We recently had a rather unusual problem. All users at one of clients could not access any of the shared drives, though could a few days before hand. There was nothing wrong in windows file sharing on any of the PC's.
The specific errors were:
Trying to access \\192.168.1.2 we got "Network path not found"
We then tried to ping -a 192.168.1.2 and it resolves to server name.
So we tried accessing \\domain.local and got "\\domain.local is inaccessible. You might not have permissions to use this network resource"
We then recreated all default group policies, changed SBS login scripts, reset all share permissions
This did nothing so here is what are the next steps we tried to do to get to the root of this evilness.
Disabled Offloading from NIC and from registry.
Created registry key maxpoolusage at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management with value 60.Uninstalled IE8. Put the system in clean boot and rebooted the server.
netdiag and dcdiag showed the following errors :
Failed to enumerate DCs by using the browser. [ERROR_NETNAME_DELETED] (Netdiag)
An net use or LsaPolicy operation failed with error 64, Win32 Error 64 (Dcdiag)
So we Followed kb 887303 and set:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters requiresecuritysignature=0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\parameters requiresecuritysignature=0
We then tried to stop netlogon renamed netlogon.dns and netlogon.dnb. We checked DNS and deleted the GUID of A records.
Ran netdiag/fix.
Ensured all the services DFS TCP/IP Netbios Helper Netlogon server Workstation are running.
Performed ipconfig/flushdns and ipconfig/registerdns.
We then checked and GUID were back in DNS console.
We the tried to open \\domain.local and got "\\domain.local is inaccessible.You might not have permissions to use this network resource".
So we followed kb 946937.
Next we uninstalled kb 951748.
This didn't work so it was back to the google trawl.
Next we followed http://blogs.technet.com/sbs/archive/2008/07/17/some-services-may-fail-to-start-or-may-not-work-properly-after-installing-ms08-037-951746-and-951748.aspx
and created reserved ports value as mentioned in the article at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ReservedPorts
then rebooted the server and tried to access \\domain.local and got "\\domain.local is inaccessible.You might not have permissions to use this network resource".
This was now becoming iritating and so it was back to the drawing board.
So we checked the permissions on NTFS on c: and sysvol structure.
Ran the command secedit /configure /cfg %windir%\repair\secsetup.inf /db secsetup.sdb /verbose and this was stucked on 4% while we waited for one and half hour. Finally terminated it.
Ran dcgpofix which failed with error "unable to read EFS certificate from registry.pol file of Default domain policy configuration information could not be read from the domain controller either because machine is unavailable or access has been denied"
Another dead end. Running out ideas we descided to uninstall NOD32 and remote backup application failed to uninstall. Rebooted the server.
Tried to access \\domain.local and we were able to browse it.
Tested from client machines and that worked as well.
And there we go NOD was to blame, the latest update kicked all the group policies out.
Again I hope this helps someone out there.
IT Support
Tuesday, 13 October 2009
Friday, 2 October 2009
IT Support SBS 2003 to 2008 Migration Fiasco
We recently did a migration of Small Business Server (SBS) 2003 to 2008 and Exchange 2003 to 2007 and encountered a rare error. There were no posts anywhere on this problem so I've decided that I shall enlighten anyone else who encounters this.
We ended up spending over a week trying to fix this and ended up having to get Microsoft envolved, at a cost of £200. The problem was that Outlook clients were unable to connect to their mailboxes and recieved the following error "Unable to open your default e-mail folders. You must connect to your Microsoft Exchange Server computer with the current profile before you can synchronize your folders with your offline folder file". What really through us off and even Microsoft is that users could access thier mail via Outlook Web Access (OWA).
It turns out that this was due to a setup failure for the Mailbox Server Role. This failure was due to invalid smtp address format for several mail-enabled public folder objects. Example:
OfflineAddressBook-/o=FirstOrganization/cn=addrlists/cn=name@domain.local
where "OfflineAddressBook-/o=FirstOrganization/cn=addrlists/cn=name" is an invalid alias format.
To fix this we did a full backup of the mailboxes and then mail-disabled each one of the public folders that had this problem. We then reran the installation of the mailbox server role.
I hope this helps someone out there.
IT Support
Blogs Directory
We ended up spending over a week trying to fix this and ended up having to get Microsoft envolved, at a cost of £200. The problem was that Outlook clients were unable to connect to their mailboxes and recieved the following error "Unable to open your default e-mail folders. You must connect to your Microsoft Exchange Server computer with the current profile before you can synchronize your folders with your offline folder file". What really through us off and even Microsoft is that users could access thier mail via Outlook Web Access (OWA).
It turns out that this was due to a setup failure for the Mailbox Server Role. This failure was due to invalid smtp address format for several mail-enabled public folder objects. Example:
OfflineAddressBook-/o=FirstOrganization/cn=addrlists/cn=name@domain.local
where "OfflineAddressBook-/o=FirstOrganization/cn=addrlists/cn=name" is an invalid alias format.
To fix this we did a full backup of the mailboxes and then mail-disabled each one of the public folders that had this problem. We then reran the installation of the mailbox server role.
I hope this helps someone out there.
IT Support
Blogs Directory
Subscribe to:
Posts (Atom)