Re: Logon Locally problem.
From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 06/29/05
- Next message: Roger Abell: "Windows 2000 Update Rollup 1 for SP 4 systems"
- Previous message: Selmer80: "Logon Locally problem."
- In reply to: Selmer80: "Logon Locally problem."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 28 Jun 2005 18:29:44 -0500
Yes there is a requirement for certain ports and ICMP ping to be available
between domain controllers and domain computers. Also running the support
tools netdiag and gpresult can give you information on whether or not
problems exist or not. Also make sure that your dns is configured correctly
in that a domain computer must point only to a domain controller running dns
that can resolve dns queries for your domain. Pinging your dns server by
name and IP address should work and nslookup command should be able to
resolve domain names including your domain controller and domain name. The
link below will show what ports must be available and dynamic RPC is a
special challenge. --- Steve
http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B179442
http://support.microsoft.com/kb/154596/
"Selmer80" <selmer80@yahoo.com> wrote in message
news:1120000688.766530.181670@g47g2000cwa.googlegroups.com...
> Since this mixes security and networking, I am posting this in both
> groups.
>
> I am running under a Windows 2000 domain. I have a domain group that
> is setup to logon locally to each Non-DC server. Everything was setup
> and working.
>
> To enhance the security of our network, our web servers were moved to a
> different VLAN and most ports were blocked between the VLANs.
> Everything continued to work.
>
> Recently, I had to rebuild one of our web servers. I was able to setup
> everything except the logon locally piece. In the Local Security
> Policy, I try to add my Domain Group, but the "effective check" never
> appears. Local is checked, but effective is not. All other aspects of
> the Local Security Policy on this server look the same as the other web
> server in the VLAN. The other server still works and all the users can
> log into it.
>
> My first question is this: Do I need to have certain ports open
> between a server and the domain controller in order to make the rule
> effective? I do not have any trouble bringing up the domain in any of
> the drop-down lists. I can select my domain group. It appears to add
> properly, but it never becomes active. I have tried to create a local
> group, and I have tried to add individual users (local and domain).
> None of them will become effective. I have tried to add additional
> users and groups to the other server and I have the same problem. This
> is what leads me to believe it is a networking issue and not a server
> issue. The server that I have not modified is showing the same
> problems.
>
> Is there something else I could be missing?
>
> Any help you can provide will be much appreciated.
> Thanks,
> Selmer80
>
- Next message: Roger Abell: "Windows 2000 Update Rollup 1 for SP 4 systems"
- Previous message: Selmer80: "Logon Locally problem."
- In reply to: Selmer80: "Logon Locally problem."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
