Announcement

Collapse
No announcement yet.

Windows 2003 connectivity problems with Win & Mac clients

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Windows 2003 connectivity problems with Win & Mac clients

    I have a single Windows Server 2003 Std (32bit) AD domain controller that has cut off it's Mac clients. XP & Vista clients seem unaffected, but show unauthenticated in the Network Sharing Center (Vista) or cannot see the server name in the Network Places (Vista & XP). Network drives and manual browsing of the \\server work from the windows clients and from the Mac's if you use smbclient.

    The symptons on the Mac (10.4) are all classic if "digitally Sign Communications" haven't been disabled in the domain controller security policy. Of course, it has, as everything was working fine prior to this. Currently, they are not able to log on using AD accounts or manually browse the server or any computer on the network.

    The Mac clients aren't updating DNS at all. The Vista clients are getting A records, but no PTR's. XP's DNS seems fine. I uninstalled and reinstalled DNS on the server, but no change.

    I've tried verifying the secure channel to the clients, and from the server the query comes back as successful. It mentions th Mac's are not part of the domain, when they are and the accounts are still listed in AD.

    I've done sfc /scannow on the server as well as chkdsk and all is well. I'm at a loss. Any advice would be most excellent. To me it seems like a single root issue causing all these shenanigans. The Event Log on the server doesn't seem to be showing anything helpful.

  • #2
    Re: Windows 2003 connectivity problems with Win & Mac clients

    First, macintoshes cannot update DNS like Windows PCs can as there is no option on the mac to do so.

    Secondly in the Default Domain Controller policy, there are two policies concerning SMB signing. You only need to disable one of them:

    Microsoft network server: Digitally sign communications (always): Disabled
    Microsoft network server: Digitally sign communications (if client agrees): Enabled

    Also, check LAN Manager settings. Macs tend to use older NTLM if Kerberos authentication fails:

    Network security: LAN Manager authentication level: Send LM & NTLM - use NTLMv2 session security if negotiated.

    Comment


    • #3
      Re: Windows 2003 connectivity problems with Win & Mac clients

      LanMan is currently set to NTLM only. I can adjust this on Sunday afternoon or Monday. The Digitally Signed setting is already that way.

      I've read on another forum a user successfully had their Mac's updating DNS and am awaiting their response as to how. on a larger network how would this be managed? Use static IP's and manually update DNS for the Mac's?

      Thanks for the response.

      Comment


      • #4
        Re: Windows 2003 connectivity problems with Win & Mac clients

        We have 2 staffmemers who use their Macs on the network. Until recently they did not have reserved IP addresses, and there were no problems with updating DNS.
        Gareth Howells

        BSc (Hons), MBCS, MCP, MCDST, ICCE

        Any advice is given in good faith and without warranty.

        Please give reputation points if somebody has helped you.

        "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

        "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

        Comment


        • #5
          Re: Windows 2003 connectivity problems with Win & Mac clients

          What's your AD domain name? I am far from a Mac expert but I have seen in the past major DNS issues if the AD suffix is .local as Macs automatically use the .local suffix for themselves. Or something similar to that anyway, if you it you'll get loads of hits.
          BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
          sigpic
          Cruachan's Blog

          Comment


          • #6
            Re: Windows 2003 connectivity problems with Win & Mac clients

            Very good point. I tend to use .lan for the suffix.
            Gareth Howells

            BSc (Hons), MBCS, MCP, MCDST, ICCE

            Any advice is given in good faith and without warranty.

            Please give reputation points if somebody has helped you.

            "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

            "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

            Comment


            • #7
              Re: Windows 2003 connectivity problems with Win & Mac clients

              The domain is .local and what you say is true. Mac's use .local for Bonjour host lookups, however this is mitigated by adding local in the search Domains field in the Network system prefs. This was working for the last two years, then suddenly it isn't. I'm having problems with the Windows clients too, though they are much less severe.

              Anyway, I changed the Lan Manager setting as described. It had no effect. I am going to call into MS support. *sigh* I am suspecting something became corrupt.

              Comment


              • #8
                Re: Windows 2003 connectivity problems with Win & Mac clients

                To close this, I had two issues causing these symptoms. Primarily for the Mac's, on the server NetBIOS over TCP/IP was set to disabled. I have no freaking idea how that got that way. Once this was enabled, the Mac's could browse shares again. I un-joined one Mac from the domain early on and couldn't rejoin it. This was due to several SRV records for the domain name deleted in DNS. The MS support person who helped me through this recreated the records manually and mentioned they should have been created automatically when DNS was installed. I reinstalled DNS a couple months ago due to a large amount of event log errors that I couldn't seem to solve. Reinstalled DNS, then recreating the reverse lookup zone solved that, but some of the SRV records were not created that were critical in joining a Mac to the domain whereas a Windows client still would.

                As a side note, Vista using DHCP will not create PTR records on the server if you use a non-Microsoft DHCP server. You must check off "Use this connection's DNS suffix in DNS registration" in the advanced TCP/IP properties under the DNS tab. This also caused Vista to report and "unauthenticated" connection which check box fixed. XP doesn't suffer from this.

                Comment


                • #9
                  Re: Windows 2003 connectivity problems with Win & Mac clients

                  Thank you for posting back with your findings
                  Gareth Howells

                  BSc (Hons), MBCS, MCP, MCDST, ICCE

                  Any advice is given in good faith and without warranty.

                  Please give reputation points if somebody has helped you.

                  "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

                  "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

                  Comment

                  Working...
                  X