Computers on subnet not authenticating to SBS

Discussion in 'Windows Small Business Server' started by Keith, Jul 4, 2007.

  1. Keith

    Keith Guest

    The computers and file server in remote office don't appear to be
    authenticating to SBS domain.
    SBS and workstations at the main office are working normally, however the
    workstations and our Win 2003 server at the remote site are no longer able
    to connect to the SBS domain. They worked fine for about a year until last
    week.
    You cannot access shares, connect to Exchange, or conn

    SBS domain.
    A VPN connects the two sites, and we have verified that we can ping, and do
    NSlookups in both directions from all machines. We can freely access
    non-domain devices such as routers, printers, etc between the two subnets via
    HTTP. Today, I connected a laptop that was not part of this SBS domain to
    the network at the main office and was able to sucessfully perform a Remote
    Desktop connection to both the server and a workstation at the remote site.
    However, you cannot do this from any computer at the main office that is a
    member of the SBS domain.

    I noticed that when I was logged into the workstation at the remote office
    via RDC from my "non-domain-member" laptop, it appeared that it was not
    properly authenticated to the domain. The shares that are typically
    available were not listed. I also noticed the scripts for Trend Micro
    updates also "eventually" timed out during the login. Active directory
    lookups also failed from the remote workstation.

    I also noticed event messages that active directory updates are not occuring
    between the Win 2003 server at the remote site and the SBS server.

    I'm not sure if this is Active Directory problem or something else that is
    preventing the connections and authentication. Where might I dig from here.?
    We've been down for several days so things are heating up..
     
    Keith, Jul 4, 2007
    #1
    1. Advertisements

  2. Keith

    Claus Guest

    It sounds like a routing problem. In order to give you a hand we would need
    to know some details. Explain the infrastructure with the 2 subnets and IPs
    for the SBS box, remote server, the 2 VPN boxes. Post ipconfig /all from the
    2 servers, and one WS in each subnet.

    Also, when you check your DNS, do you see all WS in there? Do you have a
    reverse lookup zone for the second subnet?
     
    Claus, Jul 4, 2007
    #2
    1. Advertisements

  3. Keith

    Keith Guest

     
    Keith, Jul 4, 2007
    #3
  4. Hello Keith,

    Thanks for posting in our newsgroup and also for Claus's input.

    From you description, I know that you are experiencing VPN issue.

    Before we go further, please let me know the following information to make
    the situation more clearly:

    1. What the topology of your network?
    2. How do you create VPN on main office and remote side, with hardware
    router or ISA?
    3. If you use ISA, what is the version?
    4. If the Windows 2003 server in the remote site an additional DC?
    5. What important change did you made before the problem first occurs?
    6. Can the clients in the remote office logon the SBS domain successfully?
    If not, what's the error message?
    7. When you visit a network share from remote site by typing
    \\sbsserver\share, what the error message?

    Please help me collect the following information for further research:

    1. Please type ipconfig/all on the remote client and send me the output for
    further analysis.

    2. MPS Report on both Windows 2003 server and SBS 2003

    a. Visit
    http://download.microsoft.com/download/b/b/1/bb139fcb-4aac-4fe5-a579-30b0bd9
    15706/MPSRPT_DirSvc.EXE to download the file.
    b. Run the MPSRPT_DirSvc.exe on the server box.
    c. Wait for 10~15 minutes.
    d. Open Windows explorer, navigate to
    %SYSTEMROOT%\MPSReports\DirSvc\Logs\cab\
    e. Send the .cab file directly to me.

    Please send the information to with subject:
    39783853-Computers on subnet not authenticating to SBS.

    I am looking forward to hear from you.

    If you need further assistance, please don't hesitate to let me know.

    Best regards,

    Robert Li(MSFT)

    Microsoft CSS Online Newsgroup Support

    Get Secure! - www.microsoft.com/security

    =====================================================

    This newsgroup only focuses on SBS technical issues. If you have issues
    regarding other Microsoft products, you'd better post in the corresponding
    newsgroups so that they can be resolved in an efficient and timely manner.
    You can locate the newsgroup here:
    http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

    When opening a new thread via the web interface, we recommend you check the
    "Notify me of replies" box to receive e-mail notifications when there are
    any updates in your thread. When responding to posts via your newsreader,
    please "Reply to Group" so that others may learn and benefit from your
    issue.

    Microsoft engineers can only focus on one issue per thread. Although we
    provide other information for your reference, we recommend you post
    different incidents in different threads to keep the thread clean. In doing
    so, it will ensure your issues are resolved in a timely manner.

    For urgent issues, you may want to contact Microsoft CSS directly. Please
    check http://support.microsoft.com for regional support phone numbers.

    Any input or comments in this thread are highly appreciated.

    =====================================================

    This posting is provided "AS IS" with no warranties, and confers no rights.

    --------------------
    <Thread-Topic: Computers on subnet not authenticating to SBS
    <thread-index: Ace90DjuhvtYHYUUR6unPmcXSH+FZg==
    <X-WBNR-Posting-Host: 207.46.19.197
    <From: =?Utf-8?B?S2VpdGg=?= <>
    <Subject: Computers on subnet not authenticating to SBS
    <Date: Tue, 3 Jul 2007 17:14:00 -0700
    <Lines: 35
    <Message-ID: <>
    <MIME-Version: 1.0
    <Content-Type: text/plain;
    < charset="Utf-8"
    <Content-Transfer-Encoding: 7bit
    <X-Newsreader: Microsoft CDO for Windows 2000
    <Content-Class: urn:content-classes:message
    <Importance: normal
    <Priority: normal
    <X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2826
    <Newsgroups: microsoft.public.windows.server.sbs
    <Path: TK2MSFTNGHUB02.phx.gbl
    <Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:48046
    <NNTP-Posting-Host: tk2msftsbfm01.phx.gbl 10.40.244.148
    <X-Tomcat-NG: microsoft.public.windows.server.sbs
    <
    <The computers and file server in remote office don't appear to be
    <authenticating to SBS domain.
    <SBS and workstations at the main office are working normally, however the
    <workstations and our Win 2003 server at the remote site are no longer
    able
    <to connect to the SBS domain. They worked fine for about a year until
    last
    <week.
    <You cannot access shares, connect to Exchange, or conn
    <
    <SBS domain.
    <A VPN connects the two sites, and we have verified that we can ping, and
    do
    <NSlookups in both directions from all machines. We can freely access
    <non-domain devices such as routers, printers, etc between the two subnets
    via
    <HTTP. Today, I connected a laptop that was not part of this SBS domain to
    <the network at the main office and was able to sucessfully perform a
    Remote
    <Desktop connection to both the server and a workstation at the remote
    site.
    <However, you cannot do this from any computer at the main office that is a
    <member of the SBS domain.
    <
    <I noticed that when I was logged into the workstation at the remote office
    <via RDC from my "non-domain-member" laptop, it appeared that it was not
    <properly authenticated to the domain. The shares that are typically
    <available were not listed. I also noticed the scripts for Trend Micro
    <updates also "eventually" timed out during the login. Active directory
    <lookups also failed from the remote workstation.
    <
    <I also noticed event messages that active directory updates are not
    occuring
    <between the Win 2003 server at the remote site and the SBS server.
    <
    <I'm not sure if this is Active Directory problem or something else that is
    <preventing the connections and authentication. Where might I dig from
    here.?
    < We've been down for several days so things are heating up..
    <
    <
    <
    <
    <
     
    Robert Li [MSFT], Jul 4, 2007
    #4
  5. Hi,

    Thanks for updating.

    I researched your logs, there are many errors about DNS, System, and
    Replication, also I noticed you installed Windows 2003 SP2 on WATSONREMOTE
    server. Please take the follow steps;

    Step 1: Please disable Receive Side on WATSONREMOTE server. This is known
    issue when you install Windows 2003 SP2.

    To do this, follow these steps:

    1. Click Start, click Run, type regedit, and then click OK.
    2. Locate and then click the following registry subkey:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
    3. On the Edit menu, point to New, click DWORD Value, and then type
    EnableRSS.
    4. Double-click EnableRSS, type 0, and then click OK.
    5. Restart the computer on which you changed the EnableRSS value.

    More information:

    927695 You cannot host TCP connections when Receive Side Scaling is enabled
    in Windows Server 2003 with Service Pack 2

    http://support.microsoft.com/default.aspx?scid=kb;EN-US;927695

    Step 2: After you modify the registry on WATSONREMOTE server, please
    monitor on SBS server for sometime to see if DNS 4004 and 4015 will
    disappear. If that will not disappear, the issue may occur if the DNS zone
    information is corrupted. Please follow the steps below and see if the
    events are still recorded:

    A. Open Active Directory Users and Computers, click View, Advanced.
    B. Expand domain.local -> System -> MicrosoftDNS and delete domain.local.
    C. Open the DNS console, expand Forward Lookup Zones.
    D. Click _msdcs.domain.local and delete the Alias for
    sbsserver.domain.local (the long GUID entry).

    NOTE: If the _msdcs folder is missing under domain.local, please create a
    new delegation: Right-click domain.local, select new, then delegation,
    click next on the wizard, under delegated domain, type in _msdcs and click
    next, click Add and browse to the server''s A record under Forward Lookup
    Zones, domain.local, click OK and Finish.

    E. Stop and Restart Netlogon service.
    F. Run "ipconfig /registerdns"

    Step 2: This could also be a network and DNS issue. Please run the CEICW
    wizard and make sure the DNS configuration is correct on the SBS server.

    825763 How to configure Internet access in Windows Small Business Server
    2003

    http://support.microsoft.com/?id=825763

    Hope the information helps.

    I am looking forward to hear from you.

    If you need further assistance, please don't hesitate to let me know.

    Best regards,

    Robert Li(MSFT)

    Microsoft CSS Online Newsgroup Support

    Get Secure! - www.microsoft.com/security

    =====================================================

    This newsgroup only focuses on SBS technical issues. If you have issues
    regarding other Microsoft products, you'd better post in the corresponding
    newsgroups so that they can be resolved in an efficient and timely manner.
    You can locate the newsgroup here:
    http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

    When opening a new thread via the web interface, we recommend you check the
    "Notify me of replies" box to receive e-mail notifications when there are
    any updates in your thread. When responding to posts via your newsreader,
    please "Reply to Group" so that others may learn and benefit from your
    issue.

    Microsoft engineers can only focus on one issue per thread. Although we
    provide other information for your reference, we recommend you post
    different incidents in different threads to keep the thread clean. In doing
    so, it will ensure your issues are resolved in a timely manner.

    For urgent issues, you may want to contact Microsoft CSS directly. Please
    check http://support.microsoft.com for regional support phone numbers.

    Any input or comments in this thread are highly appreciated.

    =====================================================

    This posting is provided "AS IS" with no warranties, and confers no rights.

    --------------------
    <X-Tomcat-ID: 145463545
    <References: <>
    <MIME-Version: 1.0
    <Content-Type: text/plain
    <Content-Transfer-Encoding: 7bit
    <From: (Robert Li [MSFT])
    <Organization: Microsoft
    <Date: Wed, 04 Jul 2007 11:38:26 GMT
    <Subject: RE: Computers on subnet not authenticating to SBS
    <X-Tomcat-NG: microsoft.public.windows.server.sbs
    <Message-ID: <Uix6Z$>
    <Newsgroups: microsoft.public.windows.server.sbs
    <Lines: 147
    <Path: TK2MSFTNGHUB02.phx.gbl
    <Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:48125
    <NNTP-Posting-Host: tomcatimport2.phx.gbl 10.201.218.182
    <
    <Hello Keith,
    <
    <Thanks for posting in our newsgroup and also for Claus's input.
    <
    <From you description, I know that you are experiencing VPN issue.
    <
    <Before we go further, please let me know the following information to make
    <the situation more clearly:
    <
    <1. What the topology of your network?
    <2. How do you create VPN on main office and remote side, with hardware
    <router or ISA?
    <3. If you use ISA, what is the version?
    <4. If the Windows 2003 server in the remote site an additional DC?
    <5. What important change did you made before the problem first occurs?
    <6. Can the clients in the remote office logon the SBS domain successfully?
    <If not, what's the error message?
    <7. When you visit a network share from remote site by typing
    <\\sbsserver\share, what the error message?
    <
    <Please help me collect the following information for further research:
    <
    <1. Please type ipconfig/all on the remote client and send me the output
    for
    <further analysis.
    <
    <2. MPS Report on both Windows 2003 server and SBS 2003
    <
    <a. Visit
    <http://download.microsoft.com/download/b/b/1/bb139fcb-4aac-4fe5-a579-30b0bd
    9
    <15706/MPSRPT_DirSvc.EXE to download the file.
    <b. Run the MPSRPT_DirSvc.exe on the server box.
    <c. Wait for 10~15 minutes.
    <d. Open Windows explorer, navigate to
    <%SYSTEMROOT%\MPSReports\DirSvc\Logs\cab\
    <e. Send the .cab file directly to me.
    <
    <Please send the information to with subject:
    <39783853-Computers on subnet not authenticating to SBS.
    <
    <I am looking forward to hear from you.
    <
    <If you need further assistance, please don't hesitate to let me know.
    <
    <Best regards,
    <
    <Robert Li(MSFT)
    <
    <Microsoft CSS Online Newsgroup Support
    <
    <Get Secure! - www.microsoft.com/security
    <
    <=====================================================
    <
    <This newsgroup only focuses on SBS technical issues. If you have issues
    <regarding other Microsoft products, you'd better post in the corresponding
    <newsgroups so that they can be resolved in an efficient and timely manner.
    <You can locate the newsgroup here:
    <http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
    <
    <When opening a new thread via the web interface, we recommend you check
    the
    <"Notify me of replies" box to receive e-mail notifications when there are
    <any updates in your thread. When responding to posts via your newsreader,
    <please "Reply to Group" so that others may learn and benefit from your
    <issue.
    <
    <Microsoft engineers can only focus on one issue per thread. Although we
    <provide other information for your reference, we recommend you post
    <different incidents in different threads to keep the thread clean. In
    doing
    <so, it will ensure your issues are resolved in a timely manner.
    <
    <For urgent issues, you may want to contact Microsoft CSS directly. Please
    <check http://support.microsoft.com for regional support phone numbers.
    <
    <Any input or comments in this thread are highly appreciated.
    <
    <=====================================================
    <
    <This posting is provided "AS IS" with no warranties, and confers no rights.
    <
    <--------------------
    <<Thread-Topic: Computers on subnet not authenticating to SBS
    <<thread-index: Ace90DjuhvtYHYUUR6unPmcXSH+FZg==
    <<X-WBNR-Posting-Host: 207.46.19.197
    <<From: =?Utf-8?B?S2VpdGg=?= <>
    <<Subject: Computers on subnet not authenticating to SBS
    <<Date: Tue, 3 Jul 2007 17:14:00 -0700
    <<Lines: 35
    <<Message-ID: <>
    <<MIME-Version: 1.0
    <<Content-Type: text/plain;
    << charset="Utf-8"
    <<Content-Transfer-Encoding: 7bit
    <<X-Newsreader: Microsoft CDO for Windows 2000
    <<Content-Class: urn:content-classes:message
    <<Importance: normal
    <<Priority: normal
    <<X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2826
    <<Newsgroups: microsoft.public.windows.server.sbs
    <<Path: TK2MSFTNGHUB02.phx.gbl
    <<Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:48046
    <<NNTP-Posting-Host: tk2msftsbfm01.phx.gbl 10.40.244.148
    <<X-Tomcat-NG: microsoft.public.windows.server.sbs
    <<
    <<The computers and file server in remote office don't appear to be
    <<authenticating to SBS domain.
    <<SBS and workstations at the main office are working normally, however
    the
    <<workstations and our Win 2003 server at the remote site are no longer
    <able
    <<to connect to the SBS domain. They worked fine for about a year until
    <last
    <<week.
    <<You cannot access shares, connect to Exchange, or conn
    <<
    <<SBS domain.
    <<A VPN connects the two sites, and we have verified that we can ping, and
    <do
    <<NSlookups in both directions from all machines. We can freely access
    <<non-domain devices such as routers, printers, etc between the two subnets
    <via
    <<HTTP. Today, I connected a laptop that was not part of this SBS domain
    to
    <<the network at the main office and was able to sucessfully perform a
    <Remote
    <<Desktop connection to both the server and a workstation at the remote
    <site.
    <<However, you cannot do this from any computer at the main office that is
    a
    <<member of the SBS domain.
    <<
    <<I noticed that when I was logged into the workstation at the remote
    office
    <<via RDC from my "non-domain-member" laptop, it appeared that it was not
    <<properly authenticated to the domain. The shares that are typically
    <<available were not listed. I also noticed the scripts for Trend Micro
    <<updates also "eventually" timed out during the login. Active directory
    <<lookups also failed from the remote workstation.
    <<
    <<I also noticed event messages that active directory updates are not
    <occuring
    <<between the Win 2003 server at the remote site and the SBS server.
    <<
    <<I'm not sure if this is Active Directory problem or something else that
    is
    <<preventing the connections and authentication. Where might I dig from
    <here.?
    << We've been down for several days so things are heating up..
    <<
    <<
    <<
    <<
    <<
    <
    <
     
    Robert Li [MSFT], Jul 5, 2007
    #5
  6. Hi Keith,

    Thanks for your reply.

    I am sorry for the delay.

    I research the logs again, there are many AD, DNS, Replication problems.

    Yes, you can rebuild the DNS records, but the information in the remote in
    remote site will not be updated if the replication is not working properly.
    I believe the MS telephone Engineer is right. So I suggest you still work
    with the CSS person. Thanks for your understanding.

    If you need further assistance, please don't hesitate to let me know.

    Best regards,

    Robert Li(MSFT)

    Microsoft CSS Online Newsgroup Support

    Get Secure! - www.microsoft.com/security

    =====================================================

    This newsgroup only focuses on SBS technical issues. If you have issues
    regarding other Microsoft products, you'd better post in the corresponding
    newsgroups so that they can be resolved in an efficient and timely manner.
    You can locate the newsgroup here:
    http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

    When opening a new thread via the web interface, we recommend you check the
    "Notify me of replies" box to receive e-mail notifications when there are
    any updates in your thread. When responding to posts via your newsreader,
    please "Reply to Group" so that others may learn and benefit from your
    issue.

    Microsoft engineers can only focus on one issue per thread. Although we
    provide other information for your reference, we recommend you post
    different incidents in different threads to keep the thread clean. In doing
    so, it will ensure your issues are resolved in a timely manner.

    For urgent issues, you may want to contact Microsoft CSS directly. Please
    check http://support.microsoft.com for regional support phone numbers.

    Any input or comments in this thread are highly appreciated.

    =====================================================

    This posting is provided "AS IS" with no warranties, and confers no rights.

    --------------------
    <X-Tomcat-ID: 148920570
    <References: <>
    <Uix6Z$>
    <MIME-Version: 1.0
    <Content-Type: text/plain
    <Content-Transfer-Encoding: 7bit
    <From: (Robert Li [MSFT])
    <Organization: Microsoft
    <Date: Thu, 05 Jul 2007 11:56:22 GMT
    <Subject: RE: Computers on subnet not authenticating to SBS
    <X-Tomcat-NG: microsoft.public.windows.server.sbs
    <Message-ID: <#>
    <Newsgroups: microsoft.public.windows.server.sbs
    <Lines: 268
    <Path: TK2MSFTNGHUB02.phx.gbl
    <Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:48343
    <NNTP-Posting-Host: tomcatimport2.phx.gbl 10.201.218.182
    <
    <Hi,
    <
    <Thanks for updating.
    <
    <I researched your logs, there are many errors about DNS, System, and
    <Replication, also I noticed you installed Windows 2003 SP2 on WATSONREMOTE
    <server. Please take the follow steps;
    <
    <Step 1: Please disable Receive Side on WATSONREMOTE server. This is known
    <issue when you install Windows 2003 SP2.
    <
    < To do this, follow these steps:
    <
    <1. Click Start, click Run, type regedit, and then click OK.
    <2. Locate and then click the following registry subkey:
    <HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
    <3. On the Edit menu, point to New, click DWORD Value, and then type
    <EnableRSS.
    <4. Double-click EnableRSS, type 0, and then click OK.
    <5. Restart the computer on which you changed the EnableRSS value.
    <
    <More information:
    <
    <927695 You cannot host TCP connections when Receive Side Scaling is
    enabled
    <in Windows Server 2003 with Service Pack 2
    <
    <http://support.microsoft.com/default.aspx?scid=kb;EN-US;927695
    <
    <Step 2: After you modify the registry on WATSONREMOTE server, please
    <monitor on SBS server for sometime to see if DNS 4004 and 4015 will
    <disappear. If that will not disappear, the issue may occur if the DNS zone
    <information is corrupted. Please follow the steps below and see if the
    <events are still recorded:
    <
    <A. Open Active Directory Users and Computers, click View, Advanced.
    <B. Expand domain.local -> System -> MicrosoftDNS and delete domain.local.
    <C. Open the DNS console, expand Forward Lookup Zones.
    <D. Click _msdcs.domain.local and delete the Alias for
    <sbsserver.domain.local (the long GUID entry).
    <
    <NOTE: If the _msdcs folder is missing under domain.local, please create a
    <new delegation: Right-click domain.local, select new, then delegation,
    <click next on the wizard, under delegated domain, type in _msdcs and click
    <next, click Add and browse to the server''s A record under Forward Lookup
    <Zones, domain.local, click OK and Finish.
    <
    <E. Stop and Restart Netlogon service.
    <F. Run "ipconfig /registerdns"
    <
    <Step 2: This could also be a network and DNS issue. Please run the CEICW
    <wizard and make sure the DNS configuration is correct on the SBS server.
    <
    < 825763 How to configure Internet access in Windows Small Business Server
    <2003
    <
    <http://support.microsoft.com/?id=825763
    <
    <Hope the information helps.
    <
    <I am looking forward to hear from you.
    <
    <If you need further assistance, please don't hesitate to let me know.
    <
    <Best regards,
    <
    <Robert Li(MSFT)
    <
    <Microsoft CSS Online Newsgroup Support
    <
    <Get Secure! - www.microsoft.com/security
    <
    <=====================================================
    <
    <This newsgroup only focuses on SBS technical issues. If you have issues
    <regarding other Microsoft products, you'd better post in the corresponding
    <newsgroups so that they can be resolved in an efficient and timely manner.
    <You can locate the newsgroup here:
    <http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
    <
    <When opening a new thread via the web interface, we recommend you check
    the
    <"Notify me of replies" box to receive e-mail notifications when there are
    <any updates in your thread. When responding to posts via your newsreader,
    <please "Reply to Group" so that others may learn and benefit from your
    <issue.
    <
    <Microsoft engineers can only focus on one issue per thread. Although we
    <provide other information for your reference, we recommend you post
    <different incidents in different threads to keep the thread clean. In
    doing
    <so, it will ensure your issues are resolved in a timely manner.
    <
    <For urgent issues, you may want to contact Microsoft CSS directly. Please
    <check http://support.microsoft.com for regional support phone numbers.
    <
    <Any input or comments in this thread are highly appreciated.
    <
    <=====================================================
    <
    <This posting is provided "AS IS" with no warranties, and confers no rights.
    <
    <--------------------
    <<X-Tomcat-ID: 145463545
    <<References: <>
    <<MIME-Version: 1.0
    <<Content-Type: text/plain
    <<Content-Transfer-Encoding: 7bit
    <<From: (Robert Li [MSFT])
    <<Organization: Microsoft
    <<Date: Wed, 04 Jul 2007 11:38:26 GMT
    <<Subject: RE: Computers on subnet not authenticating to SBS
    <<X-Tomcat-NG: microsoft.public.windows.server.sbs
    <<Message-ID: <Uix6Z$>
    <<Newsgroups: microsoft.public.windows.server.sbs
    <<Lines: 147
    <<Path: TK2MSFTNGHUB02.phx.gbl
    <<Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:48125
    <<NNTP-Posting-Host: tomcatimport2.phx.gbl 10.201.218.182
    <<
    <<Hello Keith,
    <<
    <<Thanks for posting in our newsgroup and also for Claus's input.
    <<
    <<From you description, I know that you are experiencing VPN issue.
    <<
    <<Before we go further, please let me know the following information to
    make
    <<the situation more clearly:
    <<
    <<1. What the topology of your network?
    <<2. How do you create VPN on main office and remote side, with hardware
    <<router or ISA?
    <<3. If you use ISA, what is the version?
    <<4. If the Windows 2003 server in the remote site an additional DC?
    <<5. What important change did you made before the problem first occurs?
    <<6. Can the clients in the remote office logon the SBS domain
    successfully?
    <<If not, what's the error message?
    <<7. When you visit a network share from remote site by typing
    <<\\sbsserver\share, what the error message?
    <<
    <<Please help me collect the following information for further research:
    <<
    <<1. Please type ipconfig/all on the remote client and send me the output
    <for
    <<further analysis.
    <<
    <<2. MPS Report on both Windows 2003 server and SBS 2003
    <<
    <<a. Visit
    <<http://download.microsoft.com/download/b/b/1/bb139fcb-4aac-4fe5-a579-30b0b
    d
    <9
    <<15706/MPSRPT_DirSvc.EXE to download the file.
    <<b. Run the MPSRPT_DirSvc.exe on the server box.
    <<c. Wait for 10~15 minutes.
    <<d. Open Windows explorer, navigate to
    <<%SYSTEMROOT%\MPSReports\DirSvc\Logs\cab\
    <<e. Send the .cab file directly to me.
    <<
    <<Please send the information to with subject:
    <<39783853-Computers on subnet not authenticating to SBS.
    <<
    <<I am looking forward to hear from you.
    <<
    <<If you need further assistance, please don't hesitate to let me know.
    <<
    <<Best regards,
    <<
    <<Robert Li(MSFT)
    <<
    <<Microsoft CSS Online Newsgroup Support
    <<
    <<Get Secure! - www.microsoft.com/security
    <<
    <<=====================================================
    <<
    <<This newsgroup only focuses on SBS technical issues. If you have issues
    <<regarding other Microsoft products, you'd better post in the
    corresponding
    <<newsgroups so that they can be resolved in an efficient and timely
    manner.
    <<You can locate the newsgroup here:
    <<http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
    <<
    <<When opening a new thread via the web interface, we recommend you check
    <the
    <<"Notify me of replies" box to receive e-mail notifications when there are
    <<any updates in your thread. When responding to posts via your newsreader,
    <<please "Reply to Group" so that others may learn and benefit from your
    <<issue.
    <<
    <<Microsoft engineers can only focus on one issue per thread. Although we
    <<provide other information for your reference, we recommend you post
    <<different incidents in different threads to keep the thread clean. In
    <doing
    <<so, it will ensure your issues are resolved in a timely manner.
    <<
    <<For urgent issues, you may want to contact Microsoft CSS directly. Please
    <<check http://support.microsoft.com for regional support phone numbers.
    <<
    <<Any input or comments in this thread are highly appreciated.
    <<
    <<=====================================================
    <<
    <<This posting is provided "AS IS" with no warranties, and confers no
    rights.
    <<
    <<--------------------
    <<<Thread-Topic: Computers on subnet not authenticating to SBS
    <<<thread-index: Ace90DjuhvtYHYUUR6unPmcXSH+FZg==
    <<<X-WBNR-Posting-Host: 207.46.19.197
    <<<From: =?Utf-8?B?S2VpdGg=?= <>
    <<<Subject: Computers on subnet not authenticating to SBS
    <<<Date: Tue, 3 Jul 2007 17:14:00 -0700
    <<<Lines: 35
    <<<Message-ID: <>
    <<<MIME-Version: 1.0
    <<<Content-Type: text/plain;
    <<< charset="Utf-8"
    <<<Content-Transfer-Encoding: 7bit
    <<<X-Newsreader: Microsoft CDO for Windows 2000
    <<<Content-Class: urn:content-classes:message
    <<<Importance: normal
    <<<Priority: normal
    <<<X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2826
    <<<Newsgroups: microsoft.public.windows.server.sbs
    <<<Path: TK2MSFTNGHUB02.phx.gbl
    <<<Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:48046
    <<<NNTP-Posting-Host: tk2msftsbfm01.phx.gbl 10.40.244.148
    <<<X-Tomcat-NG: microsoft.public.windows.server.sbs
    <<<
    <<<The computers and file server in remote office don't appear to be
    <<<authenticating to SBS domain.
    <<<SBS and workstations at the main office are working normally, however
    <the
    <<<workstations and our Win 2003 server at the remote site are no longer
    <<able
    <<<to connect to the SBS domain. They worked fine for about a year until
    <<last
    <<<week.
    <<<You cannot access shares, connect to Exchange, or conn
    <<<
    <<<SBS domain.
    <<<A VPN connects the two sites, and we have verified that we can ping, and
    <<do
    <<<NSlookups in both directions from all machines. We can freely access
    <<<non-domain devices such as routers, printers, etc between the two
    subnets
    <<via
    <<<HTTP. Today, I connected a laptop that was not part of this SBS domain
    <to
    <<<the network at the main office and was able to sucessfully perform a
    <<Remote
    <<<Desktop connection to both the server and a workstation at the remote
    <<site.
    <<<However, you cannot do this from any computer at the main office that is
    <a
    <<<member of the SBS domain.
    <<<
    <<<I noticed that when I was logged into the workstation at the remote
    <office
    <<<via RDC from my "non-domain-member" laptop, it appeared that it was not
    <<<properly authenticated to the domain. The shares that are typically
    <<<available were not listed. I also noticed the scripts for Trend Micro
    <<<updates also "eventually" timed out during the login. Active directory
    <<<lookups also failed from the remote workstation.
    <<<
    <<<I also noticed event messages that active directory updates are not
    <<occuring
    <<<between the Win 2003 server at the remote site and the SBS server.
    <<<
    <<<I'm not sure if this is Active Directory problem or something else that
    <is
    <<<preventing the connections and authentication. Where might I dig from
    <<here.?
    <<< We've been down for several days so things are heating up..
    <<<
    <<<
    <<<
    <<<
    <<<
    <<
    <<
    <
    <
     
    Robert Li [MSFT], Jul 10, 2007
    #6
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.