Re: [ActiveDir] Problem removing last w2k DC from a w2k3 domain

Tue, 20 Jun 2006 12:30:20 -0700 

joe wrote:
Ok, thanks for the info. 
What happens if you try to connect to a non-admin share? Say like sysvol. I
am wondering about signing/encryption settings. I have had issues with that
in the past between 2K and K3. I believe that is where it will blow out but
it has been awhile since I have looked at a trace showing that failure. Your
nameres seems to be working ok though so we know that it is communicating
with the proper place so DNS is probably out of the picture for you at
least. :)

You will probably find that K3 DCs have that enabled as mandatory by default
in their local settings (undefined in domain and domain controllers policy).
Run secpol.msc from the command line so you can look at what your real
settings are.

If the signing/encryption stuff is all in sync, I would try connecting via
IP to see if it is some sort of kerb related issue. But seriously, my gut
says it is SMB signing.
Thats what it was. Strange that it was a problem in the child domain and not the root. 

Learn something new every day. :-)

Ethereal is far superior to tcpdump.

        al


  joe

--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm 
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Al Lilianstrom
Sent: Tuesday, June 20, 2006 12:01 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Problem removing last w2k DC from a w2k3 domain

joe wrote:

What do you see in the network trace? Is it attempting the connection? Is

it

establishing the TCP/IP connection and then blowing out in the NetBIOS
handshake? Does it get through the handshake and then fail? 

I get a connection and then the access denied returned to the client.

SMB      Negotiate Protocol Request
SMB      Negotiate Protocol Response
SMB      Session Setup AndX Request
SMB      Session Setup AndX Response
SMB      Tree Connect AndX Request, Path: \\FBDC1\D$
SMB      Tree Connect AndX Response, Error: STATUS_ACCESS_DENIED
SMB      Logoff AndX Request
SMB      Logoff AndX Response, Error: STATUS_ACCESS_DENIED

I have a logon/logoff in the security log on the w2k3 DC.

        al


--


--

Al Lilianstrom
CD/CSS/CSI
[EMAIL PROTECTED]
List info   : http://www.activedir.org/List.aspx
List FAQ    : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

Reply via email to