Login/Drive mapping error

[Ryan McGowan]

2 W2K SP3 DCs, 4 Shares (2 on DC1, 2 on DC2), XP clients.

When XP client logs in, the shares from DC2 are always
mapped, no matter what the authenticating DC is.

However, the shares from DC1 sometimes do not map through
the login script. It is using a simple net use command,
after login, this command runs fine.

Debugging shows a "System error 53 has occurred. The
network path was not found" message.

The scripts are running via group policy, but it still
occurs if you include the script attached to the user.

Summary: Why during login, can the client not access the
shares on DC1, but it can access them after login?

Any thoughts/suggestions/fixes?

 

[Ace Fekay [MVP]]

In

2 W2K SP3 DCs, 4 Shares (2 on DC1, 2 on DC2), XP clients.

When XP client logs in, the shares from DC2 are always
mapped, no matter what the authenticating DC is.

However, the shares from DC1 sometimes do not map through
the login script. It is using a simple net use command,
after login, this command runs fine.

Debugging shows a "System error 53 has occurred. The
network path was not found" message.

The scripts are running via group policy, but it still
occurs if you include the script attached to the user.

Summary: Why during login, can the client not access the
shares on DC1, but it can access them after login?

Any thoughts/suggestions/fixes?

Hmm, anything different between the DCs? Was one upgraded and the other
installed fresh?

Where do you have the script? User Config (logon) or Computer Config
(startup)?


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Ryan McGowan]

I didn't set the DCs up myself, but they look identical.
DC1 is a GC. As far as I know they were both setup from
scratch.

The scripts are set up in: User Config (logon). I am
running 1 script on the domain level, then a few others
in nested OUs (not sure if that makes a difference).

I am also wondering if it could be a browser issue.
Another member server does not seem to be able to obtain
the browser list from DC1, which is where the shares are
not being mapped to upon logon.

 

[Ace Fekay [MVP]]

I didn't set the DCs up myself, but they look identical.
DC1 is a GC. As far as I know they were both setup from
scratch.

The scripts are set up in: User Config (logon). I am
running 1 script on the domain level, then a few others
in nested OUs (not sure if that makes a difference).

I am also wondering if it could be a browser issue.
Another member server does not seem to be able to obtain
the browser list from DC1, which is where the shares are
not being mapped to upon logon.

Well, that would explain the "logon" part. If you put it in the Computer
Config, then it would be a "startup" script and it wouldn't depend on
someone logging on.

And yes, the way you set up your GPOs in your OUs and inheritance would make
ALL the world of difference, since GPOs are basically applied at the Site
first, then Domain, then OU. If any of the later ones run and there are any
conflicting settings, the latter ones win. You can control inheritance thru
the use of blocking inheritance or filtering. So it's something that would
need to be planned out and tested. You can use the GPMC in XP or
gpresults.exe in W2k to determine which policies are applying. Easier to
just set up specific logon scripts to specific group of users, computers or
machines by organizing them by OU and only running that specific GPO for
that object.

So you have a little tinkering to do!

Step-by-Step Guide to Understanding the Group Policy Feature Set:
http://www.microsoft.com/technet/prodtechnol/windows2000serv/howto/grpolwt.a
sp

Troubleshooting Group Policy in Windows 2000:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechn
ol/windows2000serv/support/trblshoot/tshootgp.asp

Hope that helps.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Ace Fekay [MVP]]

In

Thanks Ace.

I see your point and agree, I do have a lot of stuff to
try.

Just a couple of things about your reply though, as far
as the OU setup goes (I agree I could probably do it
differently and it would be just as easy to administer),
this is what it is:

Domain OU (DC2 drive mapped)

You mean the Domain GPO and not the "Domain OU"?

-->OU1 (DC2 drive mapped, DC1 drive mapped)

This is a first level OU?

-->OU2 (DC1 drive mapped)

This is a child of OU1?

(I am not doing anything in the site GPO)

So it's not that complicated and I can not see what
settings could be conflicting. The GPOs are not doing
much else. Plus why would it work sometimes and not
others (keeping in mind that the DC2 drives are always
mapped).

Are you using the same drive letters, which may be conflicting?

Plus, as far as the startup/logon issue is concerned, I'm
not sure I follow you.

If you create a logon script and set it in the COmputer Config section of
the GPO, it's now a logon script that will be run when a computer starts up,
considering if the computer is in that OU.

The problem occurs on startup. If I logout and login
again the problem does not seem to occur. Plus, if I put
the script in startup - it won't know the user will it,
to apply the different scripts to.

No, it won';t know the user, but then again, the comnputer needs to be in
that OU, unless you have Loopback enabled and the computer is in another OU
and there is somehtning in the Comp Config section of it's GPO.
Not trying to get complicated here, just trying to figure out what;s up.

Finally, I'm hoping that its something more of a general
networking issue, because I believe they were having
similar issues when they were doing the login scripts a
different way.

Maybe, just maybe it could be all an issue with DNS settings. Show me an
unedited ipconfig /all of both DCs and one of the clients (assuming that all
the clients will be configured similarly except of course, it's IP).

However, the network is not that big or complicated. I
guess I could have four different OUs and four different
login scripts (each one will only have to map 3 to 4
drives - not that hard to administer). I just thought it
would be better to map domain wide drives at the domain
level then move on from there.

I understand what you're doing. You want to map one drive for everyone in
the domain, but specific drives for various users based on their OU
memberships. As long as you don't use the same letters in all the scripts, I
don';t see a prob with it.

It's just frustrating that its not working the way I
expected it to...more frustrating that it works sometimes
and not others.

It can be. Ever take a course in AD?

Thanks for your help.

No prob. Show me those ipconfig results please to iron out your
configuration first. I want to make sure things are up and up there first.
Also, let me know if all the SRVs exist and any Event log errors on the
client and the DCs (Event ID #'s).

Thanks.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Ryan McGowan]

You mean the Domain GPO and not the "Domain OU"?

Yeah, sorry, I did mean that...

-->OU1 (DC2 drive mapped, DC1 drive mapped)
This is a first level OU?

That is correct.

-->OU2 (DC1 drive mapped)
This is a child of OU1?

That is also correct.

Are you using the same drive letters, which may be

conflicting?

I don't believe so (I will check) but again, it works
sometimes and doesn't other times, for the same user. So
if there were naming conflicts, it would happen all the
time for the same user.

I'll get you all those configuration settings/eventlogs
stuff when I go back onsite next week.

Thanks!

 

[Ace Fekay [MVP]]

In

Yeah, sorry, I did mean that...


That is correct.


That is also correct.


I don't believe so (I will check) but again, it works
sometimes and doesn't other times, for the same user. So
if there were naming conflicts, it would happen all the
time for the same user.

I'll get you all those configuration settings/eventlogs
stuff when I go back onsite next week.

Thanks!

Ok, sounds good.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Ryan McGowan]

Hmmm, I feel a little embarrased...After checking that
they could map via IP addresses with not problems, I did
an ipconfig /all on the clients (I should have done this
at the start).

As well as the LAN connection the Compaq machine had a
WAN driver adapter in there as well.

So the reason it worked sometimes and not others is that
it would use the LAN for some mappings and the WAN
adapter for others.

I disabled the WAN adapter (not used) and unbound the
protocols.

This fixed the problem.

Thanks for your help.

 

[Ace Fekay [MVP]]

In

Hmmm, I feel a little embarrased...After checking that
they could map via IP addresses with not problems, I did
an ipconfig /all on the clients (I should have done this
at the start).

As well as the LAN connection the Compaq machine had a
WAN driver adapter in there as well.

So the reason it worked sometimes and not others is that
it would use the LAN for some mappings and the WAN
adapter for others.

I disabled the WAN adapter (not used) and unbound the
protocols.

This fixed the problem.

Thanks for your help.

Nah, don;t feel embarassed. I've done stuff too!

At least you got it working correctly!

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory