Domain Controller Cannot Locate Group Policy

  • Thread starter Thread starter Will
  • Start date Start date
W

Will

On a W2K Domain Controller, I'm unable to load group policy, and I get
messages when attempting to do this that the domain cannot be located.
There are messages in the eventviewer as well suggesting that
\\my.domain.com\sysvol\.... is not reachable.

I ran dcdiag /v and netdiag /v and those don't find errors. The following
command lines suggest some problem similar to what eventviewer shows:

- ping myserver.my.domain.com works

- ping my.domain.com works

- net view \\myserver.my.domain.com works

- dir \\myserver.my.domain.com\sysvol works

- net view \\my.domain.com FAILS

- dir \\my.domain.com\sysvol FAILS

Both of the failures get a command line response similar to "network
location cannot be reached".

I get the same result with NETBIOS Over TCP turned off and turned on.

What might cause the above symptoms?
 
We only have one domain controller in that forest, so I don't think we have
FRS problems. The problems to my eye look like some kind of DNS or NetBIOS
issue because DNS resolution of the name works but using the same name with
the double backslash \\my.domain.com fails.

--
Will


Paul Bergson said:
Sorry hit send to quick. You might also want to use Ultrasound to help
diagnose the problem
http://www.microsoft.com/downloads/...b9-c354-4f98-a823-24cc0da73b50&displaylang=en

--


Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA

This posting is provided "AS IS" with no warranties, and confers no rights.
Click to expand...
 
Alright, it appears though that you have a sysvol error.

Run diagnostics against your Active Directory domain.

If you don't have the tools installed, install them from your server install
disk.
d:\support\tools\setup.exe

Run dcdiag in verbose mode.

If you download a gui script I wrote it should be simple to set and run.

The script is at http://pbbergs.dynu.com/windows/windows.htm, download it
and save it to c:\program files\support tools\

Just select dcdiag and leave the defaults.

--


Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA

This posting is provided "AS IS" with no warranties, and confers no rights.


Will said:
We only have one domain controller in that forest, so I don't think we have
FRS problems. The problems to my eye look like some kind of DNS or NetBIOS
issue because DNS resolution of the name works but using the same name with
the double backslash \\my.domain.com fails.

--
Will


Paul Bergson said:
Sorry hit send to quick. You might also want to use Ultrasound to help
diagnose the problem
Click to expand...
http://www.microsoft.com/downloads/...b9-c354-4f98-a823-24cc0da73b50&displaylang=en
Click to expand...
 
Is there a simple way to just delete sysvol and have it recreate from
scratch? Since I don't have replication issues to worry about maybe that
would be more straightforward?
 
I've solved it: group policy apparently has a dependency on the TCP/IP
NetBIOS Helper service, *even when NETBIOS Over TCP is DISABLED*!!

There are quite a few hacks in Windows, and I guess I'll count this as one
of them. Go figure.
 
In
Will said:
I've solved it: group policy apparently has a dependency on the
TCP/IP NetBIOS Helper service, *even when NETBIOS Over TCP is
DISABLED*!!

There are quite a few hacks in Windows, and I guess I'll count this
as one of them. Go figure.
Click to expand...

Yes, there are a few services that don';t seem like they mean anything, but
are required. Another one is the DHCP Client service. Do not disable this
one. If you do, you will stop all DNS resolution services and DNS Dynamic
updates ability, whehter the machine has a static IP configuration or not.

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

If this post is viewed at a non-Microsoft community website, and you were to
respond to it through that community's website, I may not see your reply
unless that website posts replies back to the original Microsoft forum.
Therefore, please direct all replies ONLY to the Microsoft public newsgroup
this thread originated in so all can benefit or ensure the web community
posts it back to the original forum.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Windows Server Directory Services
Microsoft Certified Trainer
Infinite Diversities in Infinite Combinations.
=================================
 
Is there a good in depth discussion of all Windows services that would
discuss the pros and cons of leaving the service enabled/disabled? It's
clear on many of these services that you enable security holes by leaving
the service on, and disable some not-very-obvious functionality when you
turn them off. As usual it's not so clear cut what to leave on, and there
are lots of ugly tradeoffs to consider, depending on where the machine is
and what it does.
 
In
Will said:
Is there a good in depth discussion of all Windows services that would
discuss the pros and cons of leaving the service enabled/disabled?
It's clear on many of these services that you enable security holes
by leaving the service on, and disable some not-very-obvious
functionality when you turn them off. As usual it's not so clear
cut what to leave on, and there are lots of ugly tradeoffs to
consider, depending on where the machine is and what it does.
Click to expand...

Unfortunately Will, I do not have a link for this. I recognize the services
from experience, or I will look them up individually if I don't know or
remember what they do. If you go into a service's properties, it explains a
little about it.

:-)

Ace
 
Back
Top