Announcement

Collapse
No announcement yet.

remote office clients cannot connect to Active Directory?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • remote office clients cannot connect to Active Directory?

    Hi everyone,

    I am sorry that I am going to be a little vague but I am not exactly sure what the problem is. I have been troubleshooting it now for a couple of days and I am not sure if I am any closer to a solution.

    I have a SBS 2003 server in the head office in city A (Site A.) I have some clients in city B (Site B.) XP clients from Site B aren't able to access resources properly on my SBS server in Site A. There is a site-to-site VPN between the two sites.

    Some history:
    There used to be a server at Site B as well as a different ISP. At the same time the ISP was changed as well as the server (an additional DC in the domain) removed. The server was removed after the machine died, so it had to be removed manually from the AD/DNS, etc.

    I am experiencing almost identical symptoms to this post: http://forums.petri.com/showthread.php?p=110781 but setting the MTU to 1390 on the client has not fixed the issue. I haven't tried to set the MTU to anything lower or higher but the ping test works fine even at 1400+

    I have done the following on a PC in Site B (and many other things that I can't presently recall ...):
    - I set the IP address/DNS/WINS manually
    - I can ping the server in Site A
    - I can nslookup from the server in Site A ... everything resolves OK
    - I have removed the PC from the domain, renamed it, re-joined it using the SBS Connectcomputer wizard (twice) always successfully
    - I have run numerous netdiag, dcdiag, etc test with /fix and other switches
    Some interesting (annoying) items of note:
    - I can connect via VNC to the machines in Site B from the server in Site A but all I can see is a blank/black screen. The user can see the cursor moving
    - I cannot connect to the PCs in Site B via RDP even though Remote Desktop is enabled. The connections time out.
    - Firewalls on PCs are disabled

    Any thoughts or input would be most appreciated.
    Thanks,
    B.

    The netdiag output is here:

    ......................................
    Computer Name: PC05
    DNS Host Name: PC05.domain.com.au
    System info : Windows 2000 Professional (Build 2600)
    Processor : x86 Family 15 Model 6 Stepping 5, GenuineIntel
    List of installed hotfixes :
    (deleted for clarity)

    Netcard queries test . . . . . . . : Passed

    Per interface results:
    Adapter : Local Area Connection
    Netcard queries test . . . : Passed
    Host Name. . . . . . . . . : PC05.domain.com.au
    IP Address . . . . . . . . : 192.168.30.151
    Subnet Mask. . . . . . . . : 255.255.255.0
    Default Gateway. . . . . . : 192.168.30.1
    Primary WINS Server. . . . : 192.168.40.250
    Dns Servers. . . . . . . . : 192.168.40.250

    AutoConfiguration results. . . . . . : Passed
    Default gateway test . . . : Passed
    NetBT name test. . . . . . : Passed
    [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names is missing.
    WINS service test. . . . . : Passed

    Global results:

    Domain membership test . . . . . . : Passed

    NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
    NetBT_Tcpip_{1E2E06C7-AF5A-428D-B56E-0A940DDA23EE}
    1 NetBt transport currently configured.

    Autonet address test . . . . . . . : Passed

    IP loopback ping test. . . . . . . : Passed

    Default gateway test . . . . . . . : Passed

    NetBT name test. . . . . . . . . . : Passed
    [WARNING] You don't have a single interface with the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names defined.

    Winsock test . . . . . . . . . . . : Passed

    DNS test . . . . . . . . . . . . . : Passed

    Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
    NetBT_Tcpip_{1E2E06C7-AF5A-428D-B56E-0A940DDA23EE}
    The redir is bound to 1 NetBt transport.
    List of NetBt transports currently bound to the browser
    NetBT_Tcpip_{1E2E06C7-AF5A-428D-B56E-0A940DDA23EE}
    The browser is bound to 1 NetBt transport.

    DC discovery test. . . . . . . . . : Passed

    DC list test . . . . . . . . . . . : Failed
    [WARNING] Cannot call DsBind to sbs01.domain.com.au (192.168.40.250). [ERROR_INTERNAL_ERROR]

    Trust relationship test. . . . . . : Passed
    [WARNING] Don't have access to test your domain sid for domain 'DOMAIN'.
    [Test skipped]
    Secure channel for domain 'DOMAIN' is to '\\sbs01.domain.com.au'.

    Kerberos test. . . . . . . . . . . : Failed
    [FATAL] Kerberos does not have a ticket for host/PC05.domain.com.au.

    LDAP test. . . . . . . . . . . . . : Failed
    [FATAL] Cannot do Negotiate authenticated ldap_bind to 'sbs01.domain.com.au': Local Error.
    [WARNING] Failed to query SPN registration on DC 'sbs01.domain.com.au'.
    [FATAL] No LDAP servers work in the domain 'DOMAIN'.

    Bindings test. . . . . . . . . . . : Passed

    WAN configuration test . . . . . . : Skipped
    No active remote access connections.

    Modem diagnostics test . . . . . . : Passed
    IP Security test . . . . . . . . . : Passed
    Service status is: Started
    Service startup is: Automatic
    IPSec service is available, but no policy is assigned or active
    Note: run "ipseccmd /?" for more detailed information

    The command completed successfully

  • #2
    Re: remote office clients cannot connect to Active Directory?

    Are you able to manually connect to ldap on your DC from a computer where you can't authenticate?
    VCP on vSphere (4), MCITP:EA/DBA, MCTS:Blahblah

    Comment

    Working...
    X