Re: GPO on member TS by Jeff
Jeff
Thu Jul 31 10:35:25 CDT 2003
Well, good that you figured that out. BTW, the private address space should
be 172.16.x.x if you want to repair that as well. That's a bit more work
though.
"Chris" <csanders@casnetworkservices.net> wrote in message
news:usNy2e3VDHA.3088@tk2msftngp13.phx.gbl...
> Jeff,
>
> I have figured out the problem here. The way that I was setup------
> Internal NIC
> 172.20.1.1 IP
> 255.255..0.0 Subnet
> No gateway
> 172.20.1.1 DNS
>
> External
> 192.168.1.253 IP
> 255.255.255.0 Subnet
> 192.168.1.1 gateway
> 205.152.187.254 DNS
> 205.152.144.235 DNS
>
> What was happeing here, is when I would attempt to open group policy, the
> server would put a query against my ISP DNS server for who is
> machine.domain.local.
> The ISP DNS server obviously had no idea, causing the error.
>
> I changed the DNS on the external nic to point to 172.20.1.1 and verified
> the binding order of the NICS. LAN, WAN, Remote connections.
>
> I then opened up DNS and setup forwarders to my ISP DNS, and then
performed
> a test against itself and against the ISP. Voila!! Problem solved!
>
> Thanks for your input!!
>
> "Jeff Middleton [SBS-MVP]" <jeff@cfisolutions.com> wrote in message
> news:u9CjuvwVDHA.2896@tk2msftngp13.phx.gbl...
> > No, that's still the shockwave after the explosion, we still don't have
a
> > cause there.
> >
> > However, trace back to when that started, and you have the point of
origin
> > of the problem. Probably going to coincide with a product upgrade, most
> > likely a service pack, maybe even a restore from tape. That is
definitely
> > the clue you want to hunt backwards though.
> >
> > "Chris" <csanders@casnetworkservices.net> wrote in message
> > news:uHyQGXwVDHA.3404@tk2msftngp13.phx.gbl...
> > > Jeff,
> > >
> > > in the application log, I am recieving event id 1001 source SceCli
> > > Description: Security policy cannoe be propogated. Cannot access the
> > > template. Error code=3.
> > > \\domain.local\sys.vol\domain.local\policies\{BLAH
> > > BLAH}\machine\microsoft\windwosNT\SecEdit\GptTmpl.inf
> > >
> > >
> > > The other
> > >
> > > Event ID 1000
> > > Source Userenv
> > > The group policy client side extension security was passed flags (17)
> and
> > > returned a failure code of (3).
> > >
> > > "Jeff Middleton [SBS-MVP]" <jeff@cfisolutions.com> wrote in message
> > > news:OfKyYKvVDHA.1704@TK2MSFTNGP11.phx.gbl...
> > > > nothing there rings a bell.
> > > >
> > > > You probably need to look at the event logs to see if you can
> determine
> > > when
> > > > the errors began to show up (assuming that there should be an
> indication
> > > of
> > > > some sort there), and then scan the entire computer for new files
> added
> > a
> > > > that time frame....see if you get any clues.
> > > >
> > > >
> > > > "Chris" <csanders@casnetworkservices.net> wrote in message
> > > > news:OEJbKnuVDHA.1832@TK2MSFTNGP09.phx.gbl...
> > > > > The only applications that are actually installed on the SBS are
> > Access
> > > 97
> > > > > Shavlik Lt, Veritas 9, APC PowerChute. Any idea? The TS is prretty
> > basic
> > > > > too. Office 97, without Outlook, Outlook 2002, Firewall Client,
and
> > > > Acrobat
> > > > > Reader.
> > > > > "Jeff Middleton [SBS-MVP]" <jeff@cfisolutions.com> wrote in
message
> > > > > news:uHAdM6tVDHA.1928@TK2MSFTNGP12.phx.gbl...
> > > > > > you are having fun, aren't ya?
> > > > > >
> > > > > > Guess you need to decide if you are an early adopter of an SP or
> > > patch,
> > > > or
> > > > > a
> > > > > > late adopter of same.
> > > > > >
> > > > > > Perhaps have you install 3rd party applications on these servers
> > that
> > > > have
> > > > > > the MDAC out of whack?
> > > > > >
> > > > > >
> > > > > > "Chris" <csanders@casnetworkservices.net> wrote in message
> > > > > > news:#AhkedsVDHA.3376@tk2msftngp13.phx.gbl...
> > > > > > > The thing that is bothering me with this Jeff, is the fact
that
> it
> > > is
> > > > > > > happening on two different systems. Meaning 2 seperate sbs
> servers
> > > and
> > > > 2
> > > > > > > seperate terminal servers. When I started to try to create the
> GPO
> > > on
> > > > a
> > > > > > > client's system, I ran into this problem. I then went to my
own
> > > > system,
> > > > > > and
> > > > > > > experienced the exact same problem. There is nothing special
> about
> > > the
> > > > > way
> > > > > > > they are configured. They are just plain vanilla
installations.
> > > > > > > "Jeff Middleton [SBS-MVP]" <jeff@cfisolutions.com> wrote in
> > message
> > > > > > > news:%23gma8OpVDHA.2104@TK2MSFTNGP10.phx.gbl...
> > > > > > > > We need to redefine this problem in the proper context. The
> > > problem
> > > > > you
> > > > > > > have
> > > > > > > > has really nothing to do with a TS configuration or really
> even
> > a
> > > > GPO
> > > > > > > issue,
> > > > > > > > you have an AD problem. If you get the error message you
> > > mentioned,
> > > > > you
> > > > > > > are
> > > > > > > > not looking to try the three alternatives that were offered,
> you
> > > > need
> > > > > to
> > > > > > > > resolve the root problem why you were not able to contact
the
> AD
> > > > > > subsystem
> > > > > > > > resources when working on the DC itself. The answer to this
is
> > > > likely
> > > > > to
> > > > > > > be
> > > > > > > > revealed by tracing the Event Viewer errors that are being
> > created
> > > > at
> > > > > > the
> > > > > > > > same time as you see these messages on screen. In addition,
> you
> > > > > probably
> > > > > > > are
> > > > > > > > getting errors following a reboot. The errors are likely
> showing
> > > up
> > > > in
> > > > > > > > several event logs, among them the Application, System,
> > Directory
> > > > > > Service,
> > > > > > > > and perhaps even the File Replication Service. You need to
> comb
> > > > > through
> > > > > > > > those and determine what is revealed from those hints, and
put
> > the
> > > > TS
> > > > > > > > configuration process on hold for now, that's really just a
> > > > > distraction
> > > > > > > for
> > > > > > > > now from the main problem.
> > > > > > > >
> > > > > > > >
> > > > > > > > "Chris" <csanders@casnetworkservices.net> wrote in message
> > > > > > > > news:#kYzN$oVDHA.2212@TK2MSFTNGP12.phx.gbl...
> > > > > > > > > Mark,
> > > > > > > > >
> > > > > > > > > The FRS service is running, and I have tested all of the
> items
> > > you
> > > > > > > mention
> > > > > > > > > in your paper. The problem still exists.
> > > > > > > > >
> > > > > > > > > "Mark Mancini" <info@NOSPAMmcse2000.com> wrote in message
> > > > > > > > > news:urB2q1jVDHA.2352@TK2MSFTNGP12.phx.gbl...
> > > > > > > > > > Either DNS is not setup right or you have a serious AD
> > > problem.
> > > > > > > First,
> > > > > > > > > > read me DNS paper in the download section of
mcse2000.com,
> > > > second
> > > > > > make
> > > > > > > > > sure
> > > > > > > > > > FRS service is not stopped.
> > > > > > > > > >
> > > > > > > > > > --
> > > > > > > > > > Sincerely,
> > > > > > > > > > Mark Mancini, CCA, CCNA, Master CIW&CI, CNE 4&5, MCSE+I
> > 4&2000
> > > > > > > > > > www.MCSE2000.com
> > > > > > > > > > www.AppLauncher.com
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > > "Chris" <csanders@casnetworkservices.net> wrote in
message
> > > > > > > > > > news:%23wy%23JqjVDHA.656@tk2msftngp13.phx.gbl...
> > > > > > > > > > > I am setting up a Win2K terminal server member to a
> SBS2K
> > > > > domain.
> > > > > > On
> > > > > > > > the
> > > > > > > > > > TS,
> > > > > > > > > > > we will need to have a few different groups created.
> Some
> > of
> > > > the
> > > > > > > users
> > > > > > > > > > will
> > > > > > > > > > > need access to run certain applications, while others
> not.
> > I
> > > > > have
> > > > > > > > > followed
> > > > > > > > > > > KB263070, but when I attempt to click on the Group
> Policy
> > > Tab
> > > > I
> > > > > > > > recieve
> > > > > > > > > > the
> > > > > > > > > > > error "The Domain controller for Group Policy
> operations
> > > is
> > > > > not
> > > > > > > > > > available.
> > > > > > > > > > > You may cancel this ioeratn for this session or retry
> > using
> > > > one
> > > > > of
> > > > > > > the
> > > > > > > > > > > following domain controller choices:
> > > > > > > > > > >
> > > > > > > > > > > The one with the Operations Master token for the PDC
> > > emulator
> > > > > > > > > > >
> > > > > > > > > > > The one used by the Active Directory Snap-ins
> > > > > > > > > > >
> > > > > > > > > > > Use any available domain controller.
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > > I have tried all three options to no avail. Any
> > suggestions?
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>