[ActiveDir] Please Help Solve this issue
Dear All, I know this is not the Place for this question at all . What i need is , i want to have a discussion forums for CISCO Certificates like CCNA CCNP as well. I will highly appritiated if some one help me , because i did it and i could not find any thing usefule for me . Thanks Best regards, Rania, Egypt. 27, F, Single Network Administrator. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] ADMap request fulfillments...
All - I want to apologize to all those that have been patiently waiting for the ADMap that I promised. It is going to be sent out today. Let's just say that closing out my current project became more hectic than it first appeared. However, I have a slew of names that wanted the tool, and I'm quite pleased at the response. I'll have one mass e-mail going out this afternoon to everyone (well, everyone who requested it... Let's not get TOO crazy), and I'll pick up those later (I'm out of town until Saturday late) that are still straggling in. I will continue to fulfill requests as long as I can. Rick [msft] -- Posting is provided AS IS, and confers no rights or warranties ... List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Please Help Solve this issue
The Cisco-nsp DL on puck.nether.net is a good resource... Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of rania Sent: Friday, October 21, 2005 7:02 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Please Help Solve this issue Dear All, I know this is not the Place for this question at all . What i need is , i want to have a discussion forums for CISCO Certificates like CCNA CCNP as well. I will highly appritiated if some one help me , because i did it and i could not find any thing usefule for me . Thanks Best regards, Rania, Egypt. 27, F, Single Network Administrator. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Please Help Solve this issue
Heres a link to the official Cisco certification forums: http://forum.cisco.com/eforum/servlet/NetProf?page=Career_Certifications_discussion Brent Eads Employee Technology Solutions, Inc. The contents contain privileged and/or confidential information intended for the named recipient of this email. ETSI (Employee Technology Solutions, Inc.) does not warrant that the contents of any electronically transmitted information will remain confidential. If the reader of this email is not the intended recipient you are hereby notified that any use, reproduction, disclosure or distribution of the information contained in the email in error, please reply to us immediately and delete the document. Viruses, Malware, Phishing and other known and unknown electronic threats: It is the recipient/client's duties to perform virus scans and otherwise test the information provided before loading onto any computer system. No warranty is made that this material is free from computer virus or any other defect. Any loss/damage incurred by using this material is not the sender's responsibility. Liability will be limited to resupplying the material. Brian Desmond [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 10/22/2005 10:52 AM Please respond to ActiveDir@mail.activedir.org To ActiveDir@mail.activedir.org cc Subject RE: [ActiveDir] Please Help Solve this issue The Cisco-nsp DL on puck.nether.net is a good resource... Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of rania Sent: Friday, October 21, 2005 7:02 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Please Help Solve this issue Dear All, I know this is not the Place for this question at all . What i need is , i want to have a discussion forums for CISCO Certificates like CCNA CCNP as well. I will highly appritiated if some one help me , because i did it and i could not find any thing usefule for me . Thanks Best regards, Rania, Egypt. 27, F, Single Network Administrator. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ Message scanned by TrendMicro Message scanned by TrendMicro
[ActiveDir] Can't access root domain
Hi, I'm having the following issues: When I try to open a share on our root domain from the child domain I get prompted for an username and password, but I'm not allowed to open it although I log on with the root domain admin. The root domain DC also runs Exchange (I know, bad) and I'm no longer capable ofediting exchange settings via active directory users and computers from the child domain. I'm however capable to access Exchange via the server manager from the child domain. When editing share permissions on a file server in the child domain I get prompted for the root domain admin, but accessis denied. WhenI cancel the prompt I can edit the permissions as usual. The root domain admin can no longer log on to servers in the child domain via remote desktopconnection. From the root domainI can browse the child domain normally.Access to Exchange from the child domain (Outlook) works ok, as does OWA. This behavior started when one of the two DC's in the child domain was updated to SP1. All servers run Server 2003. The updated server also gives MS DTC errors (event id 72 and 71, MS DTC could not correctly process a DC Promotion/Demotion event).When access is denied, no security events are logged. Any clues? Thanks, Jeroen Peters
Re: [ActiveDir] Can't access root domain
http://support.microsoft.com/?kbid=898060 Have you installed that? Jeroen Peters wrote: Hi, I'm having the following issues: When I try to open a share on our root domain from the child domain I get prompted for an username and password, but I'm not allowed to open it although I log on with the root domain admin. The root domain DC also runs Exchange (I know, bad) and I'm no longer capable of editing exchange settings via active directory users and computers from the child domain. I'm however capable to access Exchange via the server manager from the child domain. When editing share permissions on a file server in the child domain I get prompted for the root domain admin, but access is denied. When I cancel the prompt I can edit the permissions as usual. The root domain admin can no longer log on to servers in the child domain via remote desktop connection. From the root domain I can browse the child domain normally. Access to Exchange from the child domain (Outlook) works ok, as does OWA. This behavior started when one of the two DC's in the child domain was updated to SP1. All servers run Server 2003. The updated server also gives MS DTC errors (event id 72 and 71, MS DTC could not correctly process a DC Promotion/Demotion event). When access is denied, no security events are logged. Any clues? Thanks, Jeroen Peters List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] Can't access root domain
And BTWI don't see a problem running Exchange on a DC ;-) You'll need this hotfix http://support.microsoft.com/?kbid=898060 anyway before applying Exchange 2003 sp2. Jeroen Peters wrote: Hi, I'm having the following issues: When I try to open a share on our root domain from the child domain I get prompted for an username and password, but I'm not allowed to open it although I log on with the root domain admin. The root domain DC also runs Exchange (I know, bad) and I'm no longer capable of editing exchange settings via active directory users and computers from the child domain. I'm however capable to access Exchange via the server manager from the child domain. When editing share permissions on a file server in the child domain I get prompted for the root domain admin, but access is denied. When I cancel the prompt I can edit the permissions as usual. The root domain admin can no longer log on to servers in the child domain via remote desktop connection. From the root domain I can browse the child domain normally. Access to Exchange from the child domain (Outlook) works ok, as does OWA. This behavior started when one of the two DC's in the child domain was updated to SP1. All servers run Server 2003. The updated server also gives MS DTC errors (event id 72 and 71, MS DTC could not correctly process a DC Promotion/Demotion event). When access is denied, no security events are logged. Any clues? Thanks, Jeroen Peters List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Can't access root domain
Yes, that's installed but that aren't the symptoms. I have only switches, no routers between the domains. The DC in the root domain is reachable by RDP. On Exchange on DC's, you really should avoid that. I've done it because of budget reasons, and I regret it very much. It is also inreversable, you can't demote a DC with exchange on it. Normal restarting is history to, you have to first shutdown exchange (scripted that) before you shutdown or restart, or you want to wait a really long time. When you add ram above 1GB, you have a problem too because DC's with +1GB ram need a different configuration then exchange servers with +1GB ram. In short, Exchange on DC's sucks. Regards, Jeroen -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley Sent: Saturday, October 22, 2005 9:59 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Can't access root domain And BTWI don't see a problem running Exchange on a DC ;-) You'll need this hotfix http://support.microsoft.com/?kbid=898060 anyway before applying Exchange 2003 sp2. Jeroen Peters wrote: Hi, I'm having the following issues: When I try to open a share on our root domain from the child domain I get prompted for an username and password, but I'm not allowed to open it although I log on with the root domain admin. The root domain DC also runs Exchange (I know, bad) and I'm no longer capable of editing exchange settings via active directory users and computers from the child domain. I'm however capable to access Exchange via the server manager from the child domain. When editing share permissions on a file server in the child domain I get prompted for the root domain admin, but access is denied. When I cancel the prompt I can edit the permissions as usual. The root domain admin can no longer log on to servers in the child domain via remote desktop connection. From the root domain I can browse the child domain normally. Access to Exchange from the child domain (Outlook) works ok, as does OWA. This behavior started when one of the two DC's in the child domain was updated to SP1. All servers run Server 2003. The updated server also gives MS DTC errors (event id 72 and 71, MS DTC could not correctly process a DC Promotion/Demotion event). When access is denied, no security events are logged. Any clues? Thanks, Jeroen Peters List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] Can't access root domain
http://www.eventid.net/display.asp?eventid=53258eventno=4493source=MSDTCphase=1 Try that event code. Susan Bradley wrote: I'm SBS sir. We're used to this. Honestly it's not 'that' long for us... my box shuts down in a reasonable time fram. Actually it's +3 not +1 gig...but we don't need the /3 gig switch settings either we max at 4 gig and there are KBs that specifically state that the /3 is irrelevant to us... But back to youDo you have the exact error messages as I'm not finding 71/72 with MSDTC http://www.eventid.net/display.asp?eventid=72source= Jeroen Peters wrote: Yes, that's installed but that aren't the symptoms. I have only switches, no routers between the domains. The DC in the root domain is reachable by RDP. On Exchange on DC's, you really should avoid that. I've done it because of budget reasons, and I regret it very much. It is also inreversable, you can't demote a DC with exchange on it. Normal restarting is history to, you have to first shutdown exchange (scripted that) before you shutdown or restart, or you want to wait a really long time. When you add ram above 1GB, you have a problem too because DC's with +1GB ram need a different configuration then exchange servers with +1GB ram. In short, Exchange on DC's sucks. Regards, Jeroen -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley Sent: Saturday, October 22, 2005 9:59 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Can't access root domain And BTWI don't see a problem running Exchange on a DC ;-) You'll need this hotfix http://support.microsoft.com/?kbid=898060 anyway before applying Exchange 2003 sp2. Jeroen Peters wrote: Hi, I'm having the following issues: When I try to open a share on our root domain from the child domain I get prompted for an username and password, but I'm not allowed to open it although I log on with the root domain admin. The root domain DC also runs Exchange (I know, bad) and I'm no longer capable of editing exchange settings via active directory users and computers from the child domain. I'm however capable to access Exchange via the server manager from the child domain. When editing share permissions on a file server in the child domain I get prompted for the root domain admin, but access is denied. When I cancel the prompt I can edit the permissions as usual. The root domain admin can no longer log on to servers in the child domain via remote desktop connection. From the root domain I can browse the child domain normally. Access to Exchange from the child domain (Outlook) works ok, as does OWA. This behavior started when one of the two DC's in the child domain was updated to SP1. All servers run Server 2003. The updated server also gives MS DTC errors (event id 72 and 71, MS DTC could not correctly process a DC Promotion/Demotion event). When access is denied, no security events are logged. Any clues? Thanks, Jeroen Peters List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] Can't access root domain
When access is denied... what's the message you get? Jeroen Peters wrote: The MS DTC errors are now gone (reset the log and restarted service), thanks! Rest of the issues remain. Regards, Jeroen -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley Sent: Saturday, October 22, 2005 11:12 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Can't access root domain http://www.eventid.net/display.asp?eventid=53258eventno=4493source=MSDTCp hase=1 Try that event code. Susan Bradley wrote: I'm SBS sir. We're used to this. Honestly it's not 'that' long for us... my box shuts down in a reasonable time fram. Actually it's +3 not +1 gig...but we don't need the /3 gig switch settings either we max at 4 gig and there are KBs that specifically state that the /3 is irrelevant to us... But back to youDo you have the exact error messages as I'm not finding 71/72 with MSDTC http://www.eventid.net/display.asp?eventid=72source= Jeroen Peters wrote: Yes, that's installed but that aren't the symptoms. I have only switches, no routers between the domains. The DC in the root domain is reachable by RDP. On Exchange on DC's, you really should avoid that. I've done it because of budget reasons, and I regret it very much. It is also inreversable, you can't demote a DC with exchange on it. Normal restarting is history to, you have to first shutdown exchange (scripted that) before you shutdown or restart, or you want to wait a really long time. When you add ram above 1GB, you have a problem too because DC's with +1GB ram need a different configuration then exchange servers with +1GB ram. In short, Exchange on DC's sucks. Regards, Jeroen -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley Sent: Saturday, October 22, 2005 9:59 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Can't access root domain And BTWI don't see a problem running Exchange on a DC ;-) You'll need this hotfix http://support.microsoft.com/?kbid=898060 anyway before applying Exchange 2003 sp2. Jeroen Peters wrote: Hi, I'm having the following issues: When I try to open a share on our root domain from the child domain I get prompted for an username and password, but I'm not allowed to open it although I log on with the root domain admin. The root domain DC also runs Exchange (I know, bad) and I'm no longer capable of editing exchange settings via active directory users and computers from the child domain. I'm however capable to access Exchange via the server manager from the child domain. When editing share permissions on a file server in the child domain I get prompted for the root domain admin, but access is denied. When I cancel the prompt I can edit the permissions as usual. The root domain admin can no longer log on to servers in the child domain via remote desktop connection. From the root domain I can browse the child domain normally. Access to Exchange from the child domain (Outlook) works ok, as does OWA. This behavior started when one of the two DC's in the child domain was updated to SP1. All servers run Server 2003. The updated server also gives MS DTC errors (event id 72 and 71, MS DTC could not correctly process a DC Promotion/Demotion event). When access is denied, no security events are logged. Any clues? Thanks, Jeroen Peters List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Can't access root domain
The message is the same as when loging on with a wrong username/password. The result is also the same, no acccess to the share. And I'm really sure that I type the correct username/password :-) The message in Active directory users and computers when editing exchange settings states that it cannot find the exchange server. (DNS is ok, clients have no problem finding the Exchange server). Regards, Jeroen -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley Sent: Saturday, October 22, 2005 11:51 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Can't access root domain When access is denied... what's the message you get? Jeroen Peters wrote: The MS DTC errors are now gone (reset the log and restarted service), thanks! Rest of the issues remain. Regards, Jeroen -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley Sent: Saturday, October 22, 2005 11:12 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Can't access root domain http://www.eventid.net/display.asp?eventid=53258eventno=4493source=MS DTCp hase=1 Try that event code. Susan Bradley wrote: I'm SBS sir. We're used to this. Honestly it's not 'that' long for us... my box shuts down in a reasonable time fram. Actually it's +3 not +1 gig...but we don't need the /3 gig switch settings either we max at 4 gig and there are KBs that specifically state that the /3 is irrelevant to us... But back to youDo you have the exact error messages as I'm not finding 71/72 with MSDTC http://www.eventid.net/display.asp?eventid=72source= Jeroen Peters wrote: Yes, that's installed but that aren't the symptoms. I have only switches, no routers between the domains. The DC in the root domain is reachable by RDP. On Exchange on DC's, you really should avoid that. I've done it because of budget reasons, and I regret it very much. It is also inreversable, you can't demote a DC with exchange on it. Normal restarting is history to, you have to first shutdown exchange (scripted that) before you shutdown or restart, or you want to wait a really long time. When you add ram above 1GB, you have a problem too because DC's with +1GB ram need a different configuration then exchange servers with +1GB ram. In short, Exchange on DC's sucks. Regards, Jeroen -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley Sent: Saturday, October 22, 2005 9:59 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Can't access root domain And BTWI don't see a problem running Exchange on a DC ;-) You'll need this hotfix http://support.microsoft.com/?kbid=898060 anyway before applying Exchange 2003 sp2. Jeroen Peters wrote: Hi, I'm having the following issues: When I try to open a share on our root domain from the child domain I get prompted for an username and password, but I'm not allowed to open it although I log on with the root domain admin. The root domain DC also runs Exchange (I know, bad) and I'm no longer capable of editing exchange settings via active directory users and computers from the child domain. I'm however capable to access Exchange via the server manager from the child domain. When editing share permissions on a file server in the child domain I get prompted for the root domain admin, but access is denied. When I cancel the prompt I can edit the permissions as usual. The root domain admin can no longer log on to servers in the child domain via remote desktop connection. From the root domain I can browse the child domain normally. Access to Exchange from the child domain (Outlook) works ok, as does OWA. This behavior started when one of the two DC's in the child domain was updated to SP1. All servers run Server 2003. The updated server also gives MS DTC errors (event id 72 and 71, MS DTC could not correctly process a DC Promotion/Demotion event). When access is denied, no security events are logged. Any clues? Thanks, Jeroen Peters List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive:
Re: [ActiveDir] Can't access root domain
I should probably shut up and lurk until the real gurus show up ...but I guess I need to let you know why I'm so annoyingly insistent on the 'exact' error message that you are seeing 'word for word'. 99.99% of the help I give in SBS newsgroups I honestly never see in real life...I try to stay away from such things as running out of room on Exchange and what not but if you give me the 'exact' error message ...man can I google [and no ... I cannot MSN search you need google groups for this]. It appears permission based but the more 'exact' of an error message you have... the better I can narrow down the issue. Those error messages often times show up in KB titles and what not. Right now googling on 'Active directory users and computers cannot find the exchange server' ... I'm hitting more basic setup issues. Jeroen Peters wrote: The message is the same as when loging on with a wrong username/password. The result is also the same, no acccess to the share. And I'm really sure that I type the correct username/password :-) The message in Active directory users and computers when editing exchange settings states that it cannot find the exchange server. (DNS is ok, clients have no problem finding the Exchange server). Regards, Jeroen -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley Sent: Saturday, October 22, 2005 11:51 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Can't access root domain When access is denied... what's the message you get? Jeroen Peters wrote: The MS DTC errors are now gone (reset the log and restarted service), thanks! Rest of the issues remain. Regards, Jeroen -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley Sent: Saturday, October 22, 2005 11:12 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Can't access root domain http://www.eventid.net/display.asp?eventid=53258eventno=4493source=MS DTCp hase=1 Try that event code. Susan Bradley wrote: I'm SBS sir. We're used to this. Honestly it's not 'that' long for us... my box shuts down in a reasonable time fram. Actually it's +3 not +1 gig...but we don't need the /3 gig switch settings either we max at 4 gig and there are KBs that specifically state that the /3 is irrelevant to us... But back to youDo you have the exact error messages as I'm not finding 71/72 with MSDTC http://www.eventid.net/display.asp?eventid=72source= Jeroen Peters wrote: Yes, that's installed but that aren't the symptoms. I have only switches, no routers between the domains. The DC in the root domain is reachable by RDP. On Exchange on DC's, you really should avoid that. I've done it because of budget reasons, and I regret it very much. It is also inreversable, you can't demote a DC with exchange on it. Normal restarting is history to, you have to first shutdown exchange (scripted that) before you shutdown or restart, or you want to wait a really long time. When you add ram above 1GB, you have a problem too because DC's with +1GB ram need a different configuration then exchange servers with +1GB ram. In short, Exchange on DC's sucks. Regards, Jeroen -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley Sent: Saturday, October 22, 2005 9:59 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Can't access root domain And BTWI don't see a problem running Exchange on a DC ;-) You'll need this hotfix http://support.microsoft.com/?kbid=898060 anyway before applying Exchange 2003 sp2. Jeroen Peters wrote: Hi, I'm having the following issues: When I try to open a share on our root domain from the child domain I get prompted for an username and password, but I'm not allowed to open it although I log on with the root domain admin. The root domain DC also runs Exchange (I know, bad) and I'm no longer capable of editing exchange settings via active directory users and computers from the child domain. I'm however capable to access Exchange via the server manager from the child domain. When editing share permissions on a file server in the child domain I get prompted for the root domain admin, but access is denied. When I cancel the prompt I can edit the permissions as usual. The root domain admin can no longer log on to servers in the child domain via remote desktop connection. From the root domain I can browse the child domain normally. Access to Exchange from the child domain (Outlook) works ok, as does OWA. This behavior started when one of the two DC's in the child domain was updated to SP1. All servers run Server 2003. The updated server also gives MS DTC errors (event id 72 and 71, MS DTC could not correctly process a DC Promotion/Demotion event). When access is denied, no security events are logged. Any clues? Thanks, Jeroen Peters
RE: [ActiveDir] Can't access root domain
Are your administrative shares all intact in the root domain? C$ D$ IPC$ etc etc. Mark -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeroen Peters Sent: 22 October 2005 22:59 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Can't access root domain The message is the same as when loging on with a wrong username/password. The result is also the same, no acccess to the share. And I'm really sure that I type the correct username/password :-) The message in Active directory users and computers when editing exchange settings states that it cannot find the exchange server. (DNS is ok, clients have no problem finding the Exchange server). Regards, Jeroen -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley Sent: Saturday, October 22, 2005 11:51 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Can't access root domain When access is denied... what's the message you get? Jeroen Peters wrote: The MS DTC errors are now gone (reset the log and restarted service), thanks! Rest of the issues remain. Regards, Jeroen -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley Sent: Saturday, October 22, 2005 11:12 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Can't access root domain http://www.eventid.net/display.asp?eventid=53258eventno=4493source=MS DTCp hase=1 Try that event code. Susan Bradley wrote: I'm SBS sir. We're used to this. Honestly it's not 'that' long for us... my box shuts down in a reasonable time fram. Actually it's +3 not +1 gig...but we don't need the /3 gig switch settings either we max at 4 gig and there are KBs that specifically state that the /3 is irrelevant to us... But back to youDo you have the exact error messages as I'm not finding 71/72 with MSDTC http://www.eventid.net/display.asp?eventid=72source= Jeroen Peters wrote: Yes, that's installed but that aren't the symptoms. I have only switches, no routers between the domains. The DC in the root domain is reachable by RDP. On Exchange on DC's, you really should avoid that. I've done it because of budget reasons, and I regret it very much. It is also inreversable, you can't demote a DC with exchange on it. Normal restarting is history to, you have to first shutdown exchange (scripted that) before you shutdown or restart, or you want to wait a really long time. When you add ram above 1GB, you have a problem too because DC's with +1GB ram need a different configuration then exchange servers with +1GB ram. In short, Exchange on DC's sucks. Regards, Jeroen -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley Sent: Saturday, October 22, 2005 9:59 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Can't access root domain And BTWI don't see a problem running Exchange on a DC ;-) You'll need this hotfix http://support.microsoft.com/?kbid=898060 anyway before applying Exchange 2003 sp2. Jeroen Peters wrote: Hi, I'm having the following issues: When I try to open a share on our root domain from the child domain I get prompted for an username and password, but I'm not allowed to open it although I log on with the root domain admin. The root domain DC also runs Exchange (I know, bad) and I'm no longer capable of editing exchange settings via active directory users and computers from the child domain. I'm however capable to access Exchange via the server manager from the child domain. When editing share permissions on a file server in the child domain I get prompted for the root domain admin, but access is denied. When I cancel the prompt I can edit the permissions as usual. The root domain admin can no longer log on to servers in the child domain via remote desktop connection. From the root domain I can browse the child domain normally. Access to Exchange from the child domain (Outlook) works ok, as does OWA. This behavior started when one of the two DC's in the child domain was updated to SP1. All servers run Server 2003. The updated server also gives MS DTC errors (event id 72 and 71, MS DTC could not correctly process a DC Promotion/Demotion event). When access is denied, no security events are logged. Any clues? Thanks, Jeroen Peters List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info :
RE: [ActiveDir] Can't access root domain
With the ADUC, have you installed any Exchange Service packs on your management station? It's not just for servers but for the Admin console too, I have found issues here before my not doing this. Mark -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley Sent: 22 October 2005 23:26 To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Can't access root domain I should probably shut up and lurk until the real gurus show up ...but I guess I need to let you know why I'm so annoyingly insistent on the 'exact' error message that you are seeing 'word for word'. 99.99% of the help I give in SBS newsgroups I honestly never see in real life...I try to stay away from such things as running out of room on Exchange and what not but if you give me the 'exact' error message ...man can I google [and no ... I cannot MSN search you need google groups for this]. It appears permission based but the more 'exact' of an error message you have... the better I can narrow down the issue. Those error messages often times show up in KB titles and what not. Right now googling on 'Active directory users and computers cannot find the exchange server' ... I'm hitting more basic setup issues. Jeroen Peters wrote: The message is the same as when loging on with a wrong username/password. The result is also the same, no acccess to the share. And I'm really sure that I type the correct username/password :-) The message in Active directory users and computers when editing exchange settings states that it cannot find the exchange server. (DNS is ok, clients have no problem finding the Exchange server). Regards, Jeroen -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley Sent: Saturday, October 22, 2005 11:51 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Can't access root domain When access is denied... what's the message you get? Jeroen Peters wrote: The MS DTC errors are now gone (reset the log and restarted service), thanks! Rest of the issues remain. Regards, Jeroen -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley Sent: Saturday, October 22, 2005 11:12 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Can't access root domain http://www.eventid.net/display.asp?eventid=53258eventno=4493source=MS DTCp hase=1 Try that event code. Susan Bradley wrote: I'm SBS sir. We're used to this. Honestly it's not 'that' long for us... my box shuts down in a reasonable time fram. Actually it's +3 not +1 gig...but we don't need the /3 gig switch settings either we max at 4 gig and there are KBs that specifically state that the /3 is irrelevant to us... But back to youDo you have the exact error messages as I'm not finding 71/72 with MSDTC http://www.eventid.net/display.asp?eventid=72source= Jeroen Peters wrote: Yes, that's installed but that aren't the symptoms. I have only switches, no routers between the domains. The DC in the root domain is reachable by RDP. On Exchange on DC's, you really should avoid that. I've done it because of budget reasons, and I regret it very much. It is also inreversable, you can't demote a DC with exchange on it. Normal restarting is history to, you have to first shutdown exchange (scripted that) before you shutdown or restart, or you want to wait a really long time. When you add ram above 1GB, you have a problem too because DC's with +1GB ram need a different configuration then exchange servers with +1GB ram. In short, Exchange on DC's sucks. Regards, Jeroen -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley Sent: Saturday, October 22, 2005 9:59 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Can't access root domain And BTWI don't see a problem running Exchange on a DC ;-) You'll need this hotfix http://support.microsoft.com/?kbid=898060 anyway before applying Exchange 2003 sp2. Jeroen Peters wrote: Hi, I'm having the following issues: When I try to open a share on our root domain from the child domain I get prompted for an username and password, but I'm not allowed to open it although I log on with the root domain admin. The root domain DC also runs Exchange (I know, bad) and I'm no longer capable of editing exchange settings via active directory users and computers from the child domain. I'm however capable to access Exchange via the server manager from the child domain. When editing share permissions on a file server in the child domain I get prompted for the root domain admin, but access is denied. When I cancel the prompt I can edit the permissions as usual. The root domain admin can no longer log on to servers in the child domain via remote desktop connection. From the root domain I can browse the child domain normally. Access to
RE: [ActiveDir] Can't access root domain
Have you validated that time is synchronized between the two systems? Can you verify that the enterprise admins group remains a member of the child domain's domain admin group? Aric -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeroen Peters Sent: Saturday, October 22, 2005 2:59 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Can't access root domain The message is the same as when loging on with a wrong username/password. The result is also the same, no acccess to the share. And I'm really sure that I type the correct username/password :-) The message in Active directory users and computers when editing exchange settings states that it cannot find the exchange server. (DNS is ok, clients have no problem finding the Exchange server). Regards, Jeroen -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley Sent: Saturday, October 22, 2005 11:51 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Can't access root domain When access is denied... what's the message you get? Jeroen Peters wrote: The MS DTC errors are now gone (reset the log and restarted service), thanks! Rest of the issues remain. Regards, Jeroen -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley Sent: Saturday, October 22, 2005 11:12 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Can't access root domain http://www.eventid.net/display.asp?eventid=53258eventno=4493source=MS DTCp hase=1 Try that event code. Susan Bradley wrote: I'm SBS sir. We're used to this. Honestly it's not 'that' long for us... my box shuts down in a reasonable time fram. Actually it's +3 not +1 gig...but we don't need the /3 gig switch settings either we max at 4 gig and there are KBs that specifically state that the /3 is irrelevant to us... But back to youDo you have the exact error messages as I'm not finding 71/72 with MSDTC http://www.eventid.net/display.asp?eventid=72source= Jeroen Peters wrote: Yes, that's installed but that aren't the symptoms. I have only switches, no routers between the domains. The DC in the root domain is reachable by RDP. On Exchange on DC's, you really should avoid that. I've done it because of budget reasons, and I regret it very much. It is also inreversable, you can't demote a DC with exchange on it. Normal restarting is history to, you have to first shutdown exchange (scripted that) before you shutdown or restart, or you want to wait a really long time. When you add ram above 1GB, you have a problem too because DC's with +1GB ram need a different configuration then exchange servers with +1GB ram. In short, Exchange on DC's sucks. Regards, Jeroen -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley Sent: Saturday, October 22, 2005 9:59 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Can't access root domain And BTWI don't see a problem running Exchange on a DC ;-) You'll need this hotfix http://support.microsoft.com/?kbid=898060 anyway before applying Exchange 2003 sp2. Jeroen Peters wrote: Hi, I'm having the following issues: When I try to open a share on our root domain from the child domain I get prompted for an username and password, but I'm not allowed to open it although I log on with the root domain admin. The root domain DC also runs Exchange (I know, bad) and I'm no longer capable of editing exchange settings via active directory users and computers from the child domain. I'm however capable to access Exchange via the server manager from the child domain. When editing share permissions on a file server in the child domain I get prompted for the root domain admin, but access is denied. When I cancel the prompt I can edit the permissions as usual. The root domain admin can no longer log on to servers in the child domain via remote desktop connection. From the root domain I can browse the child domain normally. Access to Exchange from the child domain (Outlook) works ok, as does OWA. This behavior started when one of the two DC's in the child domain was updated to SP1. All servers run Server 2003. The updated server also gives MS DTC errors (event id 72 and 71, MS DTC could not correctly process a DC Promotion/Demotion event). When access is denied, no security events are logged. Any clues? Thanks, Jeroen Peters List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive:
RE: [ActiveDir] Can't access root domain
Jeroen, Let me guess if you purposefully miss type your password you lock yourself out, or at least you see the bad password attempts. Try using the IP address (i.e. \\10.11.12.13\sharename) to connect to the share does that work? Using the IP rather than name forces the connection to NTLM authentication. If that works then run KertTray from the resource kit. I'm guessing you have a Kerberos issue. You'll know you do if you don't have a CIFS ticket from root domain in the list. Mike -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeroen Peters Sent: Saturday, October 22, 2005 5:59 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Can't access root domain The message is the same as when loging on with a wrong username/password. The result is also the same, no acccess to the share. And I'm really sure that I type the correct username/password :-) The message in Active directory users and computers when editing exchange settings states that it cannot find the exchange server. (DNS is ok, clients have no problem finding the Exchange server). Regards, Jeroen -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley Sent: Saturday, October 22, 2005 11:51 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Can't access root domain When access is denied... what's the message you get? Jeroen Peters wrote: The MS DTC errors are now gone (reset the log and restarted service), thanks! Rest of the issues remain. Regards, Jeroen -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley Sent: Saturday, October 22, 2005 11:12 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Can't access root domain http://www.eventid.net/display.asp?eventid=53258eventno=4493source=MS DTCp hase=1 Try that event code. Susan Bradley wrote: I'm SBS sir. We're used to this. Honestly it's not 'that' long for us... my box shuts down in a reasonable time fram. Actually it's +3 not +1 gig...but we don't need the /3 gig switch settings either we max at 4 gig and there are KBs that specifically state that the /3 is irrelevant to us... But back to youDo you have the exact error messages as I'm not finding 71/72 with MSDTC http://www.eventid.net/display.asp?eventid=72source= Jeroen Peters wrote: Yes, that's installed but that aren't the symptoms. I have only switches, no routers between the domains. The DC in the root domain is reachable by RDP. On Exchange on DC's, you really should avoid that. I've done it because of budget reasons, and I regret it very much. It is also inreversable, you can't demote a DC with exchange on it. Normal restarting is history to, you have to first shutdown exchange (scripted that) before you shutdown or restart, or you want to wait a really long time. When you add ram above 1GB, you have a problem too because DC's with +1GB ram need a different configuration then exchange servers with +1GB ram. In short, Exchange on DC's sucks. Regards, Jeroen -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley Sent: Saturday, October 22, 2005 9:59 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Can't access root domain And BTWI don't see a problem running Exchange on a DC ;-) You'll need this hotfix http://support.microsoft.com/?kbid=898060 anyway before applying Exchange 2003 sp2. Jeroen Peters wrote: Hi, I'm having the following issues: When I try to open a share on our root domain from the child domain I get prompted for an username and password, but I'm not allowed to open it although I log on with the root domain admin. The root domain DC also runs Exchange (I know, bad) and I'm no longer capable of editing exchange settings via active directory users and computers from the child domain. I'm however capable to access Exchange via the server manager from the child domain. When editing share permissions on a file server in the child domain I get prompted for the root domain admin, but access is denied. When I cancel the prompt I can edit the permissions as usual. The root domain admin can no longer log on to servers in the child domain via remote desktop connection. From the root domain I can browse the child domain normally. Access to Exchange from the child domain (Outlook) works ok, as does OWA. This behavior started when one of the two DC's in the child domain was updated to SP1. All servers run Server 2003. The updated server also gives MS DTC errors (event id 72 and 71, MS DTC could not correctly process a DC Promotion/Demotion event). When access is denied, no security events are logged. Any clues? Thanks, Jeroen Peters List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive:
RE: [ActiveDir] Can't access root domain
Hi, No errors/audit failures are logged. I only get 'logon was unsuccesfull' at the connecting machine (not in the event log, but as a pop up in the login window). All DC's (child and root) are working fine exept for this problem. Netdiag, Dcdiag and netlogon.log give no errors. Client workstations have no problem whatsoever to access exchange via Outlook. Since this started with installing 2003 SP1 on one of the DC's, I'm thinking of uninstalling it. Thanks for the help, I'll update when I've removed SP1. Regards, Jeroen -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael A. Barker Sent: Sunday, October 23, 2005 1:00 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Can't access root domain Jeroen, Let me guess if you purposefully miss type your password you lock yourself out, or at least you see the bad password attempts. Try using the IP address (i.e. \\10.11.12.13\sharename) to connect to the share does that work? Using the IP rather than name forces the connection to NTLM authentication. If that works then run KertTray from the resource kit. I'm guessing you have a Kerberos issue. You'll know you do if you don't have a CIFS ticket from root domain in the list. Mike -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeroen Peters Sent: Saturday, October 22, 2005 5:59 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Can't access root domain The message is the same as when loging on with a wrong username/password. The result is also the same, no acccess to the share. And I'm really sure that I type the correct username/password :-) The message in Active directory users and computers when editing exchange settings states that it cannot find the exchange server. (DNS is ok, clients have no problem finding the Exchange server). Regards, Jeroen -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley Sent: Saturday, October 22, 2005 11:51 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Can't access root domain When access is denied... what's the message you get? Jeroen Peters wrote: The MS DTC errors are now gone (reset the log and restarted service), thanks! Rest of the issues remain. Regards, Jeroen -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley Sent: Saturday, October 22, 2005 11:12 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Can't access root domain http://www.eventid.net/display.asp?eventid=53258eventno=4493source=MS DTCp hase=1 Try that event code. Susan Bradley wrote: I'm SBS sir. We're used to this. Honestly it's not 'that' long for us... my box shuts down in a reasonable time fram. Actually it's +3 not +1 gig...but we don't need the /3 gig switch settings either we max at 4 gig and there are KBs that specifically state that the /3 is irrelevant to us... But back to youDo you have the exact error messages as I'm not finding 71/72 with MSDTC http://www.eventid.net/display.asp?eventid=72source= Jeroen Peters wrote: Yes, that's installed but that aren't the symptoms. I have only switches, no routers between the domains. The DC in the root domain is reachable by RDP. On Exchange on DC's, you really should avoid that. I've done it because of budget reasons, and I regret it very much. It is also inreversable, you can't demote a DC with exchange on it. Normal restarting is history to, you have to first shutdown exchange (scripted that) before you shutdown or restart, or you want to wait a really long time. When you add ram above 1GB, you have a problem too because DC's with +1GB ram need a different configuration then exchange servers with +1GB ram. In short, Exchange on DC's sucks. Regards, Jeroen -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley Sent: Saturday, October 22, 2005 9:59 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Can't access root domain And BTWI don't see a problem running Exchange on a DC ;-) You'll need this hotfix http://support.microsoft.com/?kbid=898060 anyway before applying Exchange 2003 sp2. Jeroen Peters wrote: Hi, I'm having the following issues: When I try to open a share on our root domain from the child domain I get prompted for an username and password, but I'm not allowed to open it although I log on with the root domain admin. The root domain DC also runs Exchange (I know, bad) and I'm no longer capable of editing exchange settings via active directory users and computers from the child domain. I'm however capable to access Exchange via the server manager from the child domain. When editing share permissions on a file server in the child domain I get prompted for the root domain admin, but access is denied. When I cancel the prompt I can edit the permissions as
RE: [ActiveDir] Can't access root domain
O, and when trying to connect with ip address, I get the same error. The connecting machine has a CIFS ticket from the root domain. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael A. Barker Sent: Sunday, October 23, 2005 1:00 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Can't access root domain Jeroen, Let me guess if you purposefully miss type your password you lock yourself out, or at least you see the bad password attempts. Try using the IP address (i.e. \\10.11.12.13\sharename) to connect to the share does that work? Using the IP rather than name forces the connection to NTLM authentication. If that works then run KertTray from the resource kit. I'm guessing you have a Kerberos issue. You'll know you do if you don't have a CIFS ticket from root domain in the list. Mike -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeroen Peters Sent: Saturday, October 22, 2005 5:59 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Can't access root domain The message is the same as when loging on with a wrong username/password. The result is also the same, no acccess to the share. And I'm really sure that I type the correct username/password :-) The message in Active directory users and computers when editing exchange settings states that it cannot find the exchange server. (DNS is ok, clients have no problem finding the Exchange server). Regards, Jeroen -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley Sent: Saturday, October 22, 2005 11:51 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Can't access root domain When access is denied... what's the message you get? Jeroen Peters wrote: The MS DTC errors are now gone (reset the log and restarted service), thanks! Rest of the issues remain. Regards, Jeroen -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley Sent: Saturday, October 22, 2005 11:12 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Can't access root domain http://www.eventid.net/display.asp?eventid=53258eventno=4493source=MS DTCp hase=1 Try that event code. Susan Bradley wrote: I'm SBS sir. We're used to this. Honestly it's not 'that' long for us... my box shuts down in a reasonable time fram. Actually it's +3 not +1 gig...but we don't need the /3 gig switch settings either we max at 4 gig and there are KBs that specifically state that the /3 is irrelevant to us... But back to youDo you have the exact error messages as I'm not finding 71/72 with MSDTC http://www.eventid.net/display.asp?eventid=72source= Jeroen Peters wrote: Yes, that's installed but that aren't the symptoms. I have only switches, no routers between the domains. The DC in the root domain is reachable by RDP. On Exchange on DC's, you really should avoid that. I've done it because of budget reasons, and I regret it very much. It is also inreversable, you can't demote a DC with exchange on it. Normal restarting is history to, you have to first shutdown exchange (scripted that) before you shutdown or restart, or you want to wait a really long time. When you add ram above 1GB, you have a problem too because DC's with +1GB ram need a different configuration then exchange servers with +1GB ram. In short, Exchange on DC's sucks. Regards, Jeroen -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley Sent: Saturday, October 22, 2005 9:59 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Can't access root domain And BTWI don't see a problem running Exchange on a DC ;-) You'll need this hotfix http://support.microsoft.com/?kbid=898060 anyway before applying Exchange 2003 sp2. Jeroen Peters wrote: Hi, I'm having the following issues: When I try to open a share on our root domain from the child domain I get prompted for an username and password, but I'm not allowed to open it although I log on with the root domain admin. The root domain DC also runs Exchange (I know, bad) and I'm no longer capable of editing exchange settings via active directory users and computers from the child domain. I'm however capable to access Exchange via the server manager from the child domain. When editing share permissions on a file server in the child domain I get prompted for the root domain admin, but access is denied. When I cancel the prompt I can edit the permissions as usual. The root domain admin can no longer log on to servers in the child domain via remote desktop connection. From the root domain I can browse the child domain normally. Access to Exchange from the child domain (Outlook) works ok, as does OWA. This behavior started when one of the two DC's in the child domain was updated to SP1. All servers run Server 2003. The updated server also gives MS DTC
Re: [ActiveDir] Can't access root domain
Uh uhhhplease no.. leave SP1 on Remember any issues with a Service pack are a free call. I just installed Exchange 2003 sp2 on a box at home.. had a error message... a Dr. Watson even and I'm keeping it on and working through the issues. Keep it on. Call Microsoft support. Jeroen Peters wrote: Hi, No errors/audit failures are logged. I only get 'logon was unsuccesfull' at the connecting machine (not in the event log, but as a pop up in the login window). All DC's (child and root) are working fine exept for this problem. Netdiag, Dcdiag and netlogon.log give no errors. Client workstations have no problem whatsoever to access exchange via Outlook. Since this started with installing 2003 SP1 on one of the DC's, I'm thinking of uninstalling it. Thanks for the help, I'll update when I've removed SP1. Regards, Jeroen -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael A. Barker Sent: Sunday, October 23, 2005 1:00 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Can't access root domain Jeroen, Let me guess if you purposefully miss type your password you lock yourself out, or at least you see the bad password attempts. Try using the IP address (i.e. \\10.11.12.13\sharename) to connect to the share does that work? Using the IP rather than name forces the connection to NTLM authentication. If that works then run KertTray from the resource kit. I'm guessing you have a Kerberos issue. You'll know you do if you don't have a CIFS ticket from root domain in the list. Mike -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeroen Peters Sent: Saturday, October 22, 2005 5:59 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Can't access root domain The message is the same as when loging on with a wrong username/password. The result is also the same, no acccess to the share. And I'm really sure that I type the correct username/password :-) The message in Active directory users and computers when editing exchange settings states that it cannot find the exchange server. (DNS is ok, clients have no problem finding the Exchange server). Regards, Jeroen -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley Sent: Saturday, October 22, 2005 11:51 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Can't access root domain When access is denied... what's the message you get? Jeroen Peters wrote: The MS DTC errors are now gone (reset the log and restarted service), thanks! Rest of the issues remain. Regards, Jeroen -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley Sent: Saturday, October 22, 2005 11:12 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Can't access root domain http://www.eventid.net/display.asp?eventid=53258eventno=4493source=MS DTCp hase=1 Try that event code. Susan Bradley wrote: I'm SBS sir. We're used to this. Honestly it's not 'that' long for us... my box shuts down in a reasonable time fram. Actually it's +3 not +1 gig...but we don't need the /3 gig switch settings either we max at 4 gig and there are KBs that specifically state that the /3 is irrelevant to us... But back to youDo you have the exact error messages as I'm not finding 71/72 with MSDTC http://www.eventid.net/display.asp?eventid=72source= Jeroen Peters wrote: Yes, that's installed but that aren't the symptoms. I have only switches, no routers between the domains. The DC in the root domain is reachable by RDP. On Exchange on DC's, you really should avoid that. I've done it because of budget reasons, and I regret it very much. It is also inreversable, you can't demote a DC with exchange on it. Normal restarting is history to, you have to first shutdown exchange (scripted that) before you shutdown or restart, or you want to wait a really long time. When you add ram above 1GB, you have a problem too because DC's with +1GB ram need a different configuration then exchange servers with +1GB ram. In short, Exchange on DC's sucks. Regards, Jeroen -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley Sent: Saturday, October 22, 2005 9:59 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Can't access root domain And BTWI don't see a problem running Exchange on a DC ;-) You'll need this hotfix http://support.microsoft.com/?kbid=898060 anyway before applying Exchange 2003 sp2. Jeroen Peters wrote: Hi, I'm having the following issues: When I try to open a share on our root domain from the child domain I get prompted for an username and password, but I'm not allowed to open it although I log on with the root domain admin. The root domain DC also runs Exchange (I know, bad) and I'm no longer capable of
Re: [ActiveDir] Can't access root domain
Professional Support Options and Phone Numbers: http://support.microsoft.com/default.aspx?scid=fh;EN-US;OfferProPhone Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote: Uh uhhhplease no.. leave SP1 on Remember any issues with a Service pack are a free call. I just installed Exchange 2003 sp2 on a box at home.. had a error message... a Dr. Watson even and I'm keeping it on and working through the issues. Keep it on. Call Microsoft support. Jeroen Peters wrote: Hi, No errors/audit failures are logged. I only get 'logon was unsuccesfull' at the connecting machine (not in the event log, but as a pop up in the login window). All DC's (child and root) are working fine exept for this problem. Netdiag, Dcdiag and netlogon.log give no errors. Client workstations have no problem whatsoever to access exchange via Outlook. Since this started with installing 2003 SP1 on one of the DC's, I'm thinking of uninstalling it. Thanks for the help, I'll update when I've removed SP1. Regards, Jeroen -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael A. Barker Sent: Sunday, October 23, 2005 1:00 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Can't access root domain Jeroen, Let me guess if you purposefully miss type your password you lock yourself out, or at least you see the bad password attempts. Try using the IP address (i.e. \\10.11.12.13\sharename) to connect to the share does that work? Using the IP rather than name forces the connection to NTLM authentication. If that works then run KertTray from the resource kit. I'm guessing you have a Kerberos issue. You'll know you do if you don't have a CIFS ticket from root domain in the list. Mike -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeroen Peters Sent: Saturday, October 22, 2005 5:59 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Can't access root domain The message is the same as when loging on with a wrong username/password. The result is also the same, no acccess to the share. And I'm really sure that I type the correct username/password :-) The message in Active directory users and computers when editing exchange settings states that it cannot find the exchange server. (DNS is ok, clients have no problem finding the Exchange server). Regards, Jeroen -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley Sent: Saturday, October 22, 2005 11:51 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Can't access root domain When access is denied... what's the message you get? Jeroen Peters wrote: The MS DTC errors are now gone (reset the log and restarted service), thanks! Rest of the issues remain. Regards, Jeroen -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley Sent: Saturday, October 22, 2005 11:12 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Can't access root domain http://www.eventid.net/display.asp?eventid=53258eventno=4493source=MS DTCp hase=1 Try that event code. Susan Bradley wrote: I'm SBS sir. We're used to this. Honestly it's not 'that' long for us... my box shuts down in a reasonable time fram. Actually it's +3 not +1 gig...but we don't need the /3 gig switch settings either we max at 4 gig and there are KBs that specifically state that the /3 is irrelevant to us... But back to youDo you have the exact error messages as I'm not finding 71/72 with MSDTC http://www.eventid.net/display.asp?eventid=72source= Jeroen Peters wrote: Yes, that's installed but that aren't the symptoms. I have only switches, no routers between the domains. The DC in the root domain is reachable by RDP. On Exchange on DC's, you really should avoid that. I've done it because of budget reasons, and I regret it very much. It is also inreversable, you can't demote a DC with exchange on it. Normal restarting is history to, you have to first shutdown exchange (scripted that) before you shutdown or restart, or you want to wait a really long time. When you add ram above 1GB, you have a problem too because DC's with +1GB ram need a different configuration then exchange servers with +1GB ram. In short, Exchange on DC's sucks. Regards, Jeroen -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley Sent: Saturday, October 22, 2005 9:59 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Can't access root domain And BTWI don't see a problem running Exchange on a DC ;-) You'll need this hotfix http://support.microsoft.com/?kbid=898060 anyway before applying Exchange 2003 sp2. Jeroen Peters wrote: Hi, I'm having the following issues: When I try to open a share on our root domain from the child domain I get prompted for an username
RE: [ActiveDir] Can't access root domain
Did you happen to check out the readme and the overview documents for SP1? There were a lot of security changes that may be a problem in your environment. A lot. Prior to unloading SP1, you should follow Aric's advice and check into the problem. -ajm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeroen Peters Sent: Saturday, October 22, 2005 7:38 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Can't access root domain Hi, No errors/audit failures are logged. I only get 'logon was unsuccesfull' at the connecting machine (not in the event log, but as a pop up in the login window). All DC's (child and root) are working fine exept for this problem. Netdiag, Dcdiag and netlogon.log give no errors. Client workstations have no problem whatsoever to access exchange via Outlook. Since this started with installing 2003 SP1 on one of the DC's, I'm thinking of uninstalling it. Thanks for the help, I'll update when I've removed SP1. Regards, Jeroen -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael A. Barker Sent: Sunday, October 23, 2005 1:00 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Can't access root domain Jeroen, Let me guess if you purposefully miss type your password you lock yourself out, or at least you see the bad password attempts. Try using the IP address (i.e. \\10.11.12.13\sharename) to connect to the share does that work? Using the IP rather than name forces the connection to NTLM authentication. If that works then run KertTray from the resource kit. I'm guessing you have a Kerberos issue. You'll know you do if you don't have a CIFS ticket from root domain in the list. Mike -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeroen Peters Sent: Saturday, October 22, 2005 5:59 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Can't access root domain The message is the same as when loging on with a wrong username/password. The result is also the same, no acccess to the share. And I'm really sure that I type the correct username/password :-) The message in Active directory users and computers when editing exchange settings states that it cannot find the exchange server. (DNS is ok, clients have no problem finding the Exchange server). Regards, Jeroen -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley Sent: Saturday, October 22, 2005 11:51 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Can't access root domain When access is denied... what's the message you get? Jeroen Peters wrote: The MS DTC errors are now gone (reset the log and restarted service), thanks! Rest of the issues remain. Regards, Jeroen -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley Sent: Saturday, October 22, 2005 11:12 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Can't access root domain http://www.eventid.net/display.asp?eventid=53258eventno=4493source=MS DTCp hase=1 Try that event code. Susan Bradley wrote: I'm SBS sir. We're used to this. Honestly it's not 'that' long for us... my box shuts down in a reasonable time fram. Actually it's +3 not +1 gig...but we don't need the /3 gig switch settings either we max at 4 gig and there are KBs that specifically state that the /3 is irrelevant to us... But back to youDo you have the exact error messages as I'm not finding 71/72 with MSDTC http://www.eventid.net/display.asp?eventid=72source= Jeroen Peters wrote: Yes, that's installed but that aren't the symptoms. I have only switches, no routers between the domains. The DC in the root domain is reachable by RDP. On Exchange on DC's, you really should avoid that. I've done it because of budget reasons, and I regret it very much. It is also inreversable, you can't demote a DC with exchange on it. Normal restarting is history to, you have to first shutdown exchange (scripted that) before you shutdown or restart, or you want to wait a really long time. When you add ram above 1GB, you have a problem too because DC's with +1GB ram need a different configuration then exchange servers with +1GB ram. In short, Exchange on DC's sucks. Regards, Jeroen -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley Sent: Saturday, October 22, 2005 9:59 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Can't access root domain And BTWI don't see a problem running Exchange on a DC ;-) You'll need this hotfix http://support.microsoft.com/?kbid=898060 anyway before applying Exchange 2003 sp2. Jeroen Peters wrote: Hi, I'm having the following issues: When I try to open a share on our root domain from the child domain I get prompted for an username and password, but I'm not allowed to open it although I log on
RE: [ActiveDir] Can't access root domain
Time is synchronized between the servers, and the root enterprise admin is part of the administrators group in the child domain. The root domain has no problems accessing the child domain. I've read the problems with sp1, and my problem looks like it but the weird thing is that it isn't applied on the root DC, only on one of the child DC's. On Monday, I''l check with support. Regards, Jeroen -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick Sent: Sunday, October 23, 2005 1:54 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Can't access root domain Did you happen to check out the readme and the overview documents for SP1? There were a lot of security changes that may be a problem in your environment. A lot. Prior to unloading SP1, you should follow Aric's advice and check into the problem. -ajm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeroen Peters Sent: Saturday, October 22, 2005 7:38 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Can't access root domain Hi, No errors/audit failures are logged. I only get 'logon was unsuccesfull' at the connecting machine (not in the event log, but as a pop up in the login window). All DC's (child and root) are working fine exept for this problem. Netdiag, Dcdiag and netlogon.log give no errors. Client workstations have no problem whatsoever to access exchange via Outlook. Since this started with installing 2003 SP1 on one of the DC's, I'm thinking of uninstalling it. Thanks for the help, I'll update when I've removed SP1. Regards, Jeroen -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael A. Barker Sent: Sunday, October 23, 2005 1:00 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Can't access root domain Jeroen, Let me guess if you purposefully miss type your password you lock yourself out, or at least you see the bad password attempts. Try using the IP address (i.e. \\10.11.12.13\sharename) to connect to the share does that work? Using the IP rather than name forces the connection to NTLM authentication. If that works then run KertTray from the resource kit. I'm guessing you have a Kerberos issue. You'll know you do if you don't have a CIFS ticket from root domain in the list. Mike -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeroen Peters Sent: Saturday, October 22, 2005 5:59 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Can't access root domain The message is the same as when loging on with a wrong username/password. The result is also the same, no acccess to the share. And I'm really sure that I type the correct username/password :-) The message in Active directory users and computers when editing exchange settings states that it cannot find the exchange server. (DNS is ok, clients have no problem finding the Exchange server). Regards, Jeroen -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley Sent: Saturday, October 22, 2005 11:51 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Can't access root domain When access is denied... what's the message you get? Jeroen Peters wrote: The MS DTC errors are now gone (reset the log and restarted service), thanks! Rest of the issues remain. Regards, Jeroen -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley Sent: Saturday, October 22, 2005 11:12 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Can't access root domain http://www.eventid.net/display.asp?eventid=53258eventno=4493source=MS DTCp hase=1 Try that event code. Susan Bradley wrote: I'm SBS sir. We're used to this. Honestly it's not 'that' long for us... my box shuts down in a reasonable time fram. Actually it's +3 not +1 gig...but we don't need the /3 gig switch settings either we max at 4 gig and there are KBs that specifically state that the /3 is irrelevant to us... But back to youDo you have the exact error messages as I'm not finding 71/72 with MSDTC http://www.eventid.net/display.asp?eventid=72source= Jeroen Peters wrote: Yes, that's installed but that aren't the symptoms. I have only switches, no routers between the domains. The DC in the root domain is reachable by RDP. On Exchange on DC's, you really should avoid that. I've done it because of budget reasons, and I regret it very much. It is also inreversable, you can't demote a DC with exchange on it. Normal restarting is history to, you have to first shutdown exchange (scripted that) before you shutdown or restart, or you want to wait a really long time. When you add ram above 1GB, you have a problem too because DC's with +1GB ram need a different configuration then exchange servers with +1GB ram. In short, Exchange on DC's sucks. Regards, Jeroen