Netlogon Share and Script Folder missing

[Guest]

I have a client that has only complained recently that the logon script fails
to run at sign-in by the users.They are setup with one 2000 server running
AD,Exchange and IIS, with a 2000 member server hosting File and Print Duties.
Both servers run SP4 and the Sysvol and NTDS folders reside on a different
drive running RAID 5.

Upon further investigation into the reasons for the logon script not
running, it would appear that the script Folder has been deleted under the
Sysvol. All attempts to restore the system state have failed, because the
error occured more than 6 months ago, just after deployment to this customer,
and the backup tapes all have this error. All attempts to recreate the folder
and share it out as Netlogon have failed because when you log the user's in,
the script does not run. I have followed the Microsoft KB bulletins (257338,
229679, 315457, 78209, 75294 and 258805 being desperate) to repair Directory
services and replication.

How could this occur considering no user has Admin or power user rights in
the domain? They only have modify rights to their Group Folders and Home
drive and none of the outside Domain Adminis have admitted that they deleted
any of these folders. If I brought in a member server, and ran Dcpromo on it,
would it re-create the Netlogon share, or would it replicate the errors from
the primary domain controller?

 

[Ace Fekay [MVP]]

In

I have a client that has only complained recently that the logon
script fails to run at sign-in by the users.They are setup with one
2000 server running AD,Exchange and IIS, with a 2000 member server
hosting File and Print Duties. Both servers run SP4 and the Sysvol
and NTDS folders reside on a different drive running RAID 5.

Upon further investigation into the reasons for the logon script not
running, it would appear that the script Folder has been deleted
under the Sysvol. All attempts to restore the system state have
failed, because the error occured more than 6 months ago, just after
deployment to this customer, and the backup tapes all have this
error. All attempts to recreate the folder and share it out as
Netlogon have failed because when you log the user's in, the script
does not run. I have followed the Microsoft KB bulletins (257338,
229679, 315457, 78209, 75294 and 258805 being desperate) to repair
Directory services and replication.

How could this occur considering no user has Admin or power user
rights in the domain? They only have modify rights to their Group
Folders and Home drive and none of the outside Domain Adminis have
admitted that they deleted any of these folders. If I brought in a
member server, and ran Dcpromo on it, would it re-create the Netlogon
share, or would it replicate the errors from the primary domain
controller?

I haven't seen this error as of yet, but just to point out, any time you add
a DC to the domain, it replicates everything over from the other DCs.

Have you manually created the folder and shared it? If your clients are
Win2k or newer, why not just use GPOs for your logon scripts?

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.

 

[Guest]

Sorry about that, I forgot to mention the workstations. They are an even mix
of 10 Win2k-SP4 and 10 XP Pro-SP1 systems, Generic, Compaq and Dell.

The shares and folders have been re-created in the correct places. The
shares do not show up in the Computer Management MCC, and trying a UNC path
does not work. You exmaine the folder, and it states it's shared out.

I'll give the Group Policy a go, pointing to the full path. I'll even try
shaking a Penguin Voodoo Doll at it, but it looks like a messy rebuild is in
order.

 

[Ace Fekay [MVP]]

In

Sorry about that, I forgot to mention the workstations. They are an
even mix of 10 Win2k-SP4 and 10 XP Pro-SP1 systems, Generic, Compaq
and Dell.

The shares and folders have been re-created in the correct places. The
shares do not show up in the Computer Management MCC, and trying a
UNC path does not work. You exmaine the folder, and it states it's
shared out.

I'll give the Group Policy a go, pointing to the full path. I'll even
try shaking a Penguin Voodoo Doll at it, but it looks like a messy
rebuild is in order.

Greg,

If your clients are Win2k or newer (I don't see any NT4 or Win9x clients in
your list), then the best recommendation is to use GPOs. It is strange,
however, that the share will not show up. Assuming this is only happening on
this one server, and none of the articles helped you to rebuild that folder,
try to add another server into the domain, and then remove this one and then
re-promote it back in. I'm not saying this will guarantee a fix, just
curious, since as I previously said, I have not seen where the NETLOGON
folder ever getting deleted.

Do you remember how it got deleted? Do you think your server was attacked?
I've seen attackers turning an FTP server into a pub server and deleting the
default shares for their own shares that they create. Do the admin shares
still exit (C$, D$, Admin$, etc)? Check your RUN key in the reg and see if
there is any reference to a batch file that will delete shares.

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.

 

[Guest]

The GPO logon script is working, and meeting their needs. All the other Admin
Shares are there, and working. Everyone that has access to the server calims
that they never deleted the script folder. I have to ASSuME that they didn't
do it. The network is hosted by the building they're in, and the rest of this
facility is dedicated to classified research. I'll search the system and see
if there's anything out of the ordinary.

Thanks for all the help.

 

[Ace Fekay [MVP]]

In

The GPO logon script is working, and meeting their needs. All the
other Admin Shares are there, and working. Everyone that has access
to the server calims that they never deleted the script folder. I
have to ASSuME that they didn't do it. The network is hosted by the
building they're in, and the rest of this facility is dedicated to
classified research. I'll search the system and see if there's
anything out of the ordinary.

Thanks for all the help.

No problem, but I don't think I was able to fully help. You;ve already
looked at a number of different articles that apply to it. Let me know how
you make out.

Ace