Strange share problem, with win2k3 DC

Hi Experts,

I have a really urgent problem with a 2003 DC, that somehow dont accept
that any one access any network shares on it. Its all shares on that
server and all users in the AD. There is no problem with other shares on
other servers, only this one.

The server is also a Terminal server, and that validation works just
fine. Its the only DC in the forest and validation of user logon are no
problem, anywhere on the network.

It seems like the "netlogon" service is working fine but the "server"
service is "broken" - Does that make sense?

This startet over night after a reboot, although no new software was
installed on it.

I get a lot of these error messages in the application log, but I guess
that make much sense since no shares can be accessed.

here is the log:

Windows cannot access the file gpt.ini for GPO
CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=intern,DC=b lah,DC=dk.
The file must be present at the location
<\\intern.blah.dk\sysvol\intern.blah.dk\Policies\{ 31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini>.
(Access is denied. ). Group Policy processing aborted.

Hope you guys can help me, I'm desperate..

Cheers

Esben

Which situation do you have:
1) On a work-station, in Explorer, Tools, you cannot use 'Map Network Drive'
to connect to \\DC_SERVER\SHARE_NAME? If not, what response do you get?
2) Your users normally see I: Share_name on DC_server in My Computer,
because the mapping is done by the netlogon script? Because if the gpt.ini
file is missing, could be the netlogon script is not running.
--
Newell White


"Esben Laursen" wrote:

> Hi Experts,
>
> I have a really urgent problem with a 2003 DC, that somehow dont accept
> that any one access any network shares on it. Its all shares on that
> server and all users in the AD. There is no problem with other shares on
> other servers, only this one.
>
> The server is also a Terminal server, and that validation works just
> fine. Its the only DC in the forest and validation of user logon are no
> problem, anywhere on the network.
>
> It seems like the "netlogon" service is working fine but the "server"
> service is "broken" - Does that make sense?
>
> This startet over night after a reboot, although no new software was
> installed on it.
>
> I get a lot of these error messages in the application log, but I guess
> that make much sense since no shares can be accessed.
>
> here is the log:
>
> Windows cannot access the file gpt.ini for GPO
> CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=intern,DC=b lah,DC=dk.
> The file must be present at the location
> <\\intern.blah.dk\sysvol\intern.blah.dk\Policies\{ 31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini>.
> (Access is denied. ). Group Policy processing aborted.
>
> Hope you guys can help me, I'm desperate..
>
> Cheers
>
> Esben
>

Newell White skrev:
> Which situation do you have:
> 1) On a work-station, in Explorer, Tools, you cannot use 'Map Network Drive'
> to connect to \\DC_SERVER\SHARE_NAME? If not, what response do you get?

The users (and administrator) see the "default login" box if you dont
have access to the share.

I found this images, witch is the same:

http://www.practicallynetworked.com/...ng/image30.gif

> 2) Your users normally see I: Share_name on DC_server in My Computer,
> because the mapping is done by the netlogon script? Because if the gpt.ini
> file is missing, could be the netlogon script is not running.

Our users do not have a network drived mapped, most users know how to
browse into the different shares and some other have direct links to a
share (\\server\data\ shortcut).

But also my other programs that use network resources do not work, and
all shared printers also dont work.

I really appreciate your help, thanks

Esben

Do you have a WINS server on your network - check event log for WINS messages.
Is NetBIOS over TCP/IP enabled after the server rebooted?

If you don't have WINS, I recommend setting it up.
Until I did on our network we had many problems seeing shared printers.

As for the missing gpt.ini file, my guess is that incomplete replication of
sysvol may be involved.

---
Newell White


"Esben Laursen" wrote:

> Newell White skrev:
> > Which situation do you have:
> > 1) On a work-station, in Explorer, Tools, you cannot use 'Map Network Drive'
> > to connect to \\DC_SERVER\SHARE_NAME? If not, what response do you get?
>
> The users (and administrator) see the "default login" box if you dont
> have access to the share.
>
> I found this images, witch is the same:
>
> http://www.practicallynetworked.com/...ng/image30.gif
>
> > 2) Your users normally see I: Share_name on DC_server in My Computer,
> > because the mapping is done by the netlogon script? Because if the gpt.ini
> > file is missing, could be the netlogon script is not running.
>
> Our users do not have a network drived mapped, most users know how to
> browse into the different shares and some other have direct links to a
> share (\\server\data\ shortcut).
>
> But also my other programs that use network resources do not work, and
> all shared printers also dont work.
>
> I really appreciate your help, thanks
>
> Esben
>

what do you mean by "As for the missing gpt.ini file, my guess is that
incomplete replication of
sysvol may be involved.
" and what can i do id the TCp/IP over NetBios is already checked but still
getting the same error randomly?

sd

"Newell White" wrote:

> Do you have a WINS server on your network - check event log for WINS messages.
> Is NetBIOS over TCP/IP enabled after the server rebooted?
>
> If you don't have WINS, I recommend setting it up.
> Until I did on our network we had many problems seeing shared printers.
>
> As for the missing gpt.ini file, my guess is that incomplete replication of
> sysvol may be involved.
>
> ---
> Newell White
>
>
> "Esben Laursen" wrote:
>
> > Newell White skrev:
> > > Which situation do you have:
> > > 1) On a work-station, in Explorer, Tools, you cannot use 'Map Network Drive'
> > > to connect to \\DC_SERVER\SHARE_NAME? If not, what response do you get?
> >
> > The users (and administrator) see the "default login" box if you dont
> > have access to the share.
> >
> > I found this images, witch is the same:
> >
> > http://www.practicallynetworked.com/...ng/image30.gif
> >
> > > 2) Your users normally see I: Share_name on DC_server in My Computer,
> > > because the mapping is done by the netlogon script? Because if the gpt.ini
> > > file is missing, could be the netlogon script is not running.
> >
> > Our users do not have a network drived mapped, most users know how to
> > browse into the different shares and some other have direct links to a
> > share (\\server\data\ shortcut).
> >
> > But also my other programs that use network resources do not work, and
> > all shared printers also dont work.
> >
> > I really appreciate your help, thanks
> >
> > Esben
> >

sd, sorry about delay in getting back to you.

1) Sysvol replication does not copy everything in sysvol. For example:

I inherited a small domain with 1 DC. My predecessor had saved himself a few
mouse-clicks by copying login.bat from sysvol\domain.local\scripts to sysvol,
and modifying it there. He then modified the relevant GP to use this version.
When I added a 2nd AD-integrated DC, users reported problems. I discovered
that in this setup, Only sysvol\domain.local is replicated from PDC to 2nd
DC. So logins handled by 2nd DC did not have login.bat in the location called
up by the GP, and these users were missing the benefits.

2) If I had Netbios-over-TCP enabled and was experiencing problems seeing
file shares or printers, I would disable the browser service on all computers
except PDC and WINS servers. Do these few computers have fully populated
browse lists? If so, when and from where are the workstations getting their
browse list info? If they are getting complete up-to-date info, I would check
routing & connectivity issues before posting here for help.

Regards
--
Newell White


"sdmusicmaker" wrote:

> what do you mean by "As for the missing gpt.ini file, my guess is that
> incomplete replication of
> sysvol may be involved.
> " and what can i do id the TCp/IP over NetBios is already checked but still
> getting the same error randomly?
>
> sd
>
> "Newell White" wrote:
>
> > Do you have a WINS server on your network - check event log for WINS messages.
> > Is NetBIOS over TCP/IP enabled after the server rebooted?
> >
> > If you don't have WINS, I recommend setting it up.
> > Until I did on our network we had many problems seeing shared printers.
> >
> > As for the missing gpt.ini file, my guess is that incomplete replication of
> > sysvol may be involved.
> >
> > ---
> > Newell White
> >
> >
> > "Esben Laursen" wrote:
> >
> > > Newell White skrev:
> > > > Which situation do you have:
> > > > 1) On a work-station, in Explorer, Tools, you cannot use 'Map Network Drive'
> > > > to connect to \\DC_SERVER\SHARE_NAME? If not, what response do you get?
> > >
> > > The users (and administrator) see the "default login" box if you dont
> > > have access to the share.
> > >
> > > I found this images, witch is the same:
> > >
> > > http://www.practicallynetworked.com/...ng/image30.gif
> > >
> > > > 2) Your users normally see I: Share_name on DC_server in My Computer,
> > > > because the mapping is done by the netlogon script? Because if the gpt.ini
> > > > file is missing, could be the netlogon script is not running.
> > >
> > > Our users do not have a network drived mapped, most users know how to
> > > browse into the different shares and some other have direct links to a
> > > share (\\server\data\ shortcut).
> > >
> > > But also my other programs that use network resources do not work, and
> > > all shared printers also dont work.
> > >
> > > I really appreciate your help, thanks
> > >
> > > Esben
> > >