Admin acct not able to access GP settings

  • Thread starter Thread starter KPU News Groups
  • Start date Start date
K

KPU News Groups

Hi guys here's the sitrep on what I did. If anyone has any ideas pls let me
know.

A few days ago I installed Terminal Services on my Windows Server 2000. I
then went into group policy permissions to restrict what people could see
and do. So I made a few changes and went to test them. They all worked great
except for a couple of things so I went to log back on as the admin and
found that the restrictions also affected the admin account. Not good at
all, I talked to a couple of support guys here in town and the only thing we
could come up with to fix it was to restore the system settings from the
pervious days backup. Now this appeared to work but I now get an error when
trying to access the Domain Controller Security Policy settings and the
Domain Security Policy settings, The following is the error I get; "Failed
to open the Group Policy Object. you may not have appropriate rights." and
just below that its says "The network path was not found." I also get this
error message when I try to open the Group Policy Object; "The domain
controller for Group Policy operations is not available. You may cancel this
operation for this session or retry using one of the following domain
controller choices: The one with the Operations Master token for the PDC
emulator - The one used by the Active Directory Snap-ins - Use any available
domain controller"

Here is a list of the things I've found so far to try and fix the issue,
http://support.microsoft.com/default.aspx?scid=kb;it;263166
http://support.microsoft.com/?kbid=257435#kb3
http://support.microsoft.com/?id=294257

For the last link, when I went in to look at the policies there were a lot
of them that had notebook icon next the them, but when I looked at the
properties of a dozen or so I couldn't see anywhere that the admin account
or any other account had been denied.

Also I was running MMC trying to get to the group policy and when I get to
where I can select the group policy snap-in and select it. It shows "Local
Computer" as the Group Policy Object. Is this normal? When I click browse I
get this error message; "The domain controller for Group Policy operations
is not available. You may cancel this operation for this session or retry
using one of the following domain controller choices." I then have 3
choices; "The one with the Operations Master token for the PDC emulator. -
The one used by the Active Directory Snap-ins.(this one is grayed out) - Use
any available domain controller." When I select either option I get this
error; "Failed to find a domain controller. There may be a policy that
prevents you from selecting another domain controller." and the details so
this, "The network path was not found." I can click close and I then come to
a window that says Browse for a Group Policy Object and the only choice I
have are "This computer" or "Another computer" If I select yes and browse I
can choice my 2000 server computer by name and it then shows that I've
connected to a remote server. Is that what it should do?

Thanks in advance
Mel
 
I have some ideas but ned a little more info first:
1. Do you have more than 1 DC, and if so did you do the authorative
restore procedure when you restored from backup so that the other DC
does not overwrite your changes?
2. What exactly were the settings that you implemented on your network
in the first place that started this?
 
I only have one DC on this domain. There is a NT4.0 box on another domain on
the same network, but I was not having any problems before I made the
changes.

I pretty much took away all the right to do anything except start one progam
that the remote user's will be using. I took away access to the control
panel, system drives, network connections, shutdown, admin tools, run comman
line, search ablilities and anything else I found that would limit what they
could do.

Something else I found when looking in the SYSVOL folders was a bunch of
folders and files that were changed around the time I made the GP changes.
But only a couple for the time when I did the system state restore from the
backup. I was thinking of moving these files else where and trying the
system state restore again?

Mel
 
Some more information that may help. I downloaded the GPOTOOL.exe file and
when I run it, I get a message that says
Validating DCs....
Error: DC list is empty

When I run with the verbose switch I get the following
Domain: admin.ak
Validating DCs...
DELL.admin.ak: down (sysvol only)
Error: DC list is empty

Mel
 
How did you restore system settings?? An authoritative restore of Active
Directory by booting into Directory Services Restore Mode would be the way
to do it, but keep in mind that will not change most settings in Local
Security Policy. I would run the support tools netdiag and dcdiag on the
domain controller to see what they report and look for pertinent errors in
Event Viewer. Verify that the domain controller is pointing to only itself
[or another AD domain controller] as it's preferred dns server and verify
that you can access the sysvol share but entering \\dcname\sysvol in the run
box and you should find at least two policies in the \domain\policies
folder. --- Steve
 
Yes that is how I restored the system settings. I will run those tools and
let you know what happens. Thanks for your suggestions.

Mel

How did you restore system settings?? An authoritative restore of Active
Directory by booting into Directory Services Restore Mode would be the way
to do it, but keep in mind that will not change most settings in Local
Security Policy. I would run the support tools netdiag and dcdiag on the
domain controller to see what they report and look for pertinent errors in
Event Viewer. Verify that the domain controller is pointing to only itself
[or another AD domain controller] as it's preferred dns server and verify
that you can access the sysvol share but entering \\dcname\sysvol in the run
box and you should find at least two policies in the \domain\policies
folder. --- Steve


KPU News Groups said:
Hi guys here's the sitrep on what I did. If anyone has any ideas pls let
me
know.

A few days ago I installed Terminal Services on my Windows Server 2000. I
then went into group policy permissions to restrict what people could see
and do. So I made a few changes and went to test them. They all worked
great
except for a couple of things so I went to log back on as the admin and
found that the restrictions also affected the admin account. Not good at
all, I talked to a couple of support guys here in town and the only thing
we
could come up with to fix it was to restore the system settings from the
pervious days backup. Now this appeared to work but I now get an error
when
trying to access the Domain Controller Security Policy settings and the
Domain Security Policy settings, The following is the error I get; "Failed
to open the Group Policy Object. you may not have appropriate rights." and
just below that its says "The network path was not found." I also get this
error message when I try to open the Group Policy Object; "The domain
controller for Group Policy operations is not available. You may cancel
this
operation for this session or retry using one of the following domain
controller choices: The one with the Operations Master token for the PDC
emulator - The one used by the Active Directory Snap-ins - Use any
available
domain controller"

Here is a list of the things I've found so far to try and fix the issue,
http://support.microsoft.com/default.aspx?scid=kb;it;263166
http://support.microsoft.com/?kbid=257435#kb3
http://support.microsoft.com/?id=294257

For the last link, when I went in to look at the policies there were a lot
of them that had notebook icon next the them, but when I looked at the
properties of a dozen or so I couldn't see anywhere that the admin account
or any other account had been denied.

Also I was running MMC trying to get to the group policy and when I get to
where I can select the group policy snap-in and select it. It shows "Local
Computer" as the Group Policy Object. Is this normal? When I click browse
I
get this error message; "The domain controller for Group Policy operations
is not available. You may cancel this operation for this session or retry
using one of the following domain controller choices." I then have 3
choices; "The one with the Operations Master token for the PDC emulator. -
The one used by the Active Directory Snap-ins.(this one is grayed out) -
Use
any available domain controller." When I select either option I get this
error; "Failed to find a domain controller. There may be a policy that
prevents you from selecting another domain controller." and the details so
this, "The network path was not found." I can click close and I then come
to
a window that says Browse for a Group Policy Object and the only choice I
have are "This computer" or "Another computer" If I select yes and browse
I
can choice my 2000 server computer by name and it then shows that I've
connected to a remote server. Is that what it should do?

Thanks in advance
Mel
Click to expand...
Click to expand...
 
Steve,

Here are the results of the diags:
dcdiag
C:\Program Files\Support Tools>dcdiag

Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\DELLSERVER
Starting test: Connectivity
c0b4daa2-6320-469a-aee5-cc4fb5a1f921._msdcs.admin.ak's server GUID
DNS
name could not be resolved to an
IP address. Check the DNS server, DHCP, server name, etc
Although the Guid DNS name
(c0b4daa2-6320-469a-aee5-cc4fb5a1f921._msdcs.admin.ktn) couldn't be
resolved, the server name (DELLSERVER.admin.ak) resolved to the IP
address (192.254.183.50) and was pingable. Check that the IP
address
is registered correctly with the DNS server.
......................... DELLSERVER failed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\DELLSERVER
Skipping all tests, because server DELLSERVER is
not responding to directory service requests

Running enterprise tests on : admin.ak
Starting test: Intersite
......................... admin.ak passed test Intersite
Starting test: FsmoCheck
......................... admin.ak passed test FsmoCheck

C:\Program Files\Support Tools>

netdiag
C:\Program Files\Support Tools>netdiag

......................................

Computer Name: DELLSERVER
DNS Host Name: DELLSERVER.admin.ak
System info : Windows 2000 Server (Build 2195)
Processor : x86 Family 15 Model 2 Stepping 9, GenuineIntel
List of installed hotfixes :
KB329115
KB820888
KB822831
KB823182
KB823559
KB824105
KB824146
KB825119
KB826232
KB828035
KB828741
KB828749
KB835732
KB837001
KB839643
KB839645
KB840315
KB840987
KB841356
KB841533
KB841872
KB841873
KB842526
KB867282-IE6SP1-20050127.163319
KB871250
KB873333
KB873339
KB885250
KB885834
KB885835
KB885836
KB887797-OE6SP1-20041112.131144
KB888113
KB890047
KB890175
KB891711
KB891781
Q147222
Q828026


Netcard queries test . . . . . . . : Passed



Per interface results:

Adapter : Admin

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : DELLSERVER
IP Address . . . . . . . . : 192.254.183.50
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.254.183.1
Dns Servers. . . . . . . . : 192.254.183.50


AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Passed

NetBT name test. . . . . . : Passed
[WARNING] At least one of the <00> 'WorkStation Service', <03>
'Messenge
r Service', <20> 'WINS' names is missing.
No remote names have been found.

WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.

Ipx configration
Network Number . . . . : 00000010
Node . . . . . . . . . : 00c09f2ce209
Frame type . . . . . . : 802.2



Adapter : IPX Internal Interface

Netcard queries test . . . : Passed

Ipx configration
Network Number . . . . : f0e1e2fe
Node . . . . . . . . . : 000000000001
Frame type . . . . . . : Ethernet II



Adapter : IpxLoopbackAdapter

Netcard queries test . . . : Passed

Ipx configration
Network Number . . . . : f0e1e2fe
Node . . . . . . . . . : 000000000002
Frame type . . . . . . : 802.2



Adapter : NDISWANIPX

Netcard queries test . . . : Passed

Ipx configration
Network Number . . . . : 00000000
Node . . . . . . . . . : 089720524153
Frame type . . . . . . : Ethernet II




Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{24F42736-5981-4E7A-8FEE-80B7DB9CF7BF}
1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed
[WARNING] You don't have a single interface with the <00> 'WorkStation
Servi
ce', <03> 'Messenger Service', <20> 'WINS' names defined.


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Failed
[WARNING] The DNS entries for this DC are not registered correctly on
DNS se
rver '192.254.183.50'. Please wait for 30 minutes for DNS server
replication.
[FATAL] No DNS servers have the DNS records for this DC registered.


Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{24F42736-5981-4E7A-8FEE-80B7DB9CF7BF}
The redir is bound to 1 NetBt transport.

List of NetBt transports currently bound to the browser
NetBT_Tcpip_{24F42736-5981-4E7A-8FEE-80B7DB9CF7BF}
The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
No active remote access connections.


Modem diagnostics test . . . . . . : Passed


Netware configuration
You are not logged in to your preferred server .
Netware User Name. . . . . . . :
Netware Server Name. . . . . . :
Netware Tree Name. . . . . . . :
Netware Workstation Context. . :

IP Security test . . . . . . . . . : Passed
IPSec policy service is active, but no policy is assigned.


The command completed successfully

C:\Program Files\Support Tools>

When I did the run \\dellserver.admin.ak\sysvol or as \\admin.ak\sysvol
(wasn't sure which was correct) I got the following error message
"The network name cannot be found"

Thanks again for your help
Mel


How did you restore system settings?? An authoritative restore of Active
Directory by booting into Directory Services Restore Mode would be the way
to do it, but keep in mind that will not change most settings in Local
Security Policy. I would run the support tools netdiag and dcdiag on the
domain controller to see what they report and look for pertinent errors in
Event Viewer. Verify that the domain controller is pointing to only itself
[or another AD domain controller] as it's preferred dns server and verify
that you can access the sysvol share but entering \\dcname\sysvol in the run
box and you should find at least two policies in the \domain\policies
folder. --- Steve


KPU News Groups said:
Hi guys here's the sitrep on what I did. If anyone has any ideas pls let
me
know.

A few days ago I installed Terminal Services on my Windows Server 2000. I
then went into group policy permissions to restrict what people could see
and do. So I made a few changes and went to test them. They all worked
great
except for a couple of things so I went to log back on as the admin and
found that the restrictions also affected the admin account. Not good at
all, I talked to a couple of support guys here in town and the only thing
we
could come up with to fix it was to restore the system settings from the
pervious days backup. Now this appeared to work but I now get an error
when
trying to access the Domain Controller Security Policy settings and the
Domain Security Policy settings, The following is the error I get; "Failed
to open the Group Policy Object. you may not have appropriate rights." and
just below that its says "The network path was not found." I also get this
error message when I try to open the Group Policy Object; "The domain
controller for Group Policy operations is not available. You may cancel
this
operation for this session or retry using one of the following domain
controller choices: The one with the Operations Master token for the PDC
emulator - The one used by the Active Directory Snap-ins - Use any
available
domain controller"

Here is a list of the things I've found so far to try and fix the issue,
http://support.microsoft.com/default.aspx?scid=kb;it;263166
http://support.microsoft.com/?kbid=257435#kb3
http://support.microsoft.com/?id=294257

For the last link, when I went in to look at the policies there were a lot
of them that had notebook icon next the them, but when I looked at the
properties of a dozen or so I couldn't see anywhere that the admin account
or any other account had been denied.

Also I was running MMC trying to get to the group policy and when I get to
where I can select the group policy snap-in and select it. It shows "Local
Computer" as the Group Policy Object. Is this normal? When I click browse
I
get this error message; "The domain controller for Group Policy operations
is not available. You may cancel this operation for this session or retry
using one of the following domain controller choices." I then have 3
choices; "The one with the Operations Master token for the PDC emulator. -
The one used by the Active Directory Snap-ins.(this one is grayed out) -
Use
any available domain controller." When I select either option I get this
error; "Failed to find a domain controller. There may be a policy that
prevents you from selecting another domain controller." and the details so
this, "The network path was not found." I can click close and I then come
to
a window that says Browse for a Group Policy Object and the only choice I
have are "This computer" or "Another computer" If I select yes and browse
I
can choice my 2000 server computer by name and it then shows that I've
connected to a remote server. Is that what it should do?

Thanks in advance
Mel
Click to expand...
Click to expand...
 
Notice that netdiag reported a problem with dns though netdiag shows you
have the domain controller pointing to itself as it's preferred dns server.
Try using the command " netdiag /fix" and then restarting the netlogon
service to see if it makes that error go away. Open the dns Management
Console and verify that your dns domain exists, that the _srv records are
present, and that the domain controllers IP address is shown in A and other
records for the zone. As far as sysvol, try to access it again after the dns
problems are resolved and/or use the IP address of the server instead of the
name to see if you can access it. The command "net share" should also show
that the sysvol share exists. --- Steve


KPU News Groups said:
Steve,

Here are the results of the diags:
dcdiag
C:\Program Files\Support Tools>dcdiag

Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\DELLSERVER
Starting test: Connectivity
c0b4daa2-6320-469a-aee5-cc4fb5a1f921._msdcs.admin.ak's server GUID
DNS
name could not be resolved to an
IP address. Check the DNS server, DHCP, server name, etc
Although the Guid DNS name
(c0b4daa2-6320-469a-aee5-cc4fb5a1f921._msdcs.admin.ktn) couldn't
be
resolved, the server name (DELLSERVER.admin.ak) resolved to the IP
address (192.254.183.50) and was pingable. Check that the IP
address
is registered correctly with the DNS server.
......................... DELLSERVER failed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\DELLSERVER
Skipping all tests, because server DELLSERVER is
not responding to directory service requests

Running enterprise tests on : admin.ak
Starting test: Intersite
......................... admin.ak passed test Intersite
Starting test: FsmoCheck
......................... admin.ak passed test FsmoCheck

C:\Program Files\Support Tools>

netdiag
C:\Program Files\Support Tools>netdiag

.....................................

Computer Name: DELLSERVER
DNS Host Name: DELLSERVER.admin.ak
System info : Windows 2000 Server (Build 2195)
Processor : x86 Family 15 Model 2 Stepping 9, GenuineIntel
List of installed hotfixes :
KB329115
KB820888
KB822831
KB823182
KB823559
KB824105
KB824146
KB825119
KB826232
KB828035
KB828741
KB828749
KB835732
KB837001
KB839643
KB839645
KB840315
KB840987
KB841356
KB841533
KB841872
KB841873
KB842526
KB867282-IE6SP1-20050127.163319
KB871250
KB873333
KB873339
KB885250
KB885834
KB885835
KB885836
KB887797-OE6SP1-20041112.131144
KB888113
KB890047
KB890175
KB891711
KB891781
Q147222
Q828026


Netcard queries test . . . . . . . : Passed



Per interface results:

Adapter : Admin

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : DELLSERVER
IP Address . . . . . . . . : 192.254.183.50
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.254.183.1
Dns Servers. . . . . . . . : 192.254.183.50


AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Passed

NetBT name test. . . . . . : Passed
[WARNING] At least one of the <00> 'WorkStation Service', <03>
'Messenge
r Service', <20> 'WINS' names is missing.
No remote names have been found.

WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.

Ipx configration
Network Number . . . . : 00000010
Node . . . . . . . . . : 00c09f2ce209
Frame type . . . . . . : 802.2



Adapter : IPX Internal Interface

Netcard queries test . . . : Passed

Ipx configration
Network Number . . . . : f0e1e2fe
Node . . . . . . . . . : 000000000001
Frame type . . . . . . : Ethernet II



Adapter : IpxLoopbackAdapter

Netcard queries test . . . : Passed

Ipx configration
Network Number . . . . : f0e1e2fe
Node . . . . . . . . . : 000000000002
Frame type . . . . . . : 802.2



Adapter : NDISWANIPX

Netcard queries test . . . : Passed

Ipx configration
Network Number . . . . : 00000000
Node . . . . . . . . . : 089720524153
Frame type . . . . . . : Ethernet II




Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{24F42736-5981-4E7A-8FEE-80B7DB9CF7BF}
1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed
[WARNING] You don't have a single interface with the <00> 'WorkStation
Servi
ce', <03> 'Messenger Service', <20> 'WINS' names defined.


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Failed
[WARNING] The DNS entries for this DC are not registered correctly on
DNS se
rver '192.254.183.50'. Please wait for 30 minutes for DNS server
replication.
[FATAL] No DNS servers have the DNS records for this DC registered.


Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{24F42736-5981-4E7A-8FEE-80B7DB9CF7BF}
The redir is bound to 1 NetBt transport.

List of NetBt transports currently bound to the browser
NetBT_Tcpip_{24F42736-5981-4E7A-8FEE-80B7DB9CF7BF}
The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
No active remote access connections.


Modem diagnostics test . . . . . . : Passed


Netware configuration
You are not logged in to your preferred server .
Netware User Name. . . . . . . :
Netware Server Name. . . . . . :
Netware Tree Name. . . . . . . :
Netware Workstation Context. . :

IP Security test . . . . . . . . . : Passed
IPSec policy service is active, but no policy is assigned.


The command completed successfully

C:\Program Files\Support Tools>

When I did the run \\dellserver.admin.ak\sysvol or as \\admin.ak\sysvol
(wasn't sure which was correct) I got the following error message
"The network name cannot be found"

Thanks again for your help
Mel


How did you restore system settings?? An authoritative restore of Active
Directory by booting into Directory Services Restore Mode would be the
way
to do it, but keep in mind that will not change most settings in Local
Security Policy. I would run the support tools netdiag and dcdiag on the
domain controller to see what they report and look for pertinent errors
in
Event Viewer. Verify that the domain controller is pointing to only
itself
[or another AD domain controller] as it's preferred dns server and verify
that you can access the sysvol share but entering \\dcname\sysvol in the run
box and you should find at least two policies in the \domain\policies
folder. --- Steve


KPU News Groups said:
Hi guys here's the sitrep on what I did. If anyone has any ideas pls
let
me
know.

A few days ago I installed Terminal Services on my Windows Server 2000. I
then went into group policy permissions to restrict what people could see
and do. So I made a few changes and went to test them. They all worked
great
except for a couple of things so I went to log back on as the admin and
found that the restrictions also affected the admin account. Not good
at
all, I talked to a couple of support guys here in town and the only thing
we
could come up with to fix it was to restore the system settings from
the
pervious days backup. Now this appeared to work but I now get an error
when
trying to access the Domain Controller Security Policy settings and the
Domain Security Policy settings, The following is the error I get; "Failed
to open the Group Policy Object. you may not have appropriate rights." and
just below that its says "The network path was not found." I also get this
error message when I try to open the Group Policy Object; "The domain
controller for Group Policy operations is not available. You may cancel
this
operation for this session or retry using one of the following domain
controller choices: The one with the Operations Master token for the
PDC
emulator - The one used by the Active Directory Snap-ins - Use any
available
domain controller"

Here is a list of the things I've found so far to try and fix the
issue,
http://support.microsoft.com/default.aspx?scid=kb;it;263166
http://support.microsoft.com/?kbid=257435#kb3
http://support.microsoft.com/?id=294257

For the last link, when I went in to look at the policies there were a lot
of them that had notebook icon next the them, but when I looked at the
properties of a dozen or so I couldn't see anywhere that the admin account
or any other account had been denied.

Also I was running MMC trying to get to the group policy and when I get to
where I can select the group policy snap-in and select it. It shows "Local
Computer" as the Group Policy Object. Is this normal? When I click browse
I
get this error message; "The domain controller for Group Policy operations
is not available. You may cancel this operation for this session or retry
using one of the following domain controller choices." I then have 3
choices; "The one with the Operations Master token for the PDC emulator. -
The one used by the Active Directory Snap-ins.(this one is grayed
out) -
Use
any available domain controller." When I select either option I get
this
error; "Failed to find a domain controller. There may be a policy that
prevents you from selecting another domain controller." and the details so
this, "The network path was not found." I can click close and I then come
to
a window that says Browse for a Group Policy Object and the only choice I
have are "This computer" or "Another computer" If I select yes and browse
I
can choice my 2000 server computer by name and it then shows that I've
connected to a remote server. Is that what it should do?

Thanks in advance
Mel
Click to expand...
Click to expand...
Click to expand...
 
Well I tried the netdiag /fix with no luck the results posted below. I've
also posted results from nslookup and ipconfig /all and the net share list.
The sysvol does not show in the list. When I tried to access the sysvol with
IP I got the same network path not found error. Also as far as I can
determine the DNS info show the correct info. But I also wouldn't know if it
wasn't. Under DNS tree it shows DELLSERVER under that it has a forward zone
and a reverse zone. Under forward it show admin.ak and under that I see 3
entries.
Name - (same as parent folder); Type - Name Server; Data -
dellserver.admin.ak
Name - (same as parent folder); Type - Start of Authorirty; Data - [4],
dellseerver.admin.ak., admin.admin.ak.
Name - dellserver; Type - Host; Data - 192.254.183.50

The reverse zone has under it 192.254.183.x Subnet. In that folder are 2
entries the same as the first 2 from the forward folder.

When I check properties on these items under the NAme Servers tab it shows
dellserver.admin.ak [192.254.183.50]

Thanks once again for your help. Below are the results of the diags

Mel

nslookup
C:\Program Files\Support Tools>nslookup
*** Can't find server name for address 192.254.183.50: Non-existent domain
*** Default servers are not available
Default Server: UnKnown
Address: 192.254.183.50

ipconfig /all
C:\Program Files\Support Tools>ipconfig /all

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : DELLSERVER
Primary DNS Suffix . . . . . . . : admin.ak
Node Type . . . . . . . . . . . . : Mixed
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : admin.ak

Ethernet adapter Admin:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network
Connect
ion
Physical Address. . . . . . . . . : 00-C0-9F-2C-E2-09
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.254.183.50
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.254.183.1
DNS Servers . . . . . . . . . . . : 192.254.183.50

C:\Program Files\Support Tools>

net share
C:\Program Files\Support Tools>net share

Share name Resource Remark

----------------------------------------------------------------------------
---
G$ G:\ Default share
C$ C:\ Default share
IPC$ Remote IPC
D$ D:\ Default share
I$ I:\ Default share
ADMIN$ C:\WINNT Remote Admin
E$ E:\ Default share
H$ H:\ Default share
Accounting E:\
DataFolders H:\
Lotus123 I:\
Payroll G:\
VPHOME C:\Program Files\Symantec AntiVirus
Symantec AntiVirus
VPLOGON C:\Program Files\Symantec AntiVirus\logon
Symantec AntiVirus
The command completed successfully.


C:\Program Files\Support Tools>

netdiag /fix
C:\Program Files\Support Tools>netdiag /fix

......................................

Computer Name: DELLSERVER
DNS Host Name: DELLSERVER.admin.ak
System info : Windows 2000 Server (Build 2195)
Processor : x86 Family 15 Model 2 Stepping 9, GenuineIntel
List of installed hotfixes :
KB329115
KB820888
KB822831
KB823182
KB823559
KB824105
KB824146
KB825119
KB826232
KB828035
KB828741
KB828749
KB835732
KB837001
KB839643
KB839645
KB840315
KB840987
KB841356
KB841533
KB841872
KB841873
KB842526
KB867282-IE6SP1-20050127.163319
KB871250
KB873333
KB873339
KB885250
KB885834
KB885835
KB885836
KB887797-OE6SP1-20041112.131144
KB888113
KB890047
KB890175
KB891711
KB891781
Q147222
Q828026


Netcard queries test . . . . . . . : Passed



Per interface results:

Adapter : Admin

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : DELLSERVER
IP Address . . . . . . . . : 192.254.183.50
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.254.183.1
Dns Servers. . . . . . . . : 192.254.183.50


AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Passed

NetBT name test. . . . . . : Passed
[WARNING] At least one of the <00> 'WorkStation Service', <03>
'Messenge
r Service', <20> 'WINS' names is missing.
No remote names have been found.

WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.

Ipx configration
Network Number . . . . : 00000010
Node . . . . . . . . . : 00c09f2ce209
Frame type . . . . . . : 802.2



Adapter : IPX Internal Interface

Netcard queries test . . . : Passed

Ipx configration
Network Number . . . . : f0e1e2fe
Node . . . . . . . . . : 000000000001
Frame type . . . . . . : Ethernet II



Adapter : IpxLoopbackAdapter

Netcard queries test . . . : Passed

Ipx configration
Network Number . . . . : f0e1e2fe
Node . . . . . . . . . : 000000000002
Frame type . . . . . . : 802.2



Adapter : NDISWANIPX

Netcard queries test . . . : Passed

Ipx configration
Network Number . . . . : 00000000
Node . . . . . . . . . : 089720524153
Frame type . . . . . . : Ethernet II




Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{24F42736-5981-4E7A-8FEE-80B7DB9CF7BF}
1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed
[WARNING] You don't have a single interface with the <00> 'WorkStation
Servi
ce', <03> 'Messenger Service', <20> 'WINS' names defined.


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Failed
[WARNING] Cannot find a primary authoritative DNS server for the
name
'DELLSERVER.admin.ak.'. [RCODE_SERVER_FAILURE]
The name 'DELLSERVER.admin.ak.' may not be registered in DNS.
[FATAL] Failed to fix: DC DNS entry admin.ak. re-registeration on DNS
serve
r '192.254.183.50' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.admin.ak.
re-registeration o
n DNS server '192.254.183.50' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
_ldap._tcp.Default-First-Site-Name._site
s.admin.ak. re-registeration on DNS server '192.254.183.50' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.pdc._msdcs.admin.ak.
re-regi
steration on DNS server '192.254.183.50' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.gc._msdcs.admin.ak.
re-regis
teration on DNS server '192.254.183.50' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
_ldap._tcp.Default-First-Site-Name._site
s.gc._msdcs.admin.ak. re-registeration on DNS server '192.254.183.50'
failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
_ldap._tcp.cc9cf395-5261-4837-81af-b3f4d
a938d0f.domains._msdcs.admin.ak. re-registeration on DNS server
'192.254.183.50
' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry gc._msdcs.admin.ak. re-registeration
on
DNS server '192.254.183.50' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
c0b4daa2-6320-469a-aee5-cc4fb5a1f921._ms
dcs.admin.ak. re-registeration on DNS server '192.254.183.50' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _kerberos._tcp.dc._msdcs.admin.ak.
re-r
egisteration on DNS server '192.254.183.50' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
_kerberos._tcp.Default-First-Site-Name._
sites.dc._msdcs.admin.ak. re-registeration on DNS server '192.254.183.50'
faile
d.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.dc._msdcs.admin.ak.
re-regis
teration on DNS server '192.254.183.50' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
_ldap._tcp.Default-First-Site-Name._site
s.dc._msdcs.admin.ak. re-registeration on DNS server '192.254.183.50'
failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _kerberos._tcp.admin.ak.
re-registerati
on on DNS server '192.254.183.50' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
_kerberos._tcp.Default-First-Site-Name._
sites.admin.ak. re-registeration on DNS server '192.254.183.50' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _gc._tcp.admin.ak. re-registeration
on
DNS server '192.254.183.50' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
_gc._tcp.Default-First-Site-Name._sites.
admin.ak. re-registeration on DNS server '192.254.183.50' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _kerberos._udp.admin.ak.
re-registerati
on on DNS server '192.254.183.50' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _kpasswd._tcp.admin.ak.
re-registeratio
n on DNS server '192.254.183.50' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _kpasswd._udp.admin.ak.
re-registeratio
n on DNS server '192.254.183.50' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Fix Failed: netdiag failed to re-register missing DNS entries
for th
is DC on DNS server '192.254.183.50'.
[FATAL] No DNS servers have the DNS records for this DC registered.


Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{24F42736-5981-4E7A-8FEE-80B7DB9CF7BF}
The redir is bound to 1 NetBt transport.

List of NetBt transports currently bound to the browser
NetBT_Tcpip_{24F42736-5981-4E7A-8FEE-80B7DB9CF7BF}
The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
No active remote access connections.


Modem diagnostics test . . . . . . : Passed


Netware configuration
You are not logged in to your preferred server .
Netware User Name. . . . . . . :
Netware Server Name. . . . . . :
Netware Tree Name. . . . . . . :
Netware Workstation Context. . :

IP Security test . . . . . . . . . : Passed
IPSec policy service is active, but no policy is assigned.


The command completed successfully

C:\Program Files\Support Tools>
 
Back
Top