Re: Forced client disconnect problem.
- From: "Gerry Armstrong" <gerrya@xxxxxxxxxxx>
- Date: Tue, 6 Dec 2005 14:11:09 -0400
Steven,
Thanks for this info, it is very interesting as I have an ISP DNS configured
as the secondary DNS controller so maybe that is causing my problems?
"Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxx> wrote in message
news:%23s4PLgo%23FHA.3388@xxxxxxxxxxxxxxxxxxxxxxx
> The time service should definitely be running on all computers in a domain
> though that may not be the problem. By default kerberos only allows for a
> 5 minute time skew to prevent replay attacks. Domain computers will synch
> their time with the pdc fsmo domain controller. Since the users can not
> save a file to a network server the problem could also be network related
> or name resolution related. I would also run the support tool netdiag on
> the domain controller, the file server, and a couple domain workstations
> looking for problems for dns, dc discovery, and trust/secure channel. If
> netdiag shows ipsec is configured on nay computer that can also cause
> problems if it is not configured correctly as domain controllers need to
> be exempt for ipsec for any protocol used for authentication between it
> and domain clients.
>
> Often DNS misconfiguration is the root of many connectivity problems. See
> the link below on AD DNS FAQ to see how DNS MUST be configured for an AD
> domain. The short of it is that domain controllers need to point to
> themselves and/or other domain controllers only as their preferred DNS
> server and the pdc FSMO usually points only to itself. Then the domain
> computers point only to domain controllers as their DNS preferred server.
> Often you will see that if any ISP DNS servers are listed as a preferred
> DNS server for any domain computer many problems will occur. --- Steve
>
> http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B291382
>
> "Gerry Armstrong" <gerrya@xxxxxxxxxxx> wrote in message
> news:11pavklk9agtu8e@xxxxxxxxxxxxxxxxxxxxx
>> Steve,
>>
>> I have not been on site as yet to see this problem for myself but what is
>> reported is that the users are logged in and then try to save a file or
>> some similar process and are told that the drive is not available or a
>> similar error relating to not being able to access the fileserver. I have
>> not checked the logs on a client but the logs on the servers do not
>> indicate any errors as all which is what is confusing me.
>>
>> I noticed when running secpol.msc that the option "Microsoft network
>> server: Disconnect clients when logon hours expire" was "enabled" so I
>> have now disabled that. The force logoff when logon hours expire is
>> diabled and I have the users logon hours set to be any time.
>>
>> I ran the dcdiag and found that the Time Service gave me some errors and
>> noticed that the service was turned off on the SBS2003 server. Should
>> both Domain servers have this service enabled? Will this cause the
>> problem that I am having? I am also applying the latest service packs to
>> the SBS2003 server as I write this, no errors so far.
>>
>>
>>
>> "Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxx> wrote in message
>> news:OocRt7g%23FHA.740@xxxxxxxxxxxxxxxxxxxxxxx
>>> What are they being disconnected from and what error or warning message
>>> do they get or what happens?? Look in the logs via Event Viewer of the
>>> domain controller, the domain client, and any server they are being
>>> disconnected from to see if any pertinent logon failure or other events
>>> are being recorded. Make sure that auditing of logon events for success
>>> and failure is enabled in Domain Security Policy. By default Windows
>>> 2003 servers should have this enabled. Though it should not matter
>>> [since accounts are not restricted] check the Local Security Policy
>>> [secpol.msc] to make sure that Network Security: Force logoff when logon
>>> hours expire is shown as disabled. Also when this happens see if the
>>> client computers can ping the servers by name and IP address to see if
>>> basic network security exists or not and check the servers to make sure
>>> that the server service is started and run the support tool netdiag on
>>> them to see if any problems are found that may be related. It would
>>> also be a good idea to run dcdiag and gpotool on your domain controllers
>>> to check for their domain configuration health. The support tools are on
>>> the install disk in the support/tools folder where you have to run the
>>> setup program. --- Steve
>>>
>>>
>>> "Gerry Armstrong" <gerrya@xxxxxxxxxxx> wrote in message
>>> news:11p8tl7qtt6ni9c@xxxxxxxxxxxxxxxxxxxxx
>>>>I have a problem with my clients being disconnected form the network at
>>>>the same time every day that is driving me around the bend. I have set
>>>>the Network Security: Force logoff when logon hours expire policy to
>>>>Disable but it is still happening. I have also checked that the Logon
>>>>Hours for the users has no time restrictions at all so they should have
>>>>access to the network at any time of day. The domain consist of a
>>>>SBS2003 server and a 2003 Standard server both Domain controllers and 25
>>>>Windows 2000/XP Pro clients. Currently the SBS2003 server is only
>>>>providing Exchange services and is not being used as a file server, the
>>>>2003 Standard server is providing fileservices only.
>>>>
>>>> Is there something I am missing here? Any suggestions as to what I
>>>> should look for?
>>>>
>>>> Thanks for any input guys.
>>>>
>>>
>>>
>>
>>
>
>
.
- Follow-Ups:
- Re: Forced client disconnect problem.
- From: Steven L Umbach
- Re: Forced client disconnect problem.
- References:
- Forced client disconnect problem.
- From: Gerry Armstrong
- Re: Forced client disconnect problem.
- From: Steven L Umbach
- Re: Forced client disconnect problem.
- From: Gerry Armstrong
- Re: Forced client disconnect problem.
- From: Steven L Umbach
- Forced client disconnect problem.
- Prev by Date: Re: Forced client disconnect problem.
- Next by Date: Re: Forced client disconnect problem.
- Previous by thread: Re: Forced client disconnect problem.
- Next by thread: Re: Forced client disconnect problem.
- Index(es):
Relevant Pages
|
