Today's problem comes straight from work, and hopefully you can help.
I'm in a Windows 2003 native environment, and I'm having problems administering a specific DFS root from *some* systems. Let me explain.
From Server1, if I pull up the Distributed File System mmc snap-in, right-click and select "show root" I can browse for the one I'm looking for. We'll call it RootLink1. However, as soon as I click on it, I get a vicious "Access is Denied" error message.
Now if I do the same thing from Server2, everything comes up just peachy. Now, there used to be a server, Server6, that was the domain root for RootLink1. It was a DC that got dcpromo'd back down to newb status and isn't even a domain member right now.
The entry for the Server6 was still showing up in the list of hosts, so I ran dfsutil with every switch I could find. Now the entry for Server6 is gone, but I still get the "Access is Denied" error message. I've checked SPNs (only 1 suspicious one there), checked NTLM and inspected the status of Security Policies (gpresult and visual comparison of Server1 and Server2). I'm at a bit of a loss at the moment. Tomorrow I'll throw wireshark on there and actually debug the packets that are getting thrown around as the Event Log is giving me nada (It doesn't log anything).
Have you dealt with this before? A mystery...
Monday, March 31, 2008
A new day, a new blog
Welcome to my newest addition to the web. Eventually this will hopefully grow into a more content-focused area of my ailing wintrusion.com domain. For the moment, my goal is to start providing some content that will actually have some meat to it. Somehow sharing my personal life just isn't nearly as interesting to me as it once was. And so this blog begins...
I have a fair amount of experience as a Microsoft Windows SA and I hope to post some of my adventures here for you. Hopefully you'll find that I come across unusual and challenging problems that may help you answer some of the more esoteric questions that you come across in your systems administration roles. I tend to find the problems that either require a vendor phone call or digging through 30+ pages of Google searches. Time to consolidate. Without further adieu, on to the first post!
I have a fair amount of experience as a Microsoft Windows SA and I hope to post some of my adventures here for you. Hopefully you'll find that I come across unusual and challenging problems that may help you answer some of the more esoteric questions that you come across in your systems administration roles. I tend to find the problems that either require a vendor phone call or digging through 30+ pages of Google searches. Time to consolidate. Without further adieu, on to the first post!
Subscribe to:
Posts (Atom)
