HELP! Domain shares denied access

April 10, 2011 at 04:46:02
Specs: Windows server 2003
Going to \\domain.local I am denied access to all shared folders. However, I am able to go to the shares by \\server\shares. I am in a 2 domain controller set up and both are DNS servers. I have reset the bur flags and have gained access back to the sysvol and netlogon folders but all other folders are still giving me access denied. When I ping domain domain.local, it resolves to our 2nd DC, If I shut down DC2 a ping to domain.local times out. I have checked all the DNS settings I can possibly think of but I am completely frustrated right now. The only errors I am getting in the logs are event ID 1030 and 1058..."Windows cannot access the file gpt.ini for GPO..." I have access to that ini file but it still shows up. I am just lost at this point DCdiag and netdiag are passing all tests.

See More: HELP! Domain shares denied access

Report •

#1
April 10, 2011 at 09:34:06
bur flags? what is that?

have you reviewed the event viewer logs especially the dns ones?
You clearly have dns misconfigured or did not join the 2nd dc properly to the forest.

Answers are only as good as the information you provide.
How to properly post a question:
Sorry no tech support via PM's


Report •

#2
April 11, 2011 at 07:24:24
Burflags are used to restore your FRS replica sets. you can read more about it here http://support.microsoft.com/kb/290...

DNS onlu has one error in it and it only happened one time. This is the error:

The DNS server was unable to add or write an update of domain name *domain* in zone *domain* to the Active Directory. Check that the Active Directory is functioning properly and add or update this domain name using the DNS console. The extended error debug information (which may be empty) is "00002083: AtrErr: DSID-031510B7, #1:
0: 00002083: DSID-031510B7, problem 1006 (ATT_OR_VALUE_EXISTS), data 0, Att 9017e (dnsRecord)". The event data contains the error.

All shares at \\domain are unavailable but they are accessable if i go \\server\shares.

Any help would be appreciated


Report •

#3
April 11, 2011 at 08:00:00
This a new install/setup?
When did it stop working?

Answers are only as good as the information you provide.
How to properly post a question:
Sorry no tech support via PM's


Report •

Related Solutions

#4
April 11, 2011 at 10:43:22
no, this is a setup that has been working for years. It looks like we started getting errors in the event viewer at the beginning of the month with the GPO. There was a change to a GPO about the same time. Current setup is 2003 standard server. 2 Domain controllers and 2 exchange servers.

Report •

#5
April 11, 2011 at 11:20:10
lets see the following;

ipconfig /all from each server
nslookup servername1 from a workstation
nslookup servername2 from a workstation

GPO is only being applied to workstations/users right? Not to the server?
Have you tried disabling all GPO's?

Answers are only as good as the information you provide.
How to properly post a question:
Sorry no tech support via PM's


Report •

#6
April 11, 2011 at 12:01:19
I just tried to get into GPO management and it's giving me this error on both. Don't remember getting this error before...

The permissions for this GPO in the sysvol folder are inconsistent with those in active driectory. It is recommended that these permissions be consistent. to change the sysvol permissions to those in active directory, click ok.


Report •

#7
April 11, 2011 at 12:18:47
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes

but only one nic is showing with one ip. Someone setup RRAS as some point?

are you seeing errors in the security logs? I am wondering if the servers haven't been infected with a virus.

otherwise nslookups look good as do the ipconfigs except for those entries on server2

Answers are only as good as the information you provide.
How to properly post a question:
Sorry no tech support via PM's


Report •

#8
April 11, 2011 at 12:34:23
Never noticed that...I hope not. To many hands on this system is one of my problems. I'll have to fix that but I don't think that is the cause of this problem.

Went through the security log and didn't see anything out of the ordinary. Couple entries of not being able to open one of the folders that is shared in dfs but that went away after I reset the bur flags and the sysvol was shared out. No further failures have been noted. Really scratching my head with this one.


Report •

Ask Question