Security issues in Win2000 server

  • Thread starter Thread starter Jim
  • Start date Start date
J

Jim

we have a 10 server farm, each running windows 2000
server. We have 1 pdc that went down and we still have a
fully functional bdc. the pdc went down a couple weeks
ago and just this week one of our member servers(only
running one application and SQL 2000) stopped resolving
user names to give them access to that share. for
example, we have one folder that has all documents in it
and we need everyone in the co. to access it. when i
right click on the folder, do the properties thing and go
to the security tab, i try to add users to that tab to
give them any kind of access, their name shows up
correctly until i click apply, then it has trouble
resolving the name and reverts it back to just a long
number starting with "S" at the beginning. it just looks
like some kind of ID. seems that something happened with
dns, security, AD, we just can't locate the problem.
Again, running windows 2000 sp4 with SQL 2000 on it and
this is the only server it's happening to. please help!
 
Did u promote the BDC to PDC? , Where is your Global Catalog?, Did Your
Active Directory is Fully functional!!!? I guess that u can solve the
problem fixing ur Domain Controller!!!
 
the global catalog is on the bdc and active directory is
fully functional. the pdc will be coming back up in the
next week or so but the pdc being down didn't have
anything to do with resolution of user names on the
domain. that was working on this server for a couple
weeks while the pdc was down and just a couple days ago,
users were being edited for rights on that specific folder
during the work day and that might be what messed it up.
and yes, the bdc was promoted to the pdc in case it went
down, it is acting as the pdc, then when the pdc comes
back up, roles will go back to normal. we just need to
know if there's a fix for this before we get the pdc back
up and running. any help would be appreciated, thanks!
 
The bdc term refers to a NT4.0 domain controller on a W2K domain. There are no bdc
roles for W2K domain controllers so I am not sure about your configuration. If the
remaining "bdc" computer is a W2K domain controller try configuring your problem
computer to point to it as the first preferred dns server in it's tcp/ip properties
as your issue may be dns related. It may also help to run netdiag on that computer
from the free support tools to see if it reports any pertaining failed
tests/errors/warnings such as dns, dclist discovery, or domain membership/secure
channel. If the "bdc" is a W2K domain controller for the domain, make sure it also
has itself listed in it's list of dns preferred dns servers by it's static IP address
and run netdiag /fix on it and then restart the netlogon service. --- Steve
 
I'm using the term "bdc" just to let you know that in our
w2k domain, we have a server setup to act as the pdc if
the pdc ever went down. It is actually called our
NTServer. the problem computer has its DNS IP pointing to
the NTServer since the pdc went down. I tried to run the
netdiag on the problem server(from the cmd line) but it
didn't seem to do anything, is it something that just runs
for a second in the background? or am I not doing it
right? and am I supposed to be restarting the netlogon
service on that computer or the NTserver? the netlogon
service is not even running on the problem server and is
set to manual. My manager set that up. also, the first
time I tried to just log off the problem computer and log
on with a local admin, I logged back on with the network
admin and it seems I've lost more rights now. I can't
even get into TCP/IP properties. I'm affraid to reboot
the server and damage it anymore. Please advise..thank you
for your help!
-----Original Message-----
The bdc term refers to a NT4.0 domain controller on a W2K domain. There are no bdc
roles for W2K domain controllers so I am not sure about your configuration. If the
remaining "bdc" computer is a W2K domain controller try configuring your problem
computer to point to it as the first preferred dns server in it's tcp/ip properties
as your issue may be dns related. It may also help to run netdiag on that computer
from the free support tools to see if it reports any pertaining failed
tests/errors/warnings such as dns, dclist discovery, or domain membership/secure
channel. If the "bdc" is a W2K domain controller for the domain, make sure it also
has itself listed in it's list of dns preferred dns
Click to expand...
servers by it's static IP address
 
Netdiag and dcdiag are part of the support tools. They are on the install cdrom in
the support/tools folder where you will have to run the setup to install them as a
group. You may also be able to download them from the Microsoft website. Netdiag
should take a couple minutes to run and needs to be executed from the folder where it
is installed as it is not in a path folder by default. A folder called Windows
Support Tools should show on the programs menu after you install them and a shortcut
to the command prompt for that folder.

You would want to run netdiag /fix and then restart netlogon on your W2K domain
controller you refer to as NTserver, particularly if you need to reconfigure it to
point to itself as it's preferred dns server.

If you are having problems logging onto a domain computer with a domain administrator
account, that may indicate a problem with networking configuration/connectivity in
that it can not contact and set up a secure channel to the domain controller. Netdiag
will display any specific information about that as being an issue. --- Steve

http://www.microsoft.com/windows2000/techinfo/reskit/tools/existing/netdiag-o.asp
http://support.microsoft.com/default.aspx?scid=kb;en-us;321708 -- how to use
netdiag
 
Steve, I thank you very much for all your help...I am
actually going to hold off on installing anything on the
problem server for a couple days because it's starting to
give us more problems now. We just lost our windows task
bar on the bottom yet we can get to everything using the
keyboard. its like the task bar is permanently hiding on
us. as soon as we get this fixed, I'll try the netdiag
and post up how it worked. Thanks again!
-----Original Message-----
Netdiag and dcdiag are part of the support tools. They are on the install cdrom in
the support/tools folder where you will have to run the setup to install them as a
group. You may also be able to download them from the Microsoft website. Netdiag
should take a couple minutes to run and needs to be
Click to expand...
executed from the folder where it
 
Back
Top