Brian, are you familiar with the netdiag and dcdiag utilities? You can find them on the domain controller (cmd line utilities). It helps if you use the /v switch and pipe it to a text file for later review. Something like "netdiag /v >c:\netdiage.txt" would do it. Can you have a look at those and post the results? Feel free to change the names and ip addrs, but please keep them consistent and easy to read. Al
________________________________ From: [EMAIL PROTECTED] on behalf of Brian Atkins Sent: Wed 9/7/2005 10:56 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Where to begin... Good Morning. I'm brand new to the list and am seeking assistance out of desperation/frustration. I think that I should preface my story with the statement that I am not an experienced Microsoft admin, but am partially filling a void in our organization. Most of my experience is Unix/Linux, but my Microsoft experience has been trial by fire... OK, here's the deal: Over the past few weeks I have been seeing some strange behavior with our PDC. After applying MS security updates 3 weeks ago, I have had some interesting issues related to authentication and DNS. It started with our Sophos (AV) Console not being able to 'push' software out to new workstations due to invalid credentials, even though we were using a domain admin account. After some research, I thought that I had nailed it down to Hotfix KB899587, which was a security patch for Kerbos. I removed the hotfix, but after several days put it back as it appeared to make things worse. As of late I have had issues with NT workstations suddenly not being able to authenticate or just not being able to see other workstation's shares. I thought (again) that I had narrowed it down to DNS, but, even though I was able to fix a few minor issues with PTR records, the problem still exists. Here are a few examples of what I am seeing: Scenario #1: NT Workstation Original issue was that the user could not log on using her domain account. I removed, then rejoined the workstation to the domain (several times). Domain authentication now works, but when browsing the network shares, that workstation cannot 'see' the PDC's shares (access denied), but I can see all of the other shares, including the BDC's. I verified the share permissions were OK. Also, when joining it to the domain, I had to create the computer in AD prior to joining. It would not allow me to create the object using the check box at the bottom. Scenario #2: XP workstation This morning, following the change of the PTR records that were in error, a user complained that she could no longer log onto her workstation using her domain account. There errors that I see are NET LOGON 5790 "unable to locate a suitable domain controller". This one just happened, but there have been multiple issues across the network. I would greatly appreciate some insight. I'm not sure what I can provide to assist... Thanks, -- Brian "An adventure is never an adventure when it's happening. Challenging experiences need time to ferment, and an adventure is simply physical and emotional discomfort recollected in tranquility." -- Tim Cahill List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
<<winmail.dat>>
