Thanks John, I thought that I would share this with all of you. The problem that we are having, low and behold is described in the following article. Q294811
So I guess it goes back to the testing phase. Once again thanks to all that assisted. Kind regards, Yusuf -----Original Message----- From: Bjelke John A Contr AFRL/VSIO [mailto:[EMAIL PROTECTED]] Sent: 08 October, 2002 17:25 To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Netlogon Service Yusuf, we wrestled with the same issue for a while and Microsoft addressed it on Technet http://support.microsoft.com/default.aspx?scid=kb;en-us;Q301381 ...it was a problem with the version of msgina.dll. SP3 is supposed to correct this, though when we had the issue it was pre-sp3 release and MS gave us a hotfix. If you have reasons to avoid deploying SP3, you might want to contact MS and try to get just the msgina hotfix. John A. Bjelke UNISYS Systems administrator Supporting AFRL Kirtland AFB 505.853.6774 [EMAIL PROTECTED] -----Original Message----- From: Mayet, Yusuf Y [mailto:[EMAIL PROTECTED]] Sent: Tuesday, October 08, 2002 7:53 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Netlogon Service Once again Rick Thanks You for your assistance. However after running Gpresult and analysing there seems to be no problem. Just to throw a spanner in the works. The random users have also told us that they are having password related issues. Here is the example: The user is prompted to change his password on Day1. He does so and carries on working for the rest of the day, at the end of the day he locks his workstation. On Day2 when he unlocks his workstation on he is prompted once again to change his password. (and his password is meant to expire only in 14 days) Why would this happen?? What I have noticed however is that if a user changes his password on Day1 and performs a "Logoff" and "Logon" The next day he is not prompted to change his password. Thanks, Yusuf -----Original Message----- From: Rick Kingslan [mailto:[EMAIL PROTECTED]] Sent: 08 October, 2002 00:15 To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Netlogon Service See reply inline below...... -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Mayet, Yusuf Y Sent: Monday, October 07, 2002 10:21 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Netlogon Service The problem I am having is this. We have a Domain Policy which I have enabled the security option for a "Message Title" to be displayed to the user. And in true Windows fashion this "Domain Policy" should apply to all computers in the Domain. But there are random users in the Domain that are not getting this policy applied to their computers. Also am I correct in saying that the Group Policy will apply to the "Computers" not the Users ?? [RTK} Yes - this is absolutely correct. The section of the GP that you're working with does apply only to the Computer object - not to the User object. So my question is if they are being authenticated by a Domain Controller then verily they should be applying the Group Policy as well. Why are they not receiving the correct Group Policy. [RTK] Well, this is the question. The condition that normally causes this is that the computer object is not in an OU - a computer cannot reside in the default Computer container and have GP applied to it. The Computer container is the folder that you would see in the AD U&C tool as a simple folder - not an Organizational Unit. I would employ GPRESULT and GPOTOOL (two tools that are found in the Windows 2000 Server Resource Kit). If you want to pipe the output to a text file and .ZIP it up then e-mail it to me, I'll be happy to review it. Otherwise, with a little bit of concentration and common sense, the output should lend a hand in idetifying the problem. The fact that it is applying to some and not all tends to lead me to believe that the problem is where the computer objects ARE (i.e. the computer container....) Thanks, Yusuf [RTK] You're welcome! Rick Kingslan - Microsoft MVP [Windows NT/2000] Microsoft Certified Trainer MCSA, MCSE+I - Windows NT / 2000 "Any sufficiently advanced technology is indistinguishable from magic." --- Arthur C. Clarke -----Original Message----- From: Rick Kingslan [mailto:[EMAIL PROTECTED]] Sent: 07 October, 2002 15:29 To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Netlogon Service Yusuf, What problem(s) are you experiencing? Give us details, and I'ms sure that the good folks here will be able to assist. Rick Kingslan - Microsoft Certified Trainer MCSE+I on Windows NT 4.0 MCSE on Windows 2000 MVP [Windows NT/2000 Server] "Any sufficiently advanced technology is indistinguishable from magic." --- Arthur C. Clarke -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Mayet, Yusuf Y Sent: Monday, October 07, 2002 6:13 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Netlogon Service Rick, Thanks for the reply. We are currently running a mixed environment. NT4.0, W2K and .NET[RC1] The reason we had "Disabled" the NETLOGON Service was due to an issue we are experiencing with access for users from Trusted Domains. Does anyone have any suggestions as to how I can get away without causing more issues? Thanks, Yusuf -----Original Message----- From: Rick Kingslan [mailto:[EMAIL PROTECTED]] Sent: 04 October, 2002 22:04 To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Netlogon Service On a DC, NetLogon does the following: * Registers and maintains ALL SRV records for that DC. * Can be restarted to automatically update changes, or to simply reregister any SRV records * Enumerates the sites and subnet objects to determine which site contains which subnets * Determines the site of the client performing a discovery and returns the client's site in the discovery response. So, given this information - AD isn't going to deal with it very well at all. Effectively, NetLogon is a requirement in the Windows 2000 AD structure. Rick Kingslan - Microsoft Certified Trainer MCSE+I on Windows NT 4.0 MCSE on Windows 2000 MVP [Windows NT/2000 Server] "Any sufficiently advanced technology is indistinguishable from magic." --- Arthur C. Clarke -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Mayet, Yusuf Y Sent: Friday, October 04, 2002 1:49 PM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] Netlogon Service Does anyone know what adverse effects a "Directory Service" will experience if the NETLOGON Service is Disabled on a Domain Controller ??? Thanks, Yusuf ______________________________________________ Disclaimer and confidentiality note Everything in this e-mail and any attachments relating to the official business of Standard Bank Group Limited is proprietary to the company. It is confidential, legally privileged and protected by law. Standard Bank does not own and endorse any other content. Views and opinions are those of the sender unless clearly stated as being that of Standard Bank. The person addressed in the e-mail is the sole authorised recipient. Please notify the sender immediately if it has unintentionally reached you and do not read, disclose or use the content in any way. Standard Bank can not assure that the integrity of this communication has been maintained nor that it is free of errors, virus, interception or interference. _______________________________________________ ______________________________________________ Disclaimer and confidentiality note Everything in this e-mail and any attachments relating to the official business of Standard Bank Group Limited is proprietary to the company. It is confidential, legally privileged and protected by law. Standard Bank does not own and endorse any other content. Views and opinions are those of the sender unless clearly stated as being that of Standard Bank. The person addressed in the e-mail is the sole authorised recipient. Please notify the sender immediately if it has unintentionally reached you and do not read, disclose or use the content in any way. Standard Bank can not assure that the integrity of this communication has been maintained nor that it is free of errors, virus, interception or interference. _______________________________________________ ______________________________________________ Disclaimer and confidentiality note Everything in this e-mail and any attachments relating to the official business of Standard Bank Group Limited is proprietary to the company. It is confidential, legally privileged and protected by law. Standard Bank does not own and endorse any other content. Views and opinions are those of the sender unless clearly stated as being that of Standard Bank. The person addressed in the e-mail is the sole authorised recipient. Please notify the sender immediately if it has unintentionally reached you and do not read, disclose or use the content in any way. Standard Bank can not assure that the integrity of this communication has been maintained nor that it is free of errors, virus, interception or interference. _______________________________________________ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ ______________________________________________ Disclaimer and confidentiality note Everything in this e-mail and any attachments relating to the official business of Standard Bank Group Limited is proprietary to the company. It is confidential, legally privileged and protected by law. Standard Bank does not own and endorse any other content. Views and opinions are those of the sender unless clearly stated as being that of Standard Bank. The person addressed in the e-mail is the sole authorised recipient. Please notify the sender immediately if it has unintentionally reached you and do not read, disclose or use the content in any way. Standard Bank can not assure that the integrity of this communication has been maintained nor that it is free of errors, virus, interception or interference. ______________________________________________ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ ______________________________________________ Disclaimer and confidentiality note Everything in this e-mail and any attachments relating to the official business of Standard Bank Group Limited is proprietary to the company. It is confidential, legally privileged and protected by law. Standard Bank does not own and endorse any other content. Views and opinions are those of the sender unless clearly stated as being that of Standard Bank. The person addressed in the e-mail is the sole authorised recipient. Please notify the sender immediately if it has unintentionally reached you and do not read, disclose or use the content in any way. Standard Bank can not assure that the integrity of this communication has been maintained nor that it is free of errors, virus, interception or interference. ______________________________________________ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
