts about multi-homed DCs.

>>>

>>> This is from one of the DCs itself. It has a single NIC, but it

>>> does provide RRAS (PPTP VPN) services to Internet clients. Not sure

>>> if that classifies it as multi-homed or not.

>>>

>>> DNS is configured for the internal DNS server (and as far as I can

>>> tell all the SRV records are good).

>>>

>>> There are some other issues on the DC I'm checking into about

>>> Autoenrollment and DC certificate failures (0x80070005), but clients

>>> seem to be ok using this server as a DC.

>>>

>>> Adrian Marsh (NNTP) wrote:

>>>

>>>> Hi,

>>>>

>>>> Looking at the event logs of some of my DCs, I've seeing a

>>>> complaint:

>>>>

>>>> Event Type: Error

>>>> Event Source: Userenv

>>>> Event Category: None

>>>> Event ID: 1058

>>>> Date: 23/07/2009

>>>> Time: 16:32:59

>>>> User: NT AUTHORITYSYSTEM

>>>> Computer: UBIQ-SERV9

>>>> Description:

>>>> Windows cannot access the file gpt.ini for GPO

>>>> CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=

>>>> ub

>>>> iquisys,DC=local.

>>>> The file must be present at the location

>>>> >>> 1D

>>>> 2-945F-00C04FB984F9}gpt.ini>.

>>>> (Access is denied. ). Group Policy processing aborted.

>>>> but the gpt.ini file is there (GPT.INI)

>>>> It has access perms:

>>>>

>>>> Authenticated Users: Read & Execute

>>>> Server Operators R & E

>>>> Administrators Full Control

>>>> SYSTEM Full Control

>>>> seems ok to me !?!

Guest Adrian Marsh (NNTP)
Posted

Hi Meinolf,

 

I've been diagnosing this a little further. I cant seperate out the DC

and RRAS just yet.

 

Maybe the multi-homed setup is all the same cause here, but:

 

I started to see the same error start to happen on serv1 too.

serv1 was an SBS 2003, but has had the transition pack applied.

 

When I queried DNS on serv1, for mynetwork.local, it returned the IP of

ubiq-serv9, meaning that the A record for mynetwork.local as a domain

was not serv1, but serv9.

 

serv1 holds all 5 Operations masters still.

 

For some reason, I guess serv9 is updating DNS to point to itself.

 

When I tried to browse in explorer to \\mynetwork.local\SYSVOL from

serv1 (so serv1 -> serv9), I get "... is not accessible. You might not

have permission to use this network resource"

 

So, on serv1, I edited the local hosts file temporarily, to put the A

record for DNS to 192.168.50.3 (itself), did an "ipconfig /flushdns" and

re-browsed to SYSVOL, and everything was fine. So perms on serv1 are OK,

but SYSVOL on serv9 is, in some way blocked.

 

I undid the hosts entry, and I've compared both Share permissions for

SYSVOL on serv9 to serv1, and also file-level security. Both are the same.

 

Would the multi-home setup screw up sysvol sharing on serv9 in some way ?

 

Adrian

 

Meinolf Weber [MVP-DS] wrote:

> Hello Adrian,

>

> As said before remove the RRAS form the DC and use a dedicated member

> server instead. Additional the DC has 2 fixed ip addresses

> (192.168.52.28 and 192.168.50.28), so remove 192.168.52.28(different

> subnet), check the advanced NIC settings.

>

> Serv1 is a bot strange for you wrote an old SBS server, is it still used

> and configured as DC? Wich DC has the 5 FSMO roles?

>

> Best regards

>

> Meinolf Weber

> Disclaimer: This posting is provided "AS IS" with no warranties, and

> confers no rights.

> ** Please do NOT email, only reply to Newsgroups

> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

>

>> Hi Meinolf,

>>

>> serv9 (DC + RRAS + DNS/WINS secondary) config below. Static assigned

>> IPs.

>>

>> serv1 (192.168.50.3) is the main DNS/WINS server (an old SBS 2003

>> server)

>>

>> Looking at it, I'm not sure why there are two .28 IPs defined on the

>> LAN interface... I'll try removing one.

>>

>> C:Documents and Settingsadm1n>ipconfig /all

>>

>> Windows IP Configuration

>>

>> Host Name . . . . . . . . . . . . : ubiq-serv9

>> Primary Dns Suffix . . . . . . . : mynetwork.local

>> Node Type . . . . . . . . . . . . : Unknown

>> IP Routing Enabled. . . . . . . . : Yes

>> WINS Proxy Enabled. . . . . . . . : Yes

>> DNS Suffix Search List. . . . . . : mynetwork.local

>> PPP adapter RAS Server (Dial In) Interface:

>>

>> Connection-specific DNS Suffix . :

>> Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface

>> Physical Address. . . . . . . . . : 00-53-45-00-00-00

>> DHCP Enabled. . . . . . . . . . . : No

>> IP Address. . . . . . . . . . . . : 192.168.50.154

>> Subnet Mask . . . . . . . . . . . : 255.255.255.255

>> Default Gateway . . . . . . . . . :

>> Ethernet adapter Local Area Connection:

>>

>> Connection-specific DNS Suffix . :

>> Description . . . . . . . . . . . : Broadcom NetXtreme 57xx

>> Gigabit

>> Controller

>> Physical Address. . . . . . . . . : 00-1A-A0-5E-6F-E3

>> DHCP Enabled. . . . . . . . . . . : No

>> IP Address. . . . . . . . . . . . : 192.168.52.28

>> Subnet Mask . . . . . . . . . . . : 255.255.255.0

>> IP Address. . . . . . . . . . . . : 192.168.50.28

>> Subnet Mask . . . . . . . . . . . : 255.255.255.0

>> Default Gateway . . . . . . . . . : 192.168.50.1

>> DNS Servers . . . . . . . . . . . : 192.168.50.28

>> Primary WINS Server . . . . . . . : 192.168.50.28

>> Secondary WINS Server . . . . . . : 192.168.50.3

>> Meinolf Weber [MVP-DS] wrote:

>>

>>> Hello Adrian,

>>>

>>> Please post an unedited ipconfig /all from the server. And to answer

>>> your question, using RRAS on a DC is a kind of multihoming.

>>>

>>> Best regards

>>>

>>> Meinolf Weber

>>> Disclaimer: This posting is provided "AS IS" with no warranties, and

>>> confers no rights.

>>> ** Please do NOT email, only reply to Newsgroups

>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

>>>> Just to add: As I've seen some posts about multi-homed DCs.

>>>>

>>>> This is from one of the DCs itself. It has a single NIC, but it

>>>> does provide RRAS (PPTP VPN) services to Internet clients. Not sure

>>>> if that classifies it as multi-homed or not.

>>>>

>>>> DNS is configured for the internal DNS server (and as far as I can

>>>> tell all the SRV records are good).

>>>>

>>>> There are some other issues on the DC I'm checking into about

>>>> Autoenrollment and DC certificate failures (0x80070005), but clients

>>>> seem to be ok using this server as a DC.

>>>>

>>>> Adrian Marsh (NNTP) wrote:

>>>>

>>>>> Hi,

>>>>>

>>>>> Looking at the event logs of some of my DCs, I've seeing a

>>>>> complaint:

>>>>>

>>>>> Event Type: Error

>>>>> Event Source: Userenv

>>>>> Event Category: None

>>>>> Event ID: 1058

>>>>> Date: 23/07/2009

>>>>> Time: 16:32:59

>>>>> User: NT AUTHORITYSYSTEM

>>>>> Computer: UBIQ-SERV9

>>>>> Description:

>>>>> Windows cannot access the file gpt.ini for GPO

>>>>> CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=

>>>>> ub

>>>>> iquisys,DC=local.

>>>>> The file must be present at the location

>>>>> >>>> 1D

>>>>> 2-945F-00C04FB984F9}gpt.ini>.

>>>>> (Access is denied. ). Group Policy processing aborted.

>>>>> but the gpt.ini file is there (GPT.INI)

>>>>> It has access perms:

>>>>>

>>>>> Authenticated Users: Read & Execute

>>>>> Server Operators R & E

>>>>> Administrators Full Control

>>>>> SYSTEM Full Control

>>>>> seems ok to me !?!

>

>

Guest Meinolf Weber [MVP-DS]
Posted

Hello Adrian,

 

Check that the sysvol and netlogon folder exist on srv9 and you can access

them locally. Check your DCs with dcdidag /v, netdiag /v and repadmin /showrepl

for errors.

 

Also make sure they are all having SP2 installed and the latest patches.

If that is the case check also this articles:

http://support.microsoft.com/kb/887303

 

http://support.microsoft.com/kb/314494/en-us

 

http://support.microsoft.com/kb/842804/en-us

 

http://support.microsoft.com/kb/883271/en-us

 

http://support.microsoft.com/kb/290647

 

 

 

Best regards

 

Meinolf Weber

Disclaimer: This posting is provided "AS IS" with no warranties, and confers

no rights.

** Please do NOT email, only reply to Newsgroups

** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

 

> Hi Meinolf,

>

> I've been diagnosing this a little further. I cant seperate out the

> DC and RRAS just yet.

>

> Maybe the multi-homed setup is all the same cause here, but:

>

> I started to see the same error start to happen on serv1 too. serv1

> was an SBS 2003, but has had the transition pack applied.

>

> When I queried DNS on serv1, for mynetwork.local, it returned the IP

> of ubiq-serv9, meaning that the A record for mynetwork.local as a

> domain was not serv1, but serv9.

>

> serv1 holds all 5 Operations masters still.

>

> For some reason, I guess serv9 is updating DNS to point to itself.

>

> When I tried to browse in explorer to \mynetwork.localSYSVOL from

> serv1 (so serv1 -> serv9), I get "... is not accessible. You might not

> have permission to use this network resource"

>

> So, on serv1, I edited the local hosts file temporarily, to put the A

> record for DNS to 192.168.50.3 (itself), did an "ipconfig /flushdns"

> and re-browsed to SYSVOL, and everything was fine. So perms on serv1

> are OK, but SYSVOL on serv9 is, in some way blocked.

>

> I undid the hosts entry, and I've compared both Share permissions for

> SYSVOL on serv9 to serv1, and also file-level security. Both are the

> same.

>

> Would the multi-home setup screw up sysvol sharing on serv9 in some

> way ?

>

> Adrian

>

> Meinolf Weber [MVP-DS] wrote:

>

>> Hello Adrian,

>>

>> As said before remove the RRAS form the DC and use a dedicated member

>> server instead. Additional the DC has 2 fixed ip addresses

>> (192.168.52.28 and 192.168.50.28), so remove 192.168.52.28(different

>> subnet), check the advanced NIC settings.

>>

>> Serv1 is a bot strange for you wrote an old SBS server, is it still

>> used and configured as DC? Wich DC has the 5 FSMO roles?

>>

>> Best regards

>>

>> Meinolf Weber

>> Disclaimer: This posting is provided "AS IS" with no warranties, and

>> confers no rights.

>> ** Please do NOT email, only reply to Newsgroups

>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

>>> Hi Meinolf,

>>>

>>> serv9 (DC + RRAS + DNS/WINS secondary) config below. Static

>>> assigned IPs.

>>>

>>> serv1 (192.168.50.3) is the main DNS/WINS server (an old SBS 2003

>>> server)

>>>

>>> Looking at it, I'm not sure why there are two .28 IPs defined on the

>>> LAN interface... I'll try removing one.

>>>

>>> C:Documents and Settingsadm1n>ipconfig /all

>>>

>>> Windows IP Configuration

>>>

>>> Host Name . . . . . . . . . . . . : ubiq-serv9

>>> Primary Dns Suffix . . . . . . . : mynetwork.local

>>> Node Type . . . . . . . . . . . . : Unknown

>>> IP Routing Enabled. . . . . . . . : Yes

>>> WINS Proxy Enabled. . . . . . . . : Yes

>>> DNS Suffix Search List. . . . . . : mynetwork.local

>>> PPP adapter RAS Server (Dial In) Interface:

>>> Connection-specific DNS Suffix . :

>>> Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface

>>> Physical Address. . . . . . . . . : 00-53-45-00-00-00

>>> DHCP Enabled. . . . . . . . . . . : No

>>> IP Address. . . . . . . . . . . . : 192.168.50.154

>>> Subnet Mask . . . . . . . . . . . : 255.255.255.255

>>> Default Gateway . . . . . . . . . :

>>> Ethernet adapter Local Area Connection:

>>> Connection-specific DNS Suffix . :

>>> Description . . . . . . . . . . . : Broadcom NetXtreme 57xx

>>> Gigabit

>>> Controller

>>> Physical Address. . . . . . . . . : 00-1A-A0-5E-6F-E3

>>> DHCP Enabled. . . . . . . . . . . : No

>>> IP Address. . . . . . . . . . . . : 192.168.52.28

>>> Subnet Mask . . . . . . . . . . . : 255.255.255.0

>>> IP Address. . . . . . . . . . . . : 192.168.50.28

>>> Subnet Mask . . . . . . . . . . . : 255.255.255.0

>>> Default Gateway . . . . . . . . . : 192.168.50.1

>>> DNS Servers . . . . . . . . . . . : 192.168.50.28

>>> Primary WINS Server . . . . . . . : 192.168.50.28

>>> Secondary WINS Server . . . . . . : 192.168.50.3

>>> Meinolf Weber [MVP-DS] wrote:

>>>> Hello Adrian,

>>>>

>>>> Please post an unedited ipconfig /all from the server. And to

>>>> answer your question, using RRAS on a DC is a kind of multihoming.

>>>>

>>>> Best regards

>>>>

>>>> Meinolf Weber

>>>> Disclaimer: This posting is provided "AS IS" with no warranties,

>>>> and

>>>> confers no rights.

>>>> ** Please do NOT email, only reply to Newsgroups

>>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

>>>>> Just to add: As I've seen some posts about multi-homed DCs.

>>>>>

>>>>> This is from one of the DCs itself. It has a single NIC, but it

>>>>> does provide RRAS (PPTP VPN) services to Internet clients. Not

>>>>> sure if that classifies it as multi-homed or not.

>>>>>

>>>>> DNS is configured for the internal DNS server (and as far as I can

>>>>> tell all the SRV records are good).

>>>>>

>>>>> There are some other issues on the DC I'm checking into about

>>>>> Autoenrollment and DC certificate failures (0x80070005), but

>>>>> clients seem to be ok using this server as a DC.

>>>>>

>>>>> Adrian Marsh (NNTP) wrote:

>>>>>

>>>>>> Hi,

>>>>>>

>>>>>> Looking at the event logs of some of my DCs, I've seeing a

>>>>>> complaint:

>>>>>>

>>>>>> Event Type: Error

>>>>>> Event Source: Userenv

>>>>>> Event Category: None

>>>>>> Event ID: 1058

>>>>>> Date: 23/07/2009

>>>>>> Time: 16:32:59

>>>>>> User: NT AUTHORITYSYSTEM

>>>>>> Computer: UBIQ-SERV9

>>>>>> Description:

>>>>>> Windows cannot access the file gpt.ini for GPO

>>>>>> CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,D

>>>>>> C=

>>>>>> ub

>>>>>> iquisys,DC=local.

>>>>>> The file must be present at the location

>>>>>> >>>>> -1

>>>>>> 1D

>>>>>> 2-945F-00C04FB984F9}gpt.ini>.

>>>>>> (Access is denied. ). Group Policy processing aborted.

>>>>>> but the gpt.ini file is there (GPT.INI)

>>>>>> It has access perms:

>>>>>> Authenticated Users: Read & Execute

>>>>>> Server Operators R & E

>>>>>> Administrators Full Control

>>>>>> SYSTEM Full Control

>>>>>> seems ok to me !?!

Guest Adrian Marsh (NNTP)
Posted

Hi Meinholf,

 

I'll run those tests, thankyou. I'm also wondering if FRS is working

properly, as when I look in SYSVOL, I can see some files in serv9's,

that I cant see in the PDC, serv1. So I'm thinking of demoting serv9

(so were back temporarily to single DC), then promoting serv8 (currently

has a very lightly used SQL server on it, single NIC).

 

Basicaly, bring the network back to one known-working DC and re-expand

again from there.

 

Adrian

 

Meinolf Weber [MVP-DS] wrote:

> Hello Adrian,

>

> Check that the sysvol and netlogon folder exist on srv9 and you can

> access them locally. Check your DCs with dcdidag /v, netdiag /v and

> repadmin /showrepl for errors.

>

> Also make sure they are all having SP2 installed and the latest patches.

> If that is the case check also this articles:

> http://support.microsoft.com/kb/887303

>

> http://support.microsoft.com/kb/314494/en-us

>

> http://support.microsoft.com/kb/842804/en-us

>

> http://support.microsoft.com/kb/883271/en-us

>

> http://support.microsoft.com/kb/290647

>

>

>

> Best regards

>

> Meinolf Weber

> Disclaimer: This posting is provided "AS IS" with no warranties, and

> confers no rights.

> ** Please do NOT email, only reply to Newsgroups

> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

>

>> Hi Meinolf,

>>

>> I've been diagnosing this a little further. I cant seperate out the

>> DC and RRAS just yet.

>>

>> Maybe the multi-homed setup is all the same cause here, but:

>>

>> I started to see the same error start to happen on serv1 too. serv1

>> was an SBS 2003, but has had the transition pack applied.

>>

>> When I queried DNS on serv1, for mynetwork.local, it returned the IP

>> of ubiq-serv9, meaning that the A record for mynetwork.local as a

>> domain was not serv1, but serv9.

>>

>> serv1 holds all 5 Operations masters still.

>>

>> For some reason, I guess serv9 is updating DNS to point to itself.

>>

>> When I tried to browse in explorer to mynetwork.localSYSVOL from

>> serv1 (so serv1 -> serv9), I get "... is not accessible. You might not

>> have permission to use this network resource"

>>

>> So, on serv1, I edited the local hosts file temporarily, to put the A

>> record for DNS to 192.168.50.3 (itself), did an "ipconfig /flushdns"

>> and re-browsed to SYSVOL, and everything was fine. So perms on serv1

>> are OK, but SYSVOL on serv9 is, in some way blocked.

>>

>> I undid the hosts entry, and I've compared both Share permissions for

>> SYSVOL on serv9 to serv1, and also file-level security. Both are the

>> same.

>>

>> Would the multi-home setup screw up sysvol sharing on serv9 in some

>> way ?

>>

>> Adrian

>>

>> Meinolf Weber [MVP-DS] wrote:

>>

>>> Hello Adrian,

>>>

>>> As said before remove the RRAS form the DC and use a dedicated member

>>> server instead. Additional the DC has 2 fixed ip addresses

>>> (192.168.52.28 and 192.168.50.28), so remove 192.168.52.28(different

>>> subnet), check the advanced NIC settings.

>>>

>>> Serv1 is a bot strange for you wrote an old SBS server, is it still

>>> used and configured as DC? Wich DC has the 5 FSMO roles?

>>>

>>> Best regards

>>>

>>> Meinolf Weber

>>> Disclaimer: This posting is provided "AS IS" with no warranties, and

>>> confers no rights.

>>> ** Please do NOT email, only reply to Newsgroups

>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

>>>> Hi Meinolf,

>>>>

>>>> serv9 (DC + RRAS + DNS/WINS secondary) config below. Static

>>>> assigned IPs.

>>>>

>>>> serv1 (192.168.50.3) is the main DNS/WINS server (an old SBS 2003

>>>> server)

>>>>

>>>> Looking at it, I'm not sure why there are two .28 IPs defined on the

>>>> LAN interface... I'll try removing one.

>>>>

>>>> C:Documents and Settingsadm1n>ipconfig /all

>>>>

>>>> Windows IP Configuration

>>>>

>>>> Host Name . . . . . . . . . . . . : ubiq-serv9

>>>> Primary Dns Suffix . . . . . . . : mynetwork.local

>>>> Node Type . . . . . . . . . . . . : Unknown

>>>> IP Routing Enabled. . . . . . . . : Yes

>>>> WINS Proxy Enabled. . . . . . . . : Yes

>>>> DNS Suffix Search List. . . . . . : mynetwork.local

>>>> PPP adapter RAS Server (Dial In) Interface:

>>>> Connection-specific DNS Suffix . :

>>>> Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface

>>>> Physical Address. . . . . . . . . : 00-53-45-00-00-00

>>>> DHCP Enabled. . . . . . . . . . . : No

>>>> IP Address. . . . . . . . . . . . : 192.168.50.154

>>>> Subnet Mask . . . . . . . . . . . : 255.255.255.255

>>>> Default Gateway . . . . . . . . . :

>>>> Ethernet adapter Local Area Connection:

>>>> Connection-specific DNS Suffix . :

>>>> Description . . . . . . . . . . . : Broadcom NetXtreme 57xx

>>>> Gigabit

>>>> Controller

>>>> Physical Address. . . . . . . . . : 00-1A-A0-5E-6F-E3

>>>> DHCP Enabled. . . . . . . . . . . : No

>>>> IP Address. . . . . . . . . . . . : 192.168.52.28

>>>> Subnet Mask . . . . . . . . . . . : 255.255.255.0

>>>> IP Address. . . . . . . . . . . . : 192.168.50.28

>>>> Subnet Mask . . . . . . . . . . . : 255.255.255.0

>>>> Default Gateway . . . . . . . . . : 192.168.50.1

>>>> DNS Servers . . . . . . . . . . . : 192.168.50.28

>>>> Primary WINS Server . . . . . . . : 192.168.50.28

>>>> Secondary WINS Server . . . . . . : 192.168.50.3

>>>> Meinolf Weber [MVP-DS] wrote:

>>>>> Hello Adrian,

>>>>>

>>>>> Please post an unedited ipconfig /all from the server. And to

>>>>> answer your question, using RRAS on a DC is a kind of multihoming.

>>>>>

>>>>> Best regards

>>>>>

>>>>> Meinolf Weber

>>>>> Disclaimer: This posting is provided "AS IS" with no warranties,

>>>>> and

>>>>> confers no rights.

>>>>> ** Please do NOT email, only reply to Newsgroups

>>>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

>>>>>> Just to add: As I've seen some posts about multi-homed DCs.

>>>>>>

>>>>>> This is from one of the DCs itself. It has a single NIC, but it

>>>>>> does provide RRAS (PPTP VPN) services to Internet clients. Not

>>>>>> sure if that classifies it as multi-homed or not.

>>>>>>

>>>>>> DNS is configured for the internal DNS server (and as far as I can

>>>>>> tell all the SRV records are good).

>>>>>>

>>>>>> There are some other issues on the DC I'm checking into about

>>>>>> Autoenrollment and DC certificate failures (0x80070005), but

>>>>>> clients seem to be ok using this server as a DC.

>>>>>>

>>>>>> Adrian Marsh (NNTP) wrote:

>>>>>>

>>>>>>> Hi,

>>>>>>>

>>>>>>> Looking at the event logs of some of my DCs, I've seeing a

>>>>>>> complaint:

>>>>>>>

>>>>>>> Event Type: Error

>>>>>>> Event Source: Userenv

>>>>>>> Event Category: None

>>>>>>> Event ID: 1058

>>>>>>> Date: 23/07/2009

>>>>>>> Time: 16:32:59

>>>>>>> User: NT AUTHORITYSYSTEM

>>>>>>> Computer: UBIQ-SERV9

>>>>>>> Description:

>>>>>>> Windows cannot access the file gpt.ini for GPO

>>>>>>> CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,D

>>>>>>> C=

>>>>>>> ub

>>>>>>> iquisys,DC=local.

>>>>>>> The file must be present at the location

>>>>>>> >>>>>> -1

>>>>>>> 1D

>>>>>>> 2-945F-00C04FB984F9}gpt.ini>.

>>>>>>> (Access is denied. ). Group Policy processing aborted.

>>>>>>> but the gpt.ini file is there (GPT.INI)

>>>>>>> It has access perms:

>>>>>>> Authenticated Users: Read & Execute

>>>>>>> Server Operators R & E

>>>>>>> Administrators Full Control

>>>>>>> SYSTEM Full Control

>>>>>>> seems ok to me !?!

>

>

Guest Meinolf Weber [MVP-DS]
Posted

Hello Adrian,

 

You mentioned that you moved from SBS with transition pack, maybe something

is going wrong there.

 

So i suggest, before removing the DC to use the SBS newsgroup:

microsoft.public.windows.server.sbs

 

Best regards

 

Meinolf Weber

Disclaimer: This posting is provided "AS IS" with no warranties, and confers

no rights.

** Please do NOT email, only reply to Newsgroups

** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

 

> Hi Meinholf,

>

> I'll run those tests, thankyou. I'm also wondering if FRS is working

> properly, as when I look in SYSVOL, I can see some files in serv9's,

> that I cant see in the PDC, serv1. So I'm thinking of demoting serv9

> (so were back temporarily to single DC), then promoting serv8

> (currently has a very lightly used SQL server on it, single NIC).

>

> Basicaly, bring the network back to one known-working DC and re-expand

> again from there.

>

> Adrian

>

> Meinolf Weber [MVP-DS] wrote:

>

>> Hello Adrian,

>>

>> Check that the sysvol and netlogon folder exist on srv9 and you can

>> access them locally. Check your DCs with dcdidag /v, netdiag /v and

>> repadmin /showrepl for errors.

>>

>> Also make sure they are all having SP2 installed and the latest

>> patches. If that is the case check also this articles:

>> http://support.microsoft.com/kb/887303

>>

>> http://support.microsoft.com/kb/314494/en-us

>>

>> http://support.microsoft.com/kb/842804/en-us

>>

>> http://support.microsoft.com/kb/883271/en-us

>>

>> http://support.microsoft.com/kb/290647

>>

>> Best regards

>>

>> Meinolf Weber

>> Disclaimer: This posting is provided "AS IS" with no warranties, and

>> confers no rights.

>> ** Please do NOT email, only reply to Newsgroups

>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

>>> Hi Meinolf,

>>>

>>> I've been diagnosing this a little further. I cant seperate out the

>>> DC and RRAS just yet.

>>>

>>> Maybe the multi-homed setup is all the same cause here, but:

>>>

>>> I started to see the same error start to happen on serv1 too. serv1

>>> was an SBS 2003, but has had the transition pack applied.

>>>

>>> When I queried DNS on serv1, for mynetwork.local, it returned the IP

>>> of ubiq-serv9, meaning that the A record for mynetwork.local as a

>>> domain was not serv1, but serv9.

>>>

>>> serv1 holds all 5 Operations masters still.

>>>

>>> For some reason, I guess serv9 is updating DNS to point to itself.

>>>

>>> When I tried to browse in explorer to mynetwork.localSYSVOL

>>> from serv1 (so serv1 -> serv9), I get "... is not accessible. You

>>> might not have permission to use this network resource"

>>>

>>> So, on serv1, I edited the local hosts file temporarily, to put the

>>> A record for DNS to 192.168.50.3 (itself), did an "ipconfig

>>> /flushdns" and re-browsed to SYSVOL, and everything was fine. So

>>> perms on serv1 are OK, but SYSVOL on serv9 is, in some way blocked.

>>>

>>> I undid the hosts entry, and I've compared both Share permissions

>>> for SYSVOL on serv9 to serv1, and also file-level security. Both are

>>> the same.

>>>

>>> Would the multi-home setup screw up sysvol sharing on serv9 in some

>>> way ?

>>>

>>> Adrian

>>>

>>> Meinolf Weber [MVP-DS] wrote:

>>>

>>>> Hello Adrian,

>>>>

>>>> As said before remove the RRAS form the DC and use a dedicated

>>>> member server instead. Additional the DC has 2 fixed ip addresses

>>>> (192.168.52.28 and 192.168.50.28), so remove

>>>> 192.168.52.28(different subnet), check the advanced NIC settings.

>>>>

>>>> Serv1 is a bot strange for you wrote an old SBS server, is it still

>>>> used and configured as DC? Wich DC has the 5 FSMO roles?

>>>>

>>>> Best regards

>>>>

>>>> Meinolf Weber

>>>> Disclaimer: This posting is provided "AS IS" with no warranties,

>>>> and

>>>> confers no rights.

>>>> ** Please do NOT email, only reply to Newsgroups

>>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

>>>>> Hi Meinolf,

>>>>>

>>>>> serv9 (DC + RRAS + DNS/WINS secondary) config below. Static

>>>>> assigned IPs.

>>>>>

>>>>> serv1 (192.168.50.3) is the main DNS/WINS server (an old SBS 2003

>>>>> server)

>>>>>

>>>>> Looking at it, I'm not sure why there are two .28 IPs defined on

>>>>> the LAN interface... I'll try removing one.

>>>>>

>>>>> C:Documents and Settingsadm1n>ipconfig /all

>>>>>

>>>>> Windows IP Configuration

>>>>>

>>>>> Host Name . . . . . . . . . . . . : ubiq-serv9

>>>>> Primary Dns Suffix . . . . . . . : mynetwork.local

>>>>> Node Type . . . . . . . . . . . . : Unknown

>>>>> IP Routing Enabled. . . . . . . . : Yes

>>>>> WINS Proxy Enabled. . . . . . . . : Yes

>>>>> DNS Suffix Search List. . . . . . : mynetwork.local

>>>>> PPP adapter RAS Server (Dial In) Interface:

>>>>> Connection-specific DNS Suffix . :

>>>>> Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface

>>>>> Physical Address. . . . . . . . . : 00-53-45-00-00-00

>>>>> DHCP Enabled. . . . . . . . . . . : No

>>>>> IP Address. . . . . . . . . . . . : 192.168.50.154

>>>>> Subnet Mask . . . . . . . . . . . : 255.255.255.255

>>>>> Default Gateway . . . . . . . . . :

>>>>> Ethernet adapter Local Area Connection:

>>>>> Connection-specific DNS Suffix . :

>>>>> Description . . . . . . . . . . . : Broadcom NetXtreme 57xx

>>>>> Gigabit

>>>>> Controller

>>>>> Physical Address. . . . . . . . . : 00-1A-A0-5E-6F-E3

>>>>> DHCP Enabled. . . . . . . . . . . : No

>>>>> IP Address. . . . . . . . . . . . : 192.168.52.28

>>>>> Subnet Mask . . . . . . . . . . . : 255.255.255.0

>>>>> IP Address. . . . . . . . . . . . : 192.168.50.28

>>>>> Subnet Mask . . . . . . . . . . . : 255.255.255.0

>>>>> Default Gateway . . . . . . . . . : 192.168.50.1

>>>>> DNS Servers . . . . . . . . . . . : 192.168.50.28

>>>>> Primary WINS Server . . . . . . . : 192.168.50.28

>>>>> Secondary WINS Server . . . . . . : 192.168.50.3

>>>>> Meinolf Weber [MVP-DS] wrote:

>>>>>> Hello Adrian,

>>>>>>

>>>>>> Please post an unedited ipconfig /all from the server. And to

>>>>>> answer your question, using RRAS on a DC is a kind of

>>>>>> multihoming.

>>>>>>

>>>>>> Best regards

>>>>>>

>>>>>> Meinolf Weber

>>>>>> Disclaimer: This posting is provided "AS IS" with no warranties,

>>>>>> and

>>>>>> confers no rights.

>>>>>> ** Please do NOT email, only reply to Newsgroups

>>>>>> ** HELP us help YOU!!!

>>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm

>>>>>>> Just to add: As I've seen some posts about multi-homed DCs.

>>>>>>>

>>>>>>> This is from one of the DCs itself. It has a single NIC, but it

>>>>>>> does provide RRAS (PPTP VPN) services to Internet clients. Not

>>>>>>> sure if that classifies it as multi-homed or not.

>>>>>>>

>>>>>>> DNS is configured for the internal DNS server (and as far as I

>>>>>>> can tell all the SRV records are good).

>>>>>>>

>>>>>>> There are some other issues on the DC I'm checking into about

>>>>>>> Autoenrollment and DC certificate failures (0x80070005), but

>>>>>>> clients seem to be ok using this server as a DC.

>>>>>>>

>>>>>>> Adrian Marsh (NNTP) wrote:

>>>>>>>

>>>>>>>> Hi,

>>>>>>>>

>>>>>>>> Looking at the event logs of some of my DCs, I've seeing a

>>>>>>>> complaint:

>>>>>>>>

>>>>>>>> Event Type: Error

>>>>>>>> Event Source: Userenv

>>>>>>>> Event Category: None

>>>>>>>> Event ID: 1058

>>>>>>>> Date: 23/07/2009

>>>>>>>> Time: 16:32:59

>>>>>>>> User: NT AUTHORITYSYSTEM

>>>>>>>> Computer: UBIQ-SERV9

>>>>>>>> Description:

>>>>>>>> Windows cannot access the file gpt.ini for GPO

>>>>>>>> CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System

>>>>>>>> ,D

>>>>>>>> C=

>>>>>>>> ub

>>>>>>>> iquisys,DC=local.

>>>>>>>> The file must be present at the location

>>>>>>>> >>>>>>> 6D

>>>>>>>> -1

>>>>>>>> 1D

>>>>>>>> 2-945F-00C04FB984F9}gpt.ini>.

>>>>>>>> (Access is denied. ). Group Policy processing aborted.

>>>>>>>> but the gpt.ini file is there (GPT.INI)

>>>>>>>> It has access perms:

>>>>>>>> Authenticated Users: Read & Execute

>>>>>>>> Server Operators R & E

>>>>>>>> Administrators Full Control

>>>>>>>> SYSTEM Full Control

>>>>>>>> seems ok to me !?!

Guest Adrian Marsh (NNTP)
Posted

Hi Mehinolf,

 

As far as I can see, the transitioned machine (serv1) is all working fine.

 

I've setup another 2 DCs, in preperation for shutting down ubiq-serv9.

(In two sites). I'm now seeing some FRS-type propgation issues in

Sysvol I need to look at too. But only inter-site...

 

Meinolf Weber [MVP-DS] wrote:

> Hello Adrian,

>

> You mentioned that you moved from SBS with transition pack, maybe

> something is going wrong there.

>

> So i suggest, before removing the DC to use the SBS newsgroup:

> microsoft.public.windows.server.sbs

>

> Best regards

>

> Meinolf Weber

> Disclaimer: This posting is provided "AS IS" with no warranties, and

> confers no rights.

> ** Please do NOT email, only reply to Newsgroups

> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

>

>> Hi Meinholf,

>>

>> I'll run those tests, thankyou. I'm also wondering if FRS is working

>> properly, as when I look in SYSVOL, I can see some files in serv9's,

>> that I cant see in the PDC, serv1. So I'm thinking of demoting serv9

>> (so were back temporarily to single DC), then promoting serv8

>> (currently has a very lightly used SQL server on it, single NIC).

>>

>> Basicaly, bring the network back to one known-working DC and re-expand

>> again from there.

>>

>> Adrian

>>

>> Meinolf Weber [MVP-DS] wrote:

>>

>>> Hello Adrian,

>>>

>>> Check that the sysvol and netlogon folder exist on srv9 and you can

>>> access them locally. Check your DCs with dcdidag /v, netdiag /v and

>>> repadmin /showrepl for errors.

>>>

>>> Also make sure they are all having SP2 installed and the latest

>>> patches. If that is the case check also this articles:

>>> http://support.microsoft.com/kb/887303

>>>

>>> http://support.microsoft.com/kb/314494/en-us

>>>

>>> http://support.microsoft.com/kb/842804/en-us

>>>

>>> http://support.microsoft.com/kb/883271/en-us

>>>

>>> http://support.microsoft.com/kb/290647

>>>

>>> Best regards

>>>

>>> Meinolf Weber

>>> Disclaimer: This posting is provided "AS IS" with no warranties, and

>>> confers no rights.

>>> ** Please do NOT email, only reply to Newsgroups

>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

>>>> Hi Meinolf,

>>>>

>>>> I've been diagnosing this a little further. I cant seperate out the

>>>> DC and RRAS just yet.

>>>>

>>>> Maybe the multi-homed setup is all the same cause here, but:

>>>>

>>>> I started to see the same error start to happen on serv1 too. serv1

>>>> was an SBS 2003, but has had the transition pack applied.

>>>>

>>>> When I queried DNS on serv1, for mynetwork.local, it returned the IP

>>>> of ubiq-serv9, meaning that the A record for mynetwork.local as a

>>>> domain was not serv1, but serv9.

>>>>

>>>> serv1 holds all 5 Operations masters still.

>>>>

>>>> For some reason, I guess serv9 is updating DNS to point to itself.

>>>>

>>>> When I tried to browse in explorer to mynetwork.localSYSVOL

>>>> from serv1 (so serv1 -> serv9), I get "... is not accessible. You

>>>> might not have permission to use this network resource"

>>>>

>>>> So, on serv1, I edited the local hosts file temporarily, to put the

>>>> A record for DNS to 192.168.50.3 (itself), did an "ipconfig

>>>> /flushdns" and re-browsed to SYSVOL, and everything was fine. So

>>>> perms on serv1 are OK, but SYSVOL on serv9 is, in some way blocked.

>>>>

>>>> I undid the hosts entry, and I've compared both Share permissions

>>>> for SYSVOL on serv9 to serv1, and also file-level security. Both are

>>>> the same.

>>>>

>>>> Would the multi-home setup screw up sysvol sharing on serv9 in some

>>>> way ?

>>>>

>>>> Adrian

>>>>

>>>> Meinolf Weber [MVP-DS] wrote:

>>>>

>>>>> Hello Adrian,

>>>>>

>>>>> As said before remove the RRAS form the DC and use a dedicated

>>>>> member server instead. Additional the DC has 2 fixed ip addresses

>>>>> (192.168.52.28 and 192.168.50.28), so remove

>>>>> 192.168.52.28(different subnet), check the advanced NIC settings.

>>>>>

>>>>> Serv1 is a bot strange for you wrote an old SBS server, is it still

>>>>> used and configured as DC? Wich DC has the 5 FSMO roles?

>>>>>

>>>>> Best regards

>>>>>

>>>>> Meinolf Weber

>>>>> Disclaimer: This posting is provided "AS IS" with no warranties,

>>>>> and

>>>>> confers no rights.

>>>>> ** Please do NOT email, only reply to Newsgroups

>>>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

>>>>>> Hi Meinolf,

>>>>>>

>>>>>> serv9 (DC + RRAS + DNS/WINS secondary) config below. Static

>>>>>> assigned IPs.

>>>>>>

>>>>>> serv1 (192.168.50.3) is the main DNS/WINS server (an old SBS 2003

>>>>>> server)

>>>>>>

>>>>>> Looking at it, I'm not sure why there are two .28 IPs defined on

>>>>>> the LAN interface... I'll try removing one.

>>>>>>

>>>>>> C:Documents and Settingsadm1n>ipconfig /all

>>>>>>

>>>>>> Windows IP Configuration

>>>>>>

>>>>>> Host Name . . . . . . . . . . . . : ubiq-serv9

>>>>>> Primary Dns Suffix . . . . . . . : mynetwork.local

>>>>>> Node Type . . . . . . . . . . . . : Unknown

>>>>>> IP Routing Enabled. . . . . . . . : Yes

>>>>>> WINS Proxy Enabled. . . . . . . . : Yes

>>>>>> DNS Suffix Search List. . . . . . : mynetwork.local

>>>>>> PPP adapter RAS Server (Dial In) Interface:

>>>>>> Connection-specific DNS Suffix . :

>>>>>> Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface

>>>>>> Physical Address. . . . . . . . . : 00-53-45-00-00-00

>>>>>> DHCP Enabled. . . . . . . . . . . : No

>>>>>> IP Address. . . . . . . . . . . . : 192.168.50.154

>>>>>> Subnet Mask . . . . . . . . . . . : 255.255.255.255

>>>>>> Default Gateway . . . . . . . . . :

>>>>>> Ethernet adapter Local Area Connection:

>>>>>> Connection-specific DNS Suffix . :

>>>>>> Description . . . . . . . . . . . : Broadcom NetXtreme 57xx

>>>>>> Gigabit

>>>>>> Controller

>>>>>> Physical Address. . . . . . . . . : 00-1A-A0-5E-6F-E3

>>>>>> DHCP Enabled. . . . . . . . . . . : No

>>>>>> IP Address. . . . . . . . . . . . : 192.168.52.28

>>>>>> Subnet Mask . . . . . . . . . . . : 255.255.255.0

>>>>>> IP Address. . . . . . . . . . . . : 192.168.50.28

>>>>>> Subnet Mask . . . . . . . . . . . : 255.255.255.0

>>>>>> Default Gateway . . . . . . . . . : 192.168.50.1

>>>>>> DNS Servers . . . . . . . . . . . : 192.168.50.28

>>>>>> Primary WINS Server . . . . . . . : 192.168.50.28

>>>>>> Secondary WINS Server . . . . . . : 192.168.50.3

>>>>>> Meinolf Weber [MVP-DS] wrote:

>>>>>>> Hello Adrian,

>>>>>>>

>>>>>>> Please post an unedited ipconfig /all from the server. And to

>>>>>>> answer your question, using RRAS on a DC is a kind of

>>>>>>> multihoming.

>>>>>>>

>>>>>>> Best regards

>>>>>>>

>>>>>>> Meinolf Weber

>>>>>>> Disclaimer: This posting is provided "AS IS" with no warranties,

>>>>>>> and

>>>>>>> confers no rights.

>>>>>>> ** Please do NOT email, only reply to Newsgroups

>>>>>>> ** HELP us help YOU!!!

>>>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm

>>>>>>>> Just to add: As I've seen some posts about multi-homed DCs.

>>>>>>>>

>>>>>>>> This is from one of the DCs itself. It has a single NIC, but it

>>>>>>>> does provide RRAS (PPTP VPN) services to Internet clients. Not

>>>>>>>> sure if that classifies it as multi-homed or not.

>>>>>>>>

>>>>>>>> DNS is configured for the internal DNS server (and as far as I

>>>>>>>> can tell all the SRV records are good).

>>>>>>>>

>>>>>>>> There are some other issues on the DC I'm checking into about

>>>>>>>> Autoenrollment and DC certificate failures (0x80070005), but

>>>>>>>> clients seem to be ok using this server as a DC.

>>>>>>>>

>>>>>>>> Adrian Marsh (NNTP) wrote:

>>>>>>>>

>>>>>>>>> Hi,

>>>>>>>>>

>>>>>>>>> Looking at the event logs of some of my DCs, I've seeing a

>>>>>>>>> complaint:

>>>>>>>>>

>>>>>>>>> Event Type: Error

>>>>>>>>> Event Source: Userenv

>>>>>>>>> Event Category: None

>>>>>>>>> Event ID: 1058

>>>>>>>>> Date: 23/07/2009

>>>>>>>>> Time: 16:32:59

>>>>>>>>> User: NT AUTHORITYSYSTEM

>>>>>>>>> Computer: UBIQ-SERV9

>>>>>>>>> Description:

>>>>>>>>> Windows cannot access the file gpt.ini for GPO

>>>>>>>>> CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System

>>>>>>>>> ,D

>>>>>>>>> C=

>>>>>>>>> ub

>>>>>>>>> iquisys,DC=local.

>>>>>>>>> The file must be present at the location

>>>>>>>>> >>>>>>>> 6D

>>>>>>>>> -1

>>>>>>>>> 1D

>>>>>>>>> 2-945F-00C04FB984F9}gpt.ini>.

>>>>>>>>> (Access is denied. ). Group Policy processing aborted.

>>>>>>>>> but the gpt.ini file is there (GPT.INI)

>>>>>>>>> It has access perms:

>>>>>>>>> Authenticated Users: Read & Execute

>>>>>>>>> Server Operators R & E

>>>>>>>>> Administrators Full Control

>>>>>>>>> SYSTEM Full Control

>>>>>>>>> seems ok to me !?!

>

>

  • 2 weeks later...
Guest Adrian Marsh (NNTP)
Posted

Just to tie this off...

 

I've not seen the error in a while now.

I had another problem, with autoenrollment, where I found a fix for

that, and maybe thats cured this too. Basically 2003 SP1 at some point

had removed the Domain Controllers group membership of the DCOM group. I

added that, autoenrollment cleared up and so now it seems this has too.

 

Replication between sites also seems to work (although it does take a

long time, and Im still not sure why)

 

 

Adrian Marsh (NNTP) wrote:

> Hi Mehinolf,

>

> As far as I can see, the transitioned machine (serv1) is all working fine.

>

> I've setup another 2 DCs, in preperation for shutting down ubiq-serv9.

> (In two sites). I'm now seeing some FRS-type propgation issues in

> Sysvol I need to look at too. But only inter-site...

>

> Meinolf Weber [MVP-DS] wrote:

>> Hello Adrian,

>>

>> You mentioned that you moved from SBS with transition pack, maybe

>> something is going wrong there.

>>

>> So i suggest, before removing the DC to use the SBS newsgroup:

>> microsoft.public.windows.server.sbs

>>

>> Best regards

>>

>> Meinolf Weber

>> Disclaimer: This posting is provided "AS IS" with no warranties, and

>> confers no rights.

>> ** Please do NOT email, only reply to Newsgroups

>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

>>

>>> Hi Meinholf,

>>>

>>> I'll run those tests, thankyou. I'm also wondering if FRS is working

>>> properly, as when I look in SYSVOL, I can see some files in serv9's,

>>> that I cant see in the PDC, serv1. So I'm thinking of demoting serv9

>>> (so were back temporarily to single DC), then promoting serv8

>>> (currently has a very lightly used SQL server on it, single NIC).

>>>

>>> Basicaly, bring the network back to one known-working DC and re-expand

>>> again from there.

>>>

>>> Adrian

>>>

>>> Meinolf Weber [MVP-DS] wrote:

>>>

>>>> Hello Adrian,

>>>>

>>>> Check that the sysvol and netlogon folder exist on srv9 and you can

>>>> access them locally. Check your DCs with dcdidag /v, netdiag /v and

>>>> repadmin /showrepl for errors.

>>>>

>>>> Also make sure they are all having SP2 installed and the latest

>>>> patches. If that is the case check also this articles:

>>>> http://support.microsoft.com/kb/887303

>>>>

>>>> http://support.microsoft.com/kb/314494/en-us

>>>>

>>>> http://support.microsoft.com/kb/842804/en-us

>>>>

>>>> http://support.microsoft.com/kb/883271/en-us

>>>>

>>>> http://support.microsoft.com/kb/290647

>>>>

>>>> Best regards

>>>>

>>>> Meinolf Weber

>>>> Disclaimer: This posting is provided "AS IS" with no warranties, and

>>>> confers no rights.

>>>> ** Please do NOT email, only reply to Newsgroups

>>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

>>>>> Hi Meinolf,

>>>>>

>>>>> I've been diagnosing this a little further. I cant seperate out the

>>>>> DC and RRAS just yet.

>>>>>

>>>>> Maybe the multi-homed setup is all the same cause here, but:

>>>>>

>>>>> I started to see the same error start to happen on serv1 too. serv1

>>>>> was an SBS 2003, but has had the transition pack applied.

>>>>>

>>>>> When I queried DNS on serv1, for mynetwork.local, it returned the IP

>>>>> of ubiq-serv9, meaning that the A record for mynetwork.local as a

>>>>> domain was not serv1, but serv9.

>>>>>

>>>>> serv1 holds all 5 Operations masters still.

>>>>>

>>>>> For some reason, I guess serv9 is updating DNS to point to itself.

>>>>>

>>>>> When I tried to browse in explorer to mynetwork.localSYSVOL

>>>>> from serv1 (so serv1 -> serv9), I get "... is not accessible. You

>>>>> might not have permission to use this network resource"

>>>>>

>>>>> So, on serv1, I edited the local hosts file temporarily, to put the

>>>>> A record for DNS to 192.168.50.3 (itself), did an "ipconfig

>>>>> /flushdns" and re-browsed to SYSVOL, and everything was fine. So

>>>>> perms on serv1 are OK, but SYSVOL on serv9 is, in some way blocked.

>>>>>

>>>>> I undid the hosts entry, and I've compared both Share permissions

>>>>> for SYSVOL on serv9 to serv1, and also file-level security. Both are

>>>>> the same.

>>>>>

>>>>> Would the multi-home setup screw up sysvol sharing on serv9 in some

>>>>> way ?

>>>>>

>>>>> Adrian

>>>>>

>>>>> Meinolf Weber [MVP-DS] wrote:

>>>>>

>>>>>> Hello Adrian,

>>>>>>

>>>>>> As said before remove the RRAS form the DC and use a dedicated

>>>>>> member server instead. Additional the DC has 2 fixed ip addresses

>>>>>> (192.168.52.28 and 192.168.50.28), so remove

>>>>>> 192.168.52.28(different subnet), check the advanced NIC settings.

>>>>>>

>>>>>> Serv1 is a bot strange for you wrote an old SBS server, is it still

>>>>>> used and configured as DC? Wich DC has the 5 FSMO roles?

>>>>>>

>>>>>> Best regards

>>>>>>

>>>>>> Meinolf Weber

>>>>>> Disclaimer: This posting is provided "AS IS" with no warranties,

>>>>>> and

>>>>>> confers no rights.

>>>>>> ** Please do NOT email, only reply to Newsgroups

>>>>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

>>>>>>> Hi Meinolf,

>>>>>>>

>>>>>>> serv9 (DC + RRAS + DNS/WINS secondary) config below. Static

>>>>>>> assigned IPs.

>>>>>>>

>>>>>>> serv1 (192.168.50.3) is the main DNS/WINS server (an old SBS 2003

>>>>>>> server)

>>>>>>>

>>>>>>> Looking at it, I'm not sure why there are two .28 IPs defined on

>>>>>>> the LAN interface... I'll try removing one.

>>>>>>>

>>>>>>> C:Documents and Settingsadm1n>ipconfig /all

>>>>>>>

>>>>>>> Windows IP Configuration

>>>>>>>

>>>>>>> Host Name . . . . . . . . . . . . : ubiq-serv9

>>>>>>> Primary Dns Suffix . . . . . . . : mynetwork.local

>>>>>>> Node Type . . . . . . . . . . . . : Unknown

>>>>>>> IP Routing Enabled. . . . . . . . : Yes

>>>>>>> WINS Proxy Enabled. . . . . . . . : Yes

>>>>>>> DNS Suffix Search List. . . . . . : mynetwork.local

>>>>>>> PPP adapter RAS Server (Dial In) Interface:

>>>>>>> Connection-specific DNS Suffix . :

>>>>>>> Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface

>>>>>>> Physical Address. . . . . . . . . : 00-53-45-00-00-00

>>>>>>> DHCP Enabled. . . . . . . . . . . : No

>>>>>>> IP Address. . . . . . . . . . . . : 192.168.50.154

>>>>>>> Subnet Mask . . . . . . . . . . . : 255.255.255.255

>>>>>>> Default Gateway . . . . . . . . . :

>>>>>>> Ethernet adapter Local Area Connection:

>>>>>>> Connection-specific DNS Suffix . :

>>>>>>> Description . . . . . . . . . . . : Broadcom NetXtreme 57xx

>>>>>>> Gigabit

>>>>>>> Controller

>>>>>>> Physical Address. . . . . . . . . : 00-1A-A0-5E-6F-E3

>>>>>>> DHCP Enabled. . . . . . . . . . . : No

>>>>>>> IP Address. . . . . . . . . . . . : 192.168.52.28

>>>>>>> Subnet Mask . . . . . . . . . . . : 255.255.255.0

>>>>>>> IP Address. . . . . . . . . . . . : 192.168.50.28

>>>>>>> Subnet Mask . . . . . . . . . . . : 255.255.255.0

>>>>>>> Default Gateway . . . . . . . . . : 192.168.50.1

>>>>>>> DNS Servers . . . . . . . . . . . : 192.168.50.28

>>>>>>> Primary WINS Server . . . . . . . : 192.168.50.28

>>>>>>> Secondary WINS Server . . . . . . : 192.168.50.3

>>>>>>> Meinolf Weber [MVP-DS] wrote:

>>>>>>>> Hello Adrian,

>>>>>>>>

>>>>>>>> Please post an unedited ipconfig /all from the server. And to

>>>>>>>> answer your question, using RRAS on a DC is a kind of

>>>>>>>> multihoming.

>>>>>>>>

>>>>>>>> Best regards

>>>>>>>>

>>>>>>>> Meinolf Weber

>>>>>>>> Disclaimer: This posting is provided "AS IS" with no warranties,

>>>>>>>> and

>>>>>>>> confers no rights.

>>>>>>>> ** Please do NOT email, only reply to Newsgroups

>>>>>>>> ** HELP us help YOU!!!

>>>>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm

>>>>>>>>> Just to add: As I've seen some posts about multi-homed DCs.

>>>>>>>>>

>>>>>>>>> This is from one of the DCs itself. It has a single NIC, but it

>>>>>>>>> does provide RRAS (PPTP VPN) services to Internet clients. Not

>>>>>>>>> sure if that classifies it as multi-homed or not.

>>>>>>>>>

>>>>>>>>> DNS is configured for the internal DNS server (and as far as I

>>>>>>>>> can tell all the SRV records are good).

>>>>>>>>>

>>>>>>>>> There are some other issues on the DC I'm checking into about

>>>>>>>>> Autoenrollment and DC certificate failures (0x80070005), but

>>>>>>>>> clients seem to be ok using this server as a DC.

>>>>>>>>>

>>>>>>>>> Adrian Marsh (NNTP) wrote:

>>>>>>>>>

>>>>>>>>>> Hi,

>>>>>>>>>>

>>>>>>>>>> Looking at the event logs of some of my DCs, I've seeing a

>>>>>>>>>> complaint:

>>>>>>>>>>

>>>>>>>>>> Event Type: Error

>>>>>>>>>> Event Source: Userenv

>>>>>>>>>> Event Category: None

>>>>>>>>>> Event ID: 1058

>>>>>>>>>> Date: 23/07/2009

>>>>>>>>>> Time: 16:32:59

>>>>>>>>>> User: NT AUTHORITYSYSTEM

>>>>>>>>>> Computer: UBIQ-SERV9

>>>>>>>>>> Description:

>>>>>>>>>> Windows cannot access the file gpt.ini for GPO

>>>>>>>>>> CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System

>>>>>>>>>> ,D

>>>>>>>>>> C=

>>>>>>>>>> ub

>>>>>>>>>> iquisys,DC=local.

>>>>>>>>>> The file must be present at the location

>>>>>>>>>> >>>>>>>>> 6D

>>>>>>>>>> -1

>>>>>>>>>> 1D

>>>>>>>>>> 2-945F-00C04FB984F9}gpt.ini>.

>>>>>>>>>> (Access is denied. ). Group Policy processing aborted.

>>>>>>>>>> but the gpt.ini file is there (GPT.INI)

>>>>>>>>>> It has access perms:

>>>>>>>>>> Authenticated Users: Read & Execute

>>>>>>>>>> Server Operators R & E

>>>>>>>>>> Administrators Full Control

>>>>>>>>>> SYSTEM Full Control

>>>>>>>>>> seems ok to me !?!

>>

>>

Guest Meinolf Weber [MVP-DS]
Posted

Hello Adrian,

 

As mentioned before you should use SP2 and all latest patches.

 

Best regards

 

Meinolf Weber

Disclaimer: This posting is provided "AS IS" with no warranties, and confers

no rights.

** Please do NOT email, only reply to Newsgroups

** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

 

> Just to tie this off...

>

> I've not seen the error in a while now.

> I had another problem, with autoenrollment, where I found a fix for

> that, and maybe thats cured this too. Basically 2003 SP1 at some

> point

> had removed the Domain Controllers group membership of the DCOM group.

> I

> added that, autoenrollment cleared up and so now it seems this has

> too.

> Replication between sites also seems to work (although it does take a

> long time, and Im still not sure why)

>

> Adrian Marsh (NNTP) wrote:

>

>> Hi Mehinolf,

>>

>> As far as I can see, the transitioned machine (serv1) is all working

>> fine.

>>

>> I've setup another 2 DCs, in preperation for shutting down

>> ubiq-serv9. (In two sites). I'm now seeing some FRS-type propgation

>> issues in Sysvol I need to look at too. But only inter-site...

>>

>> Meinolf Weber [MVP-DS] wrote:

>>

>>> Hello Adrian,

>>>

>>> You mentioned that you moved from SBS with transition pack, maybe

>>> something is going wrong there.

>>>

>>> So i suggest, before removing the DC to use the SBS newsgroup:

>>> microsoft.public.windows.server.sbs

>>>

>>> Best regards

>>>

>>> Meinolf Weber

>>> Disclaimer: This posting is provided "AS IS" with no warranties, and

>>> confers no rights.

>>> ** Please do NOT email, only reply to Newsgroups

>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

>>>> Hi Meinholf,

>>>>

>>>> I'll run those tests, thankyou. I'm also wondering if FRS is

>>>> working properly, as when I look in SYSVOL, I can see some files in

>>>> serv9's, that I cant see in the PDC, serv1. So I'm thinking of

>>>> demoting serv9 (so were back temporarily to single DC), then

>>>> promoting serv8 (currently has a very lightly used SQL server on

>>>> it, single NIC).

>>>>

>>>> Basicaly, bring the network back to one known-working DC and

>>>> re-expand again from there.

>>>>

>>>> Adrian

>>>>

>>>> Meinolf Weber [MVP-DS] wrote:

>>>>

>>>>> Hello Adrian,

>>>>>

>>>>> Check that the sysvol and netlogon folder exist on srv9 and you

>>>>> can access them locally. Check your DCs with dcdidag /v, netdiag

>>>>> /v and repadmin /showrepl for errors.

>>>>>

>>>>> Also make sure they are all having SP2 installed and the latest

>>>>> patches. If that is the case check also this articles:

>>>>> http://support.microsoft.com/kb/887303

>>>>>

>>>>> http://support.microsoft.com/kb/314494/en-us

>>>>>

>>>>> http://support.microsoft.com/kb/842804/en-us

>>>>>

>>>>> http://support.microsoft.com/kb/883271/en-us

>>>>>

>>>>> http://support.microsoft.com/kb/290647

>>>>>

>>>>> Best regards

>>>>>

>>>>> Meinolf Weber

>>>>> Disclaimer: This posting is provided "AS IS" with no warranties,

>>>>> and

>>>>> confers no rights.

>>>>> ** Please do NOT email, only reply to Newsgroups

>>>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

>>>>>> Hi Meinolf,

>>>>>>

>>>>>> I've been diagnosing this a little further. I cant seperate out

>>>>>> the DC and RRAS just yet.

>>>>>>

>>>>>> Maybe the multi-homed setup is all the same cause here, but:

>>>>>>

>>>>>> I started to see the same error start to happen on serv1 too.

>>>>>> serv1 was an SBS 2003, but has had the transition pack applied.

>>>>>>

>>>>>> When I queried DNS on serv1, for mynetwork.local, it returned the

>>>>>> IP of ubiq-serv9, meaning that the A record for mynetwork.local

>>>>>> as a domain was not serv1, but serv9.

>>>>>>

>>>>>> serv1 holds all 5 Operations masters still.

>>>>>>

>>>>>> For some reason, I guess serv9 is updating DNS to point to

>>>>>> itself.

>>>>>>

>>>>>> When I tried to browse in explorer to mynetwork.localSYSVOL

>>>>>> from serv1 (so serv1 -> serv9), I get "... is not accessible. You

>>>>>> might not have permission to use this network resource"

>>>>>>

>>>>>> So, on serv1, I edited the local hosts file temporarily, to put

>>>>>> the A record for DNS to 192.168.50.3 (itself), did an "ipconfig

>>>>>> /flushdns" and re-browsed to SYSVOL, and everything was fine. So

>>>>>> perms on serv1 are OK, but SYSVOL on serv9 is, in some way

>>>>>> blocked.

>>>>>>

>>>>>> I undid the hosts entry, and I've compared both Share permissions

>>>>>> for SYSVOL on serv9 to serv1, and also file-level security. Both

>>>>>> are the same.

>>>>>>

>>>>>> Would the multi-home setup screw up sysvol sharing on serv9 in

>>>>>> some way ?

>>>>>>

>>>>>> Adrian

>>>>>>

>>>>>> Meinolf Weber [MVP-DS] wrote:

>>>>>>

>>>>>>> Hello Adrian,

>>>>>>>

>>>>>>> As said before remove the RRAS form the DC and use a dedicated

>>>>>>> member server instead. Additional the DC has 2 fixed ip

>>>>>>> addresses (192.168.52.28 and 192.168.50.28), so remove

>>>>>>> 192.168.52.28(different subnet), check the advanced NIC

>>>>>>> settings.

>>>>>>>

>>>>>>> Serv1 is a bot strange for you wrote an old SBS server, is it

>>>>>>> still used and configured as DC? Wich DC has the 5 FSMO roles?

>>>>>>>

>>>>>>> Best regards

>>>>>>>

>>>>>>> Meinolf Weber

>>>>>>> Disclaimer: This posting is provided "AS IS" with no warranties,

>>>>>>> and

>>>>>>> confers no rights.

>>>>>>> ** Please do NOT email, only reply to Newsgroups

>>>>>>> ** HELP us help YOU!!!

>>>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm

>>>>>>>> Hi Meinolf,

>>>>>>>>

>>>>>>>> serv9 (DC + RRAS + DNS/WINS secondary) config below. Static

>>>>>>>> assigned IPs.

>>>>>>>>

>>>>>>>> serv1 (192.168.50.3) is the main DNS/WINS server (an old SBS

>>>>>>>> 2003 server)

>>>>>>>>

>>>>>>>> Looking at it, I'm not sure why there are two .28 IPs defined

>>>>>>>> on the LAN interface... I'll try removing one.

>>>>>>>>

>>>>>>>> C:Documents and Settingsadm1n>ipconfig /all

>>>>>>>>

>>>>>>>> Windows IP Configuration

>>>>>>>>

>>>>>>>> Host Name . . . . . . . . . . . . : ubiq-serv9

>>>>>>>> Primary Dns Suffix . . . . . . . : mynetwork.local

>>>>>>>> Node Type . . . . . . . . . . . . : Unknown

>>>>>>>> IP Routing Enabled. . . . . . . . : Yes

>>>>>>>> WINS Proxy Enabled. . . . . . . . : Yes

>>>>>>>> DNS Suffix Search List. . . . . . : mynetwork.local

>>>>>>>> PPP adapter RAS Server (Dial In) Interface:

>>>>>>>> Connection-specific DNS Suffix . :

>>>>>>>> Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface

>>>>>>>> Physical Address. . . . . . . . . : 00-53-45-00-00-00

>>>>>>>> DHCP Enabled. . . . . . . . . . . : No

>>>>>>>> IP Address. . . . . . . . . . . . : 192.168.50.154

>>>>>>>> Subnet Mask . . . . . . . . . . . : 255.255.255.255

>>>>>>>> Default Gateway . . . . . . . . . :

>>>>>>>> Ethernet adapter Local Area Connection:

>>>>>>>> Connection-specific DNS Suffix . :

>>>>>>>> Description . . . . . . . . . . . : Broadcom NetXtreme 57xx

>>>>>>>> Gigabit

>>>>>>>> Controller

>>>>>>>> Physical Address. . . . . . . . . : 00-1A-A0-5E-6F-E3

>>>>>>>> DHCP Enabled. . . . . . . . . . . : No

>>>>>>>> IP Address. . . . . . . . . . . . : 192.168.52.28

>>>>>>>> Subnet Mask . . . . . . . . . . . : 255.255.255.0

>>>>>>>> IP Address. . . . . . . . . . . . : 192.168.50.28

>>>>>>>> Subnet Mask . . . . . . . . . . . : 255.255.255.0

>>>>>>>> Default Gateway . . . . . . . . . : 192.168.50.1

>>>>>>>> DNS Servers . . . . . . . . . . . : 192.168.50.28

>>>>>>>> Primary WINS Server . . . . . . . : 192.168.50.28

>>>>>>>> Secondary WINS Server . . . . . . : 192.168.50.3

>>>>>>>> Meinolf Weber [MVP-DS] wrote:

>>>>>>>>> Hello Adrian,

>>>>>>>>>

>>>>>>>>> Please post an unedited ipconfig /all from the server. And to

>>>>>>>>> answer your question, using RRAS on a DC is a kind of

>>>>>>>>> multihoming.

>>>>>>>>>

>>>>>>>>> Best regards

>>>>>>>>>

>>>>>>>>> Meinolf Weber

>>>>>>>>> Disclaimer: This posting is provided "AS IS" with no

>>>>>>>>> warranties,

>>>>>>>>> and

>>>>>>>>> confers no rights.

>>>>>>>>> ** Please do NOT email, only reply to Newsgroups

>>>>>>>>> ** HELP us help YOU!!!

>>>>>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm

>>>>>>>>>> Just to add: As I've seen some posts about multi-homed DCs.

>>>>>>>>>>

>>>>>>>>>> This is from one of the DCs itself. It has a single NIC, but

>>>>>>>>>> it does provide RRAS (PPTP VPN) services to Internet clients.

>>>>>>>>>> Not sure if that classifies it as multi-homed or not.

>>>>>>>>>>

>>>>>>>>>> DNS is configured for the internal DNS server (and as far as

>>>>>>>>>> I can tell all the SRV records are good).

>>>>>>>>>>

>>>>>>>>>> There are some other issues on the DC I'm checking into about

>>>>>>>>>> Autoenrollment and DC certificate failures (0x80070005), but

>>>>>>>>>> clients seem to be ok using this server as a DC.

>>>>>>>>>>

>>>>>>>>>> Adrian Marsh (NNTP) wrote:

>>>>>>>>>>

>>>>>>>>>>> Hi,

>>>>>>>>>>>

>>>>>>>>>>> Looking at the event logs of some of my DCs, I've seeing a

>>>>>>>>>>> complaint:

>>>>>>>>>>>

>>>>>>>>>>> Event Type: Error

>>>>>>>>>>> Event Source: Userenv

>>>>>>>>>>> Event Category: None

>>>>>>>>>>> Event ID: 1058

>>>>>>>>>>> Date: 23/07/2009

>>>>>>>>>>> Time: 16:32:59

>>>>>>>>>>> User: NT AUTHORITYSYSTEM

>>>>>>>>>>> Computer: UBIQ-SERV9

>>>>>>>>>>> Description:

>>>>>>>>>>> Windows cannot access the file gpt.ini for GPO

>>>>>>>>>>> CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=Sys

>>>>>>>>>>> tem

>>>>>>>>>>> ,D

>>>>>>>>>>> C=

>>>>>>>>>>> ub

>>>>>>>>>>> iquisys,DC=local.

>>>>>>>>>>> The file must be present at the location

>>>>>>>>>>> >>>>>>>>>> -01

>>>>>>>>>>> 6D

>>>>>>>>>>> -1

>>>>>>>>>>> 1D

>>>>>>>>>>> 2-945F-00C04FB984F9}gpt.ini>.

>>>>>>>>>>> (Access is denied. ). Group Policy processing aborted.

>>>>>>>>>>> but the gpt.ini file is there (GPT.INI)

>>>>>>>>>>> It has access perms:

>>>>>>>>>>> Authenticated Users: Read & Execute

>>>>>>>>>>> Server Operators R & E

>>>>>>>>>>> Administrators Full Control

>>>>>>>>>>> SYSTEM Full Control

>>>>>>>>>>> seems ok to me !?!

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...