Bryston,
First - thanks for such a quick response.
1. I only have the one DC. I planned to add several
more, but not until I can resolve this issue.
2. The problem clients are all running either 2K SP4 or
XP SP1a. I couldn't find any clients running SP4 that
DID work, and I don't seem to have any running less than
SP4 that don't work. The only exception is my XP Pro
SP1a machine which does not work. I will upgrade on that
works to Sp4 and see if it quits.
3. I'm glad you mentioned the ADSI thing - I forgot
about it. If I use ADSIEdit and try to bind to the DC it
fails with the error. If I go into the settings and
switch it to use GC instead of LDAP, it works great. I
also have a User management tool I wrote in C# that adds
users with all the standard settings we use here. It
fails too. I went into it and changed the DirectoryEntry
constructors to bind to GC://... instead of LDAP://...
and it works. That's one of the reasons I was chasing an
LDAP comm problem at first.
4. I am getting a couple that I has dismissed so far as
annoying, but unrelated. Maybe I'm overlooking something
in these. In the System Log I am getting ...
Event Type: Error
Event Source: MRxSmb
Event Category: None
Event ID: 8003
Date: 7/31/2003
Time: 4:57:59 PM
User: N/A
Computer: ADMIN
Description:
The master browser has received a server announcement
from the computer LAB04SERVER that believes that it is
the master browser for the domain on transport
NetBT_Tcpip_{223129FC-1819-4B. The master browser is
stopping or an election is being forced.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 03 00 4e 00 ......N.
0008: 00 00 00 00 43 1f 00 c0 ....C..À
0010: 00 00 00 00 00 00 00 00 ........
0018: 01 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........
This one occurs approx every 70 minutes. I also got the
following in the App Log once ...
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1000
Date: 7/30/2003
Time: 8:32:45 PM
User: NT AUTHORITY\SYSTEM
Computer: ADMIN
Description:
Windows cannot access the registry information at
\\vatterott-college.org\sysvol\vatterott-
college.org\Policies\{31B2F340-016D-11D2-945F-
00C04FB984F9}\Machine\registry.pol with (1351).
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
I am getting some WMI warnings I am unfamiliar with as
well. they are:
Event Type: Warning
Event Source: WinMgmt
Event Category: None
Event ID: 41
Date: 7/30/2003
Time: 7:23:00 PM
User: N/A
Computer: ADMIN
Description:
WMI ADAP was unable to create object index 2022 for
Performance Library MSDTC because no value was found in
the 009 subkey
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Event Type: Warning
Event Source: WinMgmt
Event Category: None
Event ID: 41
Date: 7/30/2003
Time: 7:23:00 PM
User: N/A
Computer: ADMIN
Description:
WMI ADAP was unable to create object index 2422 for
Performance Library IAS because no value was found in the
009 subkey
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Event Type: Warning
Event Source: WinMgmt
Event Category: None
Event ID: 42
Date: 7/30/2003
Time: 7:23:00 PM
User: N/A
Computer: ADMIN
Description:
WMI ADAP was unable to create object
Win32_PerfRawData_DNS_DNS for Performance Library DNS
because no value was found for property index 2280 in the
009 subkey
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Event Type: Warning
Event Source: WinMgmt
Event Category: None
Event ID: 41
Date: 7/30/2003
Time: 7:23:00 PM
User: N/A
Computer: ADMIN
Description:
WMI ADAP was unable to create object index 2392 for
Performance Library DHCPServer because no value was found
in the 009 subkey
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Hopefully, this is enough info. If not, I have a lot
more. I am looking into a possible Kerberos problem, but
I'm not hopeful. I am chasing the idea that the ISA
server may be blocking my time sync with the clock at
tick.usno.navy.mil and that may be screwing up Kerberos.
I have reset the DC to look to itself as a time source
for now (net time /setsntp:dcnamehere), but so far that
hasn't changed anything.
Let me know if you need more and thanks for the help.
Phil
