Shared network resources cannot accessible after a while

Discussion in 'Server Networking' started by Nime, Apr 17, 2009.

  1. Hello Nime,

    This "backup" is none, because it creates lot's of domain internal problems,
    also GPO's can not be applied correct, you realize the share problems and
    still som more can occur.

    With a domain setup you should also have at least 2 DC/DNS/GC and maybe a
    split DHCP server's available. So if one DNS is down you have still a second
    available. Ofcourse the clients need the ip address as secondary on the NIC.

    Best regards

    Meinolf Weber
     
    Meinolf Weber [MVP-DS], Apr 20, 2009
    #21
    1. Advertisements

  2. Hello Nime,

    I would strongly recommend to redesign your network. You will always run
    in this kind of problems when you keep it. There will be always the next
    problem come up when one is resolved.

    Do yourself a favour and redesign. We all are willing to help you with that,
    if you need additional information about to do it.

    Best regards

    Meinolf Weber
     
    Meinolf Weber [MVP-DS], Apr 20, 2009
    #22
    1. Advertisements

  3. Nime

    Nime Guest

    Thank you for kind responses, all.
     
    Nime, Apr 20, 2009
    #23
  4. I think my network is pretty centralized, users only access a public folder

    Nime,

    What you are running into is a non standard designed network. Your network
    is most likely one of a kind and unless you change it to the standard design
    or call in a consultant to actually study your network for a while you
    really can't get much help.


    DDS


     
    Danny Sanders, Apr 20, 2009
    #24
  5. The DNS doesn't even point to itself,...on *either* nic.

    (I wanted to ride the train too guys :) )

    --
    Phillip Windell
    www.wandtv.com

    The views expressed, are my own and not those of my employer, or Microsoft,
    or anyone else associated with me, including my cats.
     
    Phillip Windell, Apr 20, 2009
    #25
  6. ################# WEB SERVER / Not in domain - my gateway


    According to your posted IPconfigs 192.168.35.203 is your webserver AND your
    DNS server?

    DDS

     
    Danny Sanders, Apr 20, 2009
    #26
  7. [snipped]



    Nime,

    There are a number of problems with the DC.

    First, as others have mentioned, the external DNS addresses MUST be removed:
    Also, the domain controller should NOT be multihomed. This causes numerous
    issues with AD. If you need it multihomed, I can post a series of steps to
    configure it to work properly with the multihoming, that includes registry
    alterations to make it work.

    Also, a BIGGER problem, the domain controller has a condition called a
    disjointed namespace. The Primary DNS Suffix is missing. This will cause it
    to not register into DNS, which is a huge problem for clients and itself.

    Ace
     
    Ace Fekay [Microsoft Certified Trainer], Apr 21, 2009
    #27
  8. Nime, please read my other post about the disjointed namespace and the
    multihoming issue (not recommended unless you want to make changes in the
    registry to make the DC work). I mentioned the DNS external IPs, but
    everyone pretty much told you about not to use them. External DNS entries
    always causes problems with AD. It is a known fact.

    Ace
     
    Ace Fekay [Microsoft Certified Trainer], Apr 21, 2009
    #28
  9. Nime

    Nime Guest

    OK, I removed them...

    But I cannot access a folder on WEBSERVER which one is not a member of the domain.
    I also use webserver's DNS, and use webserver as default gateway.
    I mean I don't see any relation between my lost /forgotten/not working
    user/pass and domain controller's AD. Because I use WEBSERVER's user account
    to access shares, not my domain username.

    Now I'm preparing a test machine -will not be member of the domain
    then I will examine if it will fail or not... to access a public folder of DC or
    WEBSERVER's...
     
    Nime, Apr 21, 2009
    #29
  10. Nime, I suggest you stop now. Engage a consultant in to help you. Unless
    this is a test/lab network you need to get it cleaned up properly. I don't
    mean to sound harsh, but it would appear that this is not your area of
    expertise. There is no shame in that - I don't know how to overhaul an
    automobile transmission or prepare corporate tax returns. But your questions
    indicate that this job may be beyond your current skillset and a newsgroup
    thread is probably not sufficient to provide you with the help you need.
     
    Lanwench [MVP - Exchange], Apr 21, 2009
    #30
  11. Does WEBSERVER's DNS server host the AD zone? If not, do not use it.

    Using WEBSERVER's user accounts means you are using its local user accounts,
    wihch are NOT part of the domain, so therefore, how is AD supposed to
    enumerate and accept the credentials? If you want to use WEBSERVER's user
    accounts, create identical accounts on the domain.

    Also, a more pressing issue is the disjointed namespace. Notice your
    ipconfig /all of the DC has not Primary DNS SUffix? This is a MAJOR concern
    that WILL affect AD functionality.

    There is much going on with your network. It is not a standardized nor
    centralized setup. Some of the things I noticed you are doing are not norm
    with AD, and is difficult to support. If it were centralized, it would ease
    your administrative functions, but they do not seem to be. With an AD
    environment, we rely on AD for security and authentication, yet you are
    using a non-AD account in an attempt to access AD resources.

    Also, the multihomed DC will cause issues with AD. That was why I
    recommended disabling the WAN NIC and getting a router to perform this
    function. But from the looks of it, I do not believe you want to use your AD
    account. I am not sure how to help in this case other than recommending to
    create duplicate accounts with identical passwords, but once again, this is
    not norm, and can cause security loopholes and backdoors, and trying to keep
    track of what you are doing is difficult to support.

    Ace
     
    Ace Fekay [Microsoft Certified Trainer], Apr 21, 2009
    #31
  12. Nime

    Nime Guest

    THE PROBLEM SEEMS FIXED

    I did what you adviced and all folders open as expected,
    without any delay. No printer connection has been lost again.

    By the way, I want to say you all big THANKS : )
    I hope this feedback make you pleased, I know you
    are here for this, to help people, thank you again...
     
    Nime, Apr 24, 2009
    #32

  13. Good to hear!

    Does that mean you fixed the disjointed namespace problem, too?

    Ace
     
    Ace Fekay [Microsoft Certified Trainer], Apr 24, 2009
    #33
  14. Nime

    Nime Guest

    Yeah, I've searched the net and found your comments on somewhere : ) Ace Fekay is everywhere : )


    I ran again DNS server on DC, set a primary DNS suffix, etc...
     
    Nime, Apr 24, 2009
    #34
  15. Well, interesting to know! I'm glad I was able to help out, as well as all
    of us in the newsgroup.

    Cheers!

    Ace
     
    Ace Fekay [Microsoft Certified Trainer], Apr 24, 2009
    #35
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.