Re: Forced client disconnect problem.
- From: "Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxx>
- Date: Tue, 6 Dec 2005 11:11:11 -0600
The time service should definitely be running on all computers in a domain
though that may not be the problem. By default kerberos only allows for a 5
minute time skew to prevent replay attacks. Domain computers will synch
their time with the pdc fsmo domain controller. Since the users can not save
a file to a network server the problem could also be network related or name
resolution related. I would also run the support tool netdiag on the domain
controller, the file server, and a couple domain workstations looking for
problems for dns, dc discovery, and trust/secure channel. If netdiag shows
ipsec is configured on nay computer that can also cause problems if it is
not configured correctly as domain controllers need to be exempt for ipsec
for any protocol used for authentication between it and domain clients.
Often DNS misconfiguration is the root of many connectivity problems. See
the link below on AD DNS FAQ to see how DNS MUST be configured for an AD
domain. The short of it is that domain controllers need to point to
themselves and/or other domain controllers only as their preferred DNS
server and the pdc FSMO usually points only to itself. Then the domain
computers point only to domain controllers as their DNS preferred server.
Often you will see that if any ISP DNS servers are listed as a preferred DNS
server for any domain computer many problems will occur. --- Steve
http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B291382
"Gerry Armstrong" <gerrya@xxxxxxxxxxx> wrote in message
news:11pavklk9agtu8e@xxxxxxxxxxxxxxxxxxxxx
> Steve,
>
> I have not been on site as yet to see this problem for myself but what is
> reported is that the users are logged in and then try to save a file or
> some similar process and are told that the drive is not available or a
> similar error relating to not being able to access the fileserver. I have
> not checked the logs on a client but the logs on the servers do not
> indicate any errors as all which is what is confusing me.
>
> I noticed when running secpol.msc that the option "Microsoft network
> server: Disconnect clients when logon hours expire" was "enabled" so I
> have now disabled that. The force logoff when logon hours expire is
> diabled and I have the users logon hours set to be any time.
>
> I ran the dcdiag and found that the Time Service gave me some errors and
> noticed that the service was turned off on the SBS2003 server. Should both
> Domain servers have this service enabled? Will this cause the problem that
> I am having? I am also applying the latest service packs to the SBS2003
> server as I write this, no errors so far.
>
>
>
> "Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxx> wrote in message
> news:OocRt7g%23FHA.740@xxxxxxxxxxxxxxxxxxxxxxx
>> What are they being disconnected from and what error or warning message
>> do they get or what happens?? Look in the logs via Event Viewer of the
>> domain controller, the domain client, and any server they are being
>> disconnected from to see if any pertinent logon failure or other events
>> are being recorded. Make sure that auditing of logon events for success
>> and failure is enabled in Domain Security Policy. By default Windows 2003
>> servers should have this enabled. Though it should not matter [since
>> accounts are not restricted] check the Local Security Policy [secpol.msc]
>> to make sure that Network Security: Force logoff when logon hours expire
>> is shown as disabled. Also when this happens see if the client computers
>> can ping the servers by name and IP address to see if basic network
>> security exists or not and check the servers to make sure that the server
>> service is started and run the support tool netdiag on them to see if any
>> problems are found that may be related. It would also be a good idea to
>> run dcdiag and gpotool on your domain controllers to check for their
>> domain configuration health. The support tools are on the install disk in
>> the support/tools folder where you have to run the setup program. ---
>> Steve
>>
>>
>> "Gerry Armstrong" <gerrya@xxxxxxxxxxx> wrote in message
>> news:11p8tl7qtt6ni9c@xxxxxxxxxxxxxxxxxxxxx
>>>I have a problem with my clients being disconnected form the network at
>>>the same time every day that is driving me around the bend. I have set
>>>the Network Security: Force logoff when logon hours expire policy to
>>>Disable but it is still happening. I have also checked that the Logon
>>>Hours for the users has no time restrictions at all so they should have
>>>access to the network at any time of day. The domain consist of a SBS2003
>>>server and a 2003 Standard server both Domain controllers and 25 Windows
>>>2000/XP Pro clients. Currently the SBS2003 server is only providing
>>>Exchange services and is not being used as a file server, the 2003
>>>Standard server is providing fileservices only.
>>>
>>> Is there something I am missing here? Any suggestions as to what I
>>> should look for?
>>>
>>> Thanks for any input guys.
>>>
>>
>>
>
>
.
- Follow-Ups:
- Re: Forced client disconnect problem.
- From: Gerry Armstrong
- Re: Forced client disconnect problem.
- References:
- Forced client disconnect problem.
- From: Gerry Armstrong
- Re: Forced client disconnect problem.
- From: Steven L Umbach
- Re: Forced client disconnect problem.
- From: Gerry Armstrong
- Forced client disconnect problem.
- Prev by Date: Re: Server not asking for credentials
- Next by Date: Re: Forced client disconnect problem.
- Previous by thread: Re: Forced client disconnect problem.
- Next by thread: Re: Forced client disconnect problem.
- Index(es):
Relevant Pages
|
