Domains and Trust
So I got in this morning to start working with AD (prep for the move to Office365) tried to launch domains and trust and I receive the following error: "The configuration information describing this enterprise is not available. The target principal name is incorrect. I believe the secure connection is broken. At present, I cannot log on to the PDC emulator. I have 3 DC in total and its the PDC that's giving me problems. I believe this is stemming from a Kerberos error event id 5. Authentication against the PDC is still good however I cannot do anything with domains and trust.
I have read several posts about stopping KDC and resetting the password but I cannot gain access to the PDC.
This topic first appeared in the Spiceworks Community
Also what's the operation system of the affected servers in those two domains?
And what's the error message?
Whatever, it seems like a cross domain sharing issue and admin share is involved.
Please first see if this is the cause:
Error message when you try to access an administrative share on a Windows Vista-based computer from another Windows Vista-based computer that is a member of a workgroup: "Logon unsuccessful: Windows is unable to log you on"
http://support.microsoft.com/kb/947232
Please check if local account is actually using when accessing the admin share. Try with different domain account to see the result. Make sure the account does have permission to access.
If you have any feedback on our support, please send to [email protected]
Similar Messages
-
Hi,
Can someone please share what is the pros and Cons of trusting AD domain for more than 10 different AD sites into my existing single domain forest let say ParentCompany.com ?
At the moment I only have one single forest AD domain with the Domain and Forest functionality Windows Server 2003. The main domain controller FSMO role holder is in the Data Center spread across three different VMs running on Windows Server 2008 R2.
The main/parent company has acquired smaller business chain of 15+ offices in which they have their own Domain Controller and also their own domain, sometimes they also got the same AD domain between them (no trust or whatsoever in those 15+ AD domain).
Sounds crazy but yes, there is no standardization in them or whoever manage their IT infrastructure previously.
I'm now considering what are the benefits of creating the AD domain and trust versus importing those AD objects into my domain and then decommission them.
No need to worry about Exchange Server since all of the user in those sites connecting to the RDS to my ParentCompany.com terminal servers.
My requirements or goal are as follows:
1. Simplify the AD domain structure & maintenance
2. Try to avoid the disruptions of the user in terms of downtime and selecting multiple different domain everytime they login to their PC or SharePoint sites.
any kind of help and suggestion would be greatly appreciated.
Thanks.
/* Server Support Specialist */Can someone please share what is the pros and Cons of trusting AD domain for more than 10 different
AD sites into my existing single domain forest let say ParentCompany.com ?
I think you mean 10 AD domains.
Managing multiple domains can be difficult for administration. I usually recommend using a single domain in a single forest with OUs to separate resources whenever it is possible.
However, if you can't do that then you can simply create trust relationships between your domains. The advantage is that you can enable access to resources to different domains. I do not see cons here.
The main/parent company has acquired smaller business chain of 15+ offices in which they have
their own Domain Controller and also their own domain, sometimes they also got the same AD domain between them (no trust or whatsoever in those 15+ AD domain). Sounds crazy but yes, there is no standardization in them or whoever manage their IT infrastructure
previously.
I'm now considering what are the benefits of creating the AD domain and trust versus importing those
AD objects into my domain and then decommission them.
I would recommend consolidating your domains into a single one. ADMT is a migration tool that you can use. The advantage would be the ease of administration. Also, by having multiple DCs for the same domain across sites, you will take benefit of High Availability
of your and DRP.
This posting is provided AS IS with no warranties or guarantees , and confers no rights.
Ahmed MALEK
My Website Link
My Linkedin Profile
My MVP Profile -
Hi,
SharePoint 2010 Backup has been taken from production and restored through Semantic Tool in one of the server.The wepapplication of which the backup was taken is working fine.
But the problem is that the SharePoint is not working correctly.We cannot create any new webapplication ,cannot navigate to the ServiceApplications.aspx page it shows error.Even the Search and UserProfile Services of the existing Web Application is not working.Checking
the SharePoint Logs I found out the below exception
11/30/2011 12:14:53.78 WebAnalyticsService.exe (0x06D4) 0x2D24 SharePoint Foundation Database
8u1d High Flushing connection pool 'Data Source=urasvr139;Initial Catalog=SharePoint_Config;Integrated Security=True;Enlist=False;Connect Timeout=15'
11/30/2011 12:14:53.78 WebAnalyticsService.exe (0x06D4) 0x2D24 SharePoint Foundation Topology
2myf Medium Enabling the configuration filesystem and memory caches.
11/30/2011 12:14:53.79 WebAnalyticsService.exe (0x06D4) 0x12AC SharePoint Foundation Database
8u1d High Flushing connection pool 'Data Source=urasvr139;Initial Catalog=SharePoint_Config;Integrated Security=True;Enlist=False;Connect Timeout=15'
11/30/2011 12:14:53.79 WebAnalyticsService.exe (0x06D4) 0x12AC SharePoint Foundation Topology
2myf Medium Enabling the configuration filesystem and memory caches.
11/30/2011 12:14:55.54 mssearch.exe (0x0864) 0x2B24 SharePoint Server Search Propagation Manager
fo2s Medium [3b3-c-0 An] aborting all propagation tasks and propagation-owned transactions after waiting 300 seconds (0 indexes) [indexpropagator.cxx:1607] d:\office\source\search\native\ytrip\tripoli\propagation\indexpropagator.cxx
11/30/2011 12:14:55.99 OWSTIMER.EXE (0x1DF4) 0x1994 SharePoint Foundation Topology
75dz High The SPPersistedObject with
Name User Profile Service Application, Id 9577a6aa-33ec-498e-b198-56651b53bf27, Parent 13e1ef7d-40c2-4bcb-906c-a080866ca9bd failed to initialize with the following error: System.SystemException: The trust relationship between the primary domain and the trusted
domain failed. at System.Security.Principal.SecurityIdentifier.TranslateToNTAccounts(IdentityReferenceCollection sourceSids, Boolean& someFailed) at System.Security.Principal.SecurityIdentifier.Translate(IdentityReferenceCollection
sourceSids, Type targetType, Boolean forceSuccess) at System.Security.Principal.SecurityIdentifier.Translate(Type targetType) at Microsoft.SharePoint.Administration.SPAce`1.get_PrincipalName()
at Microsoft.SharePoint.Administration.SPAcl`1.Add(String princip...
11/30/2011 12:14:55.99* OWSTIMER.EXE (0x1DF4) 0x1994 SharePoint Foundation Topology
75dz High ...alName, String displayName, Byte[] securityIdentifier, T grantRightsMask, T denyRightsMask) at Microsoft.SharePoint.Administration.SPAcl`1..ctor(String persistedAcl)
at Microsoft.SharePoint.Administration.SPServiceApplication.OnDeserialization() at Microsoft.SharePoint.Administration.SPIisWebServiceApplication.OnDeserialization() at Microsoft.SharePoint.Administration.SPPersistedObject.Initialize(ISPPersistedStoreProvider
persistedStoreProvider, Guid id, Guid parentId, String name, SPObjectStatus status, Int64 version, XmlDocument state)
11/30/2011 12:14:56.00 OWSTIMER.EXE (0x1DF4) 0x1994 SharePoint Foundation Topology
8xqx High Exception in RefreshCache. Exception message :The trust relationship between the primary domain and the trusted domain failed.
11/30/2011 12:14:56.00 OWSTIMER.EXE (0x1DF4) 0x1994 SharePoint Foundation Timer
2n2p Monitorable The following error occured while trying to initialize the timer: System.SystemException: The trust relationship between the primary domain and the trusted domain failed. at System.Security.Principal.SecurityIdentifier.TranslateToNTAccounts(IdentityReferenceCollection
sourceSids, Boolean& someFailed) at System.Security.Principal.SecurityIdentifier.Translate(IdentityReferenceCollection sourceSids, Type targetType, Boolean forceSuccess) at System.Security.Principal.SecurityIdentifier.Translate(Type
targetType) at Microsoft.SharePoint.Administration.SPAce`1.get_PrincipalName() at Microsoft.SharePoint.Administration.SPAcl`1.Add(String principalName, String displayName, Byte[] securityIdentifier, T grantRightsMask,
T denyRightsMask) at Microsoft.SharePoint.Administrati...
11/30/2011 12:14:56.00* OWSTIMER.EXE (0x1DF4) 0x1994 SharePoint Foundation Timer
2n2p Monitorable ...on.SPAcl`1..ctor(String persistedAcl) at Microsoft.SharePoint.Administration.SPServiceApplication.OnDeserialization() at Microsoft.SharePoint.Administration.SPIisWebServiceApplication.OnDeserialization()
at Microsoft.SharePoint.Administration.SPPersistedObject.Initialize(ISPPersistedStoreProvider persistedStoreProvider, Guid id, Guid parentId, String name, SPObjectStatus status, Int64 version, XmlDocument state) at Microsoft.SharePoint.Administration.SPConfigurationDatabase.GetObject(Guid
id, Guid parentId, Guid type, String name, SPObjectStatus status, Byte[] versionBuffer, String xml) at Microsoft.SharePoint.Administration.SPConfigurationDatabase.GetObject(SqlDataReader dr) at Microsoft.SharePoint.Administration.SPConfigurationDatabase.RefreshCache(Int64
currentVe...
Please guide me on the above issue ,this will be of great help
Thanks.I have same error. Verified for trust , ports , cleaned up cache.. nothing has helped.
The problem is caused by User profile Synch Service:
UserProfileProperty_WCFLogging :: ProfilePropertyService.GetProfileProperties Exception: System.SystemException:
The trust relationship between the primary domain and the trusted domain failed. at System.Security.Principal.SecurityIdentifier.TranslateToNTAccounts(IdentityReferenceCollection sourceSids,
Boolean& someFailed) at System.Security.Principal.SecurityIdentifier.Translate(IdentityReferenceCollection sourceSids, Type targetType, Boolean forceSuccess) at System.Security.Principal.SecurityIdentifier.Translate(Type
targetType) at Microsoft.SharePoint.Administration.SPAce`1.get_PrincipalName() at Microsoft.SharePoint.Administration.SPAcl`1.Add(String principalName, String displayName, SPIdentifierType identifierType, Byte[]
identifier, T grantRightsMask, T denyRigh...
08/23/2014 13:00:20.96* w3wp.exe (0x2204)
0x293C SharePoint Portal Server User Profiles
eh0u Unexpected ...tsMask) at Microsoft.SharePoint.Administration.SPAcl`1..ctor(String persistedAcl)
at Microsoft.Office.Server.Administration.UserProfileApplication.get_SerializedAdministratorAcl() at Microsoft.Office.Server.Administration.UserProfileApplication.GetProperties() at Microsoft.Office.Server.UserProfiles.ProfilePropertyService.GetProfileProperties()
Please let me know if you any solution found for this?
Regards,
Kunal -
Moving SP2013 and SQL2008R2 to new domain - no trusts between domain
Hello,
I'm looking to move a customized installation of SharePoint 2013 (Microsoft server 2012 std VM) and it's db (SQL 2008 r2 VM) from one domain to another domain. There will be no trust between the domains and assume that no users or service accounts will be
migrated. Has anyone performed a similar operation? If so, can you provide guidance as to the best way to tackle this situation. Currently we plan on exporting the SP2013 VM from the old domain, importing (re-creating) that VM in the new domain and importing
the DB to an existing SQL server in the new domain. My concern is being able to log in to Central Admin afterwards because the domain accounts are no longer valid. Should we change all accounts to local admins first, detach the db and change those accounts
as well? Or would a totally different approach make more sense? Any help would be appreciated..
Thanks in advance,
AlexYou need to build a new SharePoint farm, changing SharePoint server's domain membership isn't supported.
What you'll do is build a new farm, create the Web Application(s), etc. and then restore SQL database backups from the old farm into the new farm.
Trevor Seward
Follow or contact me at...
  
This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs. -
WebLogic 8.1 JMS/MDB and Trusted Domain
I have a JMS Topic living in one WebLogic 8.1 domain and a MDB that listens to
this JMS Topic living in another domain. Do I need to configure trusted domain
relationship for both domains?
Not sure whether it is just me or not - the new security stuff in WebLogic 8.1
just makes life so much tougher.
Thanks for the suggestion anyways.
Eric
Tom Barnes <[email protected].bea.com>
wrote:
>Even though its meant for foreign providers, perhaps credential
>mapping would work? See:
>
>http://edocs.bea.com/wls/docs81/ejb/message_beans.html#1151409
>
>Also, you might want to try posting to the
>security and/or ejb newsgroups.
>
>Tom
>
>P.S. This question has come up before, so it seems likely
>that the security section of the MDB documentation
>may need more detail. If you post any feedback here,
>I'll make sure it gets sent directly to the
>documentation folks...
>
>Eric Ma wrote:
>
>> I have a JMS Topic living in one WebLogic 8.1 domain and a MDB that
>listens to
>> this JMS Topic living in another domain. Do I need to configure trusted
>domain
>> relationship for both domains?
>
-
ISE using 2 domains with trust established
Hi,
I need to authenticate wireless network users from two different domains
abc.company.com
cde.company.com
There is trust between domains and ISE joined abc.company.com and it can authenticate and authorize users without issues.
Users from cde.company.com cannot be authenticated (I don't even get to authorization part).
My identity source list has only External ID listed and when I see what is the reason of failure, message states that Authentication has failed (not authorization) because user cannot be found in any identity listed.
Now, users from abc and cde companies are logging with their usernames only. Should they try to login with cde.company\username or something?
Has anyone done this before?
Thanks.I have trust. I can get the user information with cde\user and [email protected], but authentication is still not working. So, I see the user, but it is still not being authenticated by the policy.
Here is log:
11001 Received RADIUS Access-Request
11017 RADIUS created a new session
Evaluating Service Selection Policy
15048 Queried PIP
15048 Queried PIP
15004 Matched rule
11507 Extracted EAP-Response/Identity
12300 Prepared EAP-Request proposing PEAP with challenge
11006 Returned RADIUS Access-Challenge
11001 Received RADIUS Access-Request
11018 RADIUS is re-using an existing session
12302 Extracted EAP-Response containing PEAP challenge-response and accepting PEAP as negotiated
12318 Successfully negotiated PEAP version 0
12800 Extracted first TLS record; TLS handshake started
12805 Extracted TLS ClientHello message
12806 Prepared TLS ServerHello message
12807 Prepared TLS Certificate message
12810 Prepared TLS ServerDone message
12305 Prepared EAP-Request with another PEAP challenge
11006 Returned RADIUS Access-Challenge
11001 Received RADIUS Access-Request
11018 RADIUS is re-using an existing session
12304 Extracted EAP-Response containing PEAP challenge-response
12318 Successfully negotiated PEAP version 0
12812 Extracted TLS ClientKeyExchange message
12804 Extracted TLS Finished message
12801 Prepared TLS ChangeCipherSpec message
12802 Prepared TLS Finished message
12816 TLS handshake succeeded
12509 EAP-TLS full handshake finished successfully
12305 Prepared EAP-Request with another PEAP challenge
11006 Returned RADIUS Access-Challenge
11001 Received RADIUS Access-Request
11018 RADIUS is re-using an existing session
12304 Extracted EAP-Response containing PEAP challenge-response
12313 PEAP inner method started
11521 Prepared EAP-Request/Identity for inner EAP method
12305 Prepared EAP-Request with another PEAP challenge
11006 Returned RADIUS Access-Challenge
11001 Received RADIUS Access-Request
11018 RADIUS is re-using an existing session
12304 Extracted EAP-Response containing PEAP challenge-response
11522 Extracted EAP-Response/Identity for inner EAP method
11806 Prepared EAP-Request for inner method proposing EAP-MSCHAP with challenge
12305 Prepared EAP-Request with another PEAP challenge
11006 Returned RADIUS Access-Challenge
11001 Received RADIUS Access-Request
11018 RADIUS is re-using an existing session
12304 Extracted EAP-Response containing PEAP challenge-response
11808 Extracted EAP-Response containing EAP-MSCHAP challenge-response for inner method and accepting EAP-MSCHAP as negotiated
Evaluating Identity Policy
15006 Matched Default Rule
15013 Selected Identity Store - AD-Suffolk
24430 Authenticating user against Active Directory
24412 User not found in Active Directory
22056 Subject not found in the applicable identity store(s)
22058 The advanced option that is configured for an unknown user is used
22062 The 'Drop' advanced option is configured in case of a failed authentication request
12315 PEAP inner method finished with failure
22028 Authentication failed and the advanced options are ignored -
Replication with Domain and Sub domain in Active directory sites and services
I seen many AD enviroments and know that when you have mutiple DCs you use Active Directory Sites and services to replicate using the NTDS Settings. If you have a Domain and sub domain do you need to do this as well or does it sync up automatically because
it's a sub domain? A see a couple of domains where the NTDS settings isn't being used to snyc with the child domain. Just wondering if that is normal or will it cause authentication errors?I seen many AD enviroments and know that when you have mutiple DCs you use Active Directory Sites and services to replicate using the NTDS Settings. If you have a Domain and sub domain do you need to do this as well or does it sync up automatically
because it's a sub domain? A see a couple of domains where the NTDS settings isn't being used to snyc with the child domain. Just wondering if that is normal or will it cause authentication errors?
Two way transitive trusts are configured automatically when you create a child domain or tree root domain. You don't have to worry about site/subnet or replication part at least from trust perspective. But make sure site's names are unique in each domain.
How Domain and Forest Trusts Work
http://technet.microsoft.com/en-us/library/cc773178%28v=ws.10%29.aspx
http://technet.microsoft.com/en-us/library/cc730868.aspx
http://blogs.technet.com/b/askds/archive/2008/09/24/domain-locator-across-a-forest-trust.aspx
Awinish Vishwakarma - MVP
My Blog: awinish.wordpress.com
Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights. -
RDS - .local domain and external users. Best way to get rid of SSL warnings
I am evaluating MS RDS as a possible solution for a VDI implementation at the college I work for. When we setup our AD years ago we set it up as a .local domain. I am running into issues with the .local machine name on the connection broker for
external users. I know for internal domain systems we can setup the self signed .local cert as a trusted root cert to bypass the self signed untrusted warning but for the bulk of our users which will be using systems external to our domain they
will get the SSL warning about the self signed certificate when they try to connect to a remote app or a desktop.
Initially I thought if I setup a local AD CA that we could setup a trust relationship with the SSL cert. After further reading I believe that this would only work for systems internal to our domain and we would still have the issue with external devices.
The other option would be to tell our users to click the box to never display the warning message again and to go on or to add the self signed cert to their trusted list. Of course when ever you ask the user to do something there will be issues. We
have also found that in our testing that we can not seem to connect via the web portal with a macbook. We get an error that there is a problem with the trust relationship with the server after we login and click on an app or a desktop to connect. We
have been able to connect with iOS devices.
We could of course rename the .local domain to a .edu domain which would permit us to use our wildcard certificate but that is a major undertaking that we don't want to cross at the moment. I think I might have some up with a solution and wanted to
bounce the idea off of those on this forum.
If we setup a second domain on campus that is not a .local. Join the non internet facing RDS systems to this new domain that would have a SSL cert that was trusted and then setup a full trust relationship between the two domains such that users and
systems in one domain could communicate with the systems in the other domain would that remove the certificate warnings for external users?Hi AKlein,
Initially I thought if I setup a local AD CA that we could setup a trust relationship with the SSL cert. After further reading I believe that this would only work for systems internal to our domain and we would
still have the issue with external devices.
Just add the root CA certificate of the internal CA into Trusted Root Certification Authorities store on external clients manually (or through group policy if there is an external domain), then SSL certificate warning would be gone.
We could of course rename the .local domain to a .edu domain which would permit us to use our wildcard certificate but that is a major undertaking that we don't want to cross at the moment.
Yes, renaming domain is not recommended due to its complexity.
If we setup a second domain on campus that is not a .local. Join the non internet facing RDS systems to this new domain that would have a SSL cert that was trusted and then setup a full trust relationship between
the two domains such that users and systems in one domain could communicate with the systems in the other domain would that remove the certificate warnings for external users?
If you are setting up a new domain with two way trust, then root CA certificate of the internal CA still needs to be distributed manually (or through group policy). If you are setting up a child domain, then enterprise CA would be trusted within the same
forest.
As long as there are enough external users and devices to manage, an external private network exists and extra domain management tasks are acceptable, then setting up a new domain is a good choice since domain provides secure boundary.
Or, you could just create a new site from the other network location, which saves you from creating a new domain, new users and trust.
Best Regards,
Amy
Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
[email protected] -
Migrate to new domain and new SCCM
The migration scenario is this:
All Clients are in Domain1 and are managed through SCCM 2012 with System Center Endpoint Protection 2012.
Some of the clients need to join a new domain and be managed through a new SCCM 2012 R2 server with System Center Endpoint Protection 2012 R2.
There are no trusts between the forests. Do we need to uninstall the SCCM 2012 Agent and SCEP 2012 and then install the new SCCM 2012 R2 Agent and SCEP 2012 R2?
Or can we just uninstall SCCM 2012 Agent only and keep SCEP 2012 and later install.There are multiple ways to go about it.
Assuming that the AD forest is properly extended and the new site's info is properly published, then you can simply run a script:
http://msdn.microsoft.com/en-us/library/cc146558.aspx
http://gallery.technet.microsoft.com/scriptcenter/Change-sccm-configmgr-cf6e0327/view/Discussions
If the two assumptions above aren't correct, then the client has no way of getting the trusted root key gracefully for the new site and running ccmsetup is the best way.
The ccmsetup bootstrapper will download files as needed from the closest DP but (from memory) won't redownload files if they are already present in the ccmsetup folder.
A client push is probably the easiest method to initiate ccmsetup because it can be managed from a central location -- just make sure you select the checkbox for always reinstall. Of course, as mentioned above, if someone has previously used the "group
policy" to assign the site to your clients, you'll need to clean up that mess first otherwise the clients will always try to assign to the old site.
Jason | http://blog.configmgrftw.com -
Users, domain and services logon problem
Hi all. I'm having several issues related to users in my farm (mostly service accounts, as it isn't in production yet). The farm is based on W2003 servers (except SQL which uses Windows 2008)
Domain is named sp.test.com , but when I create a web application that doesn't share the same domain name, the users are prompted to type for username and password, first try is a error because it search the user on the other domain, and
in the second one I'm able to type the correct domain.
I'll try to summarize
Domain name: sp.test.com
Web Application name: shop.mall.net (I leave the host header in blank so I can access directly with that address)
First try it only prompts for user/pass and returns an error no matter which combination of domain user and password I type. Second try by default I see the username by default is shop.mall.net\sharepointadmin , and not
sp.test.com\sharepointadmin which is where the user is stored in AD. I think this is also related with the SSP as it says it cannot find the username for provisioning account despite it exists in AD, but SSP is on a Web Application that
doesn't share domain name with the domain.
Thank you all in advance.
PS.- First time I posted on technet, sorry for not being clear or any mistake I could have made.The trouble is the browser thinks the URL is an internet site and as a security measure doesn't attempt to automatically log in.
Add the URL to your user's local intranet or trusted sites zones in IE.
Jason Warren
@jaspnwarren
jasonwarren.ca
habaneroconsulting.com/Insights -
Domain/Forest trust - is it being used?
Is there an easy way to tell whether a trust is actively being used? We have some old trusts that we'd like to remove but we want to see if anything is actively authenticating across the trust.
How can I do this?
TIA!> Is there an easy way to tell whether a trust is actively being used?
You could monitor TGS creation on your Domain Controllers. If your DC
issues TGS tickets for users from other domains, the trust is used.
Greetings/Grüße,
Martin
Mal ein
gutes Buch über GPOs lesen?
Good or bad GPOs? - my blog…
And if IT bothers me -
coke bottle design refreshment (-: -
Data Modeler 3.0 EA1: Importing domains and 2.0 model doesn't work
If I import (or open) a relational model from Modeler 2.0 which refers to domains, Modeler 3.0EA will not recognize the domains. I end up with a model full of "UNKNOWN" column types. I tried importing the domains first then importing the model, opening (or importing) the model and then the domains, and even importing the domains into the default domains set before opening the model. Nothing works; the column types will always be marked as UNKNOWN.
Is it me or a "known bug"?
Bert LavermanHi Bert,
Version 3.0 doesn't know anything about your domains - just copy defaultdomains.xml file from 2.0 installation (it's in datamodeler\domains directory) into 3.0 directory datamodeler\datamodeler\types.
Philip -
Cant join PC to domain and not able to send emails
Hi
I'm having a few issues with a SBS 2011 Standard server. To give you a setup overview
Server x1 (SBS 2011)
Workstations x6 (4 running Windows 7 Pro and 2 running Windows 8.1 Pro)
The server is used as domain controller and exchange. It doesn't host the web domain - emails are directed via a pop3 connector to exchange accounts
Main use for server is file sharing, domain control and exchange
The server and workstations connect into 8 way Ethernet switch
This switch is then connected in BT 2wire business hub
The LAN ran from 192.168.0.69 (server) to .70, .71 etc while BT hub was 192.168.0.253
OK now the problem.
Everything was setup and working fine until BT decided to block the IP from web. BT said to factory restart the hub which we did. This fixed the internet to hub but screwed up the LAN. The new hub IP was 192.168.1.254 so the LAN was moved from 192.168.0.x
to 192.168.1.x
The first issue I am having is that I cant join a new pc that was rebuilt to the network. I have tried joining via right clicking my computer and changing domain, but when I enter in the domain and admin password it says it cant find the domain?
I then tried the http://connect but that just loaded a blank page. I'm struggling as to how to connect this pc now. I tried to change the DNS on pc to the server LAN address but that didnt work either. I'm not sure if the domain controller is working or
if its another issue?ow.
Also on the pcs that are still connected, every time they login the mapped drives to the server dont open. the user has to try to open the drive and then enter in their username and password to open the drive. The drives are all shared correctly and this
is only happening now.
The 2nd issue I have is unclear as if its still a BT issue or not, but when a user tries to send an email the get an instant bounce back saying
COL004-MC1F51.hotmail.com gave this error: OU-002 (COL004-MC1F51) Unfortunately, messages from 86.XXX.92.XX weren't sent. Please contact your Internet service provider since
part of their network is on our block list.
This happens on a number of emails not just hotmail
When I checked that IP on the spam networks it had no record of it being blocked.the server has internet access ok and can receive emails fine, just not send them.
I dont know it both issues or connected or not.
would anyone have any ideas on what to try? first issue is getting this pc on the network. have been told that it needs all sorting for Monday morn, so any quick advice would be great.
thanks for any inputHi,
Could you please share the IP Address of the server ?
Make sure the server is set to Static IP Address. With one NIC card enabled. DNS IP should be pointing to the server IP itself.
On Client machine assign an IP address and make sure the DNS is set to Servers IP Address.
Once that is done , Try to ping the server.
Also ping connect from the client machine , Connect should show servers ip address.
Keep me posted.
Binu Kumar - MCP, MCITP, MCTS , MBA - IT , Director Aarbin Technology Pvt Ltd -
SBS 2011 Existing domain and the 21 day timer
I will be putting an SBS 2011 server into a Server 2088 R2 domain. There is no Exchange server in this domain.
Will I need to worry about the 21 day timer? From previous experience I believe the 21 day timer is tied to an Exchange server being in the domain. I am asking, because I would like to move the server into the domain and test some things before I start moving
the users into the SBS OUs, and migrating their email from the POP server onto the domain.
Thank you for any info!No, there is no 21 day issue migrating to SBS 2011 from standard server. Be sure you have restorable backups and are comfortable with moving the FSMO roles and go for it. Here is one guide to the process, and there are others:
http://www.techieshelp.com/step-by-step-guide-to-migrating-to-sbs-2011/
Larry Struckmeyer[MVP] If your question is answered please mark the response as the answer so that others can benefit. -
Deleted my domain and cant add a new domain
Hi all
I deleted my partner domain name inside the admin panel and when i try to add a new domain i get this error msg....
Error
Domain already exists. Please delete all records associated with this domain before re-adding it.
Can someone also tell me what the Advanced DNS Record is for cause i deleted that to and have no idee how i set this up :-/
Please, need help!Hi,
The issue here was that the domain was being locked for rebranding thus causing this error and preventing you to re-add the domain. I've since escalated this so we can unlocked the rebranded domain and then wipe clear so you can re-add the domain back into the site with all your DNS records applied as normal.
We'll respond back to your case ticket once resolved.
Thanks for your patience.
-Sidney
Maybe you are looking for
-
Outlook 2010 Won't Allow a User to Open Microsoft Office Attachments
Whenever the user attempts to open a Microsoft Office attachment (Word, Excel, PowerPoint, etc.) from Outlook they are greeted with this warning: Microsoft Excel ! The file is corrupt and cannot be opened. OK Was this
-
SQL Developer hangs when expanding table node
Hello All, One of my schemas has 3035 tables. When I expand the "Other Users" node, then the schema owner, then expand "Tables", SQL Developer hangs. I have allowed it to run (as it indicates it is working) for 45 minutes, but it never returns. I hav
-
Hi, I've Oracle 8.1.6 on Debian 2.2 rel.2. I'm trying to load java classes to my database. I can do it with PL/SQL package: "DBMS_JAVA". When I try to use command line utility: "loadjava" I get the message: loadjavasu: /ora/app/oracle/product/8.1.6/b
-
Cursor freezing 10.8.2
After I updated the sistem to 10.8.2 (three days ago) in my MacBookPro, the cursor is freezing everytime I leave the Mac alon for a couple of seconds. No problem if I use the keyboard or if I move the cursor, otherwise it freezes. To unfreeze I h
-
HI, I cant open the icloud suddenly on my pc