Problem joining domain

[Guest]

Hi,

I have an SBS 2003 Server (DC), and another 2003 standard server at the head
office. (192.168.1.x)

I have two remote servers (2003 Std) connecting Via a VPN (512/512 DSL
Connection). The
DNS Settings for the remote servers are set to the SBS 2003.
(192.168.2.x) The reverse DNS has been setup on the DNS Server.

At the moment I have one server that I have joined to the domain. It joins
to the domain without any problems. It takes about 3 mins to join to the
domain.
Reboot, Login to the domain. This takes about 15 mins to login.

Once the computer logs in I can not browse to the SBS Server, I receive
Access Denied error messages. Somtimes I when trying to browse i will get a
popup box to enter a username and password. If i enter the username and
password i can then browse.

I have tested both servers they both do the same.

I get the following errors in the event log. If anyone has any ideas what
may cause this it will be a great help.

Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1054
Date: 17/11/2004
Time: 1:41:57 PM
User: NT AUTHORITY\SYSTEM
Computer: SBS-BACKUP
Description:
Windows cannot obtain the domain controller name for your computer network.
(An unexpected network error occurred. ). Group Policy processing aborted.

Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40960
Date: 17/11/2004
Time: 1:45:40 PM
User: N/A
Computer: SBS-BACKUP
Description:
The Security System detected an authentication error for the server
cifs/sbs. The failure code from authentication protocol Kerberos was "There
are currently no logon servers available to service the logon request.
(0xc000005e)".

Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40961
Date: 17/11/2004
Time: 1:45:40 PM
User: N/A
Computer: SBS-BACKUP
Description:
The Security System could not establish a secured connection with the server
cifs/sbs. No authentication protocol was available.




Expand AllCollapse All

 

[Oli Restorick [MVP]]

I think you have a DNS configuration issue.

For an SBS domain, you'll have one DNS server (which is your SBS machine).
Everything else on your network should point only to this machine for DNS
resolution. The SBS box should have a forwarder configured in its DNS
server config to allow resolution of external names.

I'm guessing you have an ISP's DNS server listed in your 2003 box, even
though you say it's pointing at the SBS box. Are you sure you don't have an
extra entry in there? What you're describing looks exactly like a DNS issue
to me.

Are your workstations logging in OK?

Cheers

Oli

 

[Guest]

Hi Oli,

The DNS on all servers and workstations is set to the SBS.
The DNS on the SBS server is set to itself.

All workstations and Servers ran run Nslookup and resolve and local name and
local fqnd. They can all ping etc.

It maybe a DNS problem but i am not sure where the problem is.

Thanks

 

[Anthony Yates]

This sounds like one of two things:
- network browse error: routers do not forward network browse lists, so the
remote computer does not know how to find the server for netbios requests
(like Shares). You need to implement WINS or forward network broadcast
messages. DNS-type requests, like ping, work OK but you can not browse.
- VPN router/firewall configuration blocking something
Anthony

 

[Anthony Yates]

We also get the same errors when McAfee personal firewall blocks the domain
authentication
Anthony

 

[Ryan Hanisco]

Clint,

Are you joining the other servers as member servers or are you trying to
promote one of the others?

Also check the MTU and port blocking on the VPNs -- this can mess up traffic
going across the tunnel. Other than that, it looks like a DNS problem.

 

[Guest]

Hi Anthony,
I have setup wins on the remote servers. Still no luck
I have also installed DNS on one of the remote servers, and setup zone
transfers, set the local servers DNS to itsself. No Luck.

Just to add, If I try to login via Terminal Services to the domain I get an
error message access denied. Its very odd.

Thanks

 

[Guest]

Hi Ryan,
I am trying to join the server to the domain, Its a member server.

We have changed the MTU on the router, and also used DR TCP on the server.
we have the MTU set to 1300, 1400, and 1494.

Thanks

 

[Anthony Yates]

From the server with a problem, at the command prompt, what happens when you
ping the Netbios domain name? Do you get a reply? You should get the IP
address of the domain controller.
The error messages you posted look like the errors you get if a firewall
blocks the domain authentication. Can you check if the firewall is doing
this?
Anthony