Today's problem comes straight from work, and hopefully you can help.
I'm in a Windows 2003 native environment, and I'm having problems administering a specific DFS root from *some* systems. Let me explain.
From Server1, if I pull up the Distributed File System mmc snap-in, right-click and select "show root" I can browse for the one I'm looking for. We'll call it RootLink1. However, as soon as I click on it, I get a vicious "Access is Denied" error message.
Now if I do the same thing from Server2, everything comes up just peachy. Now, there used to be a server, Server6, that was the domain root for RootLink1. It was a DC that got dcpromo'd back down to newb status and isn't even a domain member right now.
The entry for the Server6 was still showing up in the list of hosts, so I ran dfsutil with every switch I could find. Now the entry for Server6 is gone, but I still get the "Access is Denied" error message. I've checked SPNs (only 1 suspicious one there), checked NTLM and inspected the status of Security Policies (gpresult and visual comparison of Server1 and Server2). I'm at a bit of a loss at the moment. Tomorrow I'll throw wireshark on there and actually debug the packets that are getting thrown around as the Event Log is giving me nada (It doesn't log anything).
Have you dealt with this before? A mystery...
No comments:
Post a Comment