Re: "broken"/missing ACL's?
From: Steven L Umbach (n9rou_at_n0-spam-for-me-comcast.net)
Date: 11/23/05
- Next message: Steven L Umbach: "Re: Admin right for station"
- Previous message: Steven L Umbach: "Re: Local Audit Policy - Administrator cannot change?"
- Next in thread: Steven L Umbach: "Re: "broken"/missing ACL's?"
- Reply: Steven L Umbach: "Re: "broken"/missing ACL's?"
- Maybe reply: Steven L Umbach: "Re: "broken"/missing ACL's?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 23 Nov 2005 14:11:58 -0600
I think you are right in that the computer is having problems contacting the
domain controller consistently. Look in the logs via Event Viewer to see if
anything helpful is recorded there. Since NT4.0 uses only netbios over
tcp/ip name resolution you need to make sure that wins is set up correctly
on the network, that the NT4.0 computer is a wins client, and the domain
controller is a wins client. You might be able to get by without using wins
but wins would be more reliable. Another possibility is to try lmhosts file
entries for the domain controller as shown in the link below. If problems
persist I would suspect a bad network adapter, flaky drivers for the network
adapter, bad CAT5 cable, or even a problem with the switch port. Nltest
/query can be used to check the secure channel to the domain
ontroller. --- Steve
http://support.microsoft.com/default.aspx?scid=kb;EN-US;180094 --- lmhosts
file
http://support.microsoft.com/default.aspx?scid=kb;EN-US;158148 --- nltest
"Maury Markowitz" <MauryMarkowitz@discussions.microsoft.com> wrote in
message news:FE1AE7C8-BA8C-4753-ABA9-9D7AF93144AD@microsoft.com...
>I have been tracking down a problem for a few days now, and I finally
> understand what's going on...
>
> On one machine in our office running NT4, any attempt to add ACLs for any
> reason fails. The user/group/etc. can be added as you would expect -- you
> select the user/group/etc from the "pick list" for the domain, and then
> click
> Add, at which point it appears in the ACL list. However when you
> immediately
> open the list again, that entry has been replaced with the "unknown user"
> icon and the ACL name itself is a long string of alphanums.
>
> I have seen this behaviour in the past when you delete a user, at which
> point the account goes "unknown". However the ones I am attempting to
> apply
> are valid, and in widespread use. The problem effects both file ACL's as
> well
> as DCOM settings, which is where I saw it the first time.
>
> It _seems_ like the machine is having problems talking to the domain
> controller. The reason I say this is that I notice if I open an ACL list
> on
> my machine, the list will show these same sort of unknown icons for a
> second
> or two before being replaced by the correct name and icon. I assume this
> happens as the local machine communicates with the domain server and
> updates
> its display. On the problem machine, this update never occurs.
>
> It can't be that simple though, because the machine can still work on the
> network fine, and seems to have credentials.
>
> Anyone seen this before?
>
> Maury
>
- Next message: Steven L Umbach: "Re: Admin right for station"
- Previous message: Steven L Umbach: "Re: Local Audit Policy - Administrator cannot change?"
- Next in thread: Steven L Umbach: "Re: "broken"/missing ACL's?"
- Reply: Steven L Umbach: "Re: "broken"/missing ACL's?"
- Maybe reply: Steven L Umbach: "Re: "broken"/missing ACL's?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
