Re: [ActiveDir] One computer is fine, one has "can't find domain controller" errors
Joe wrote: This is the perfect case of when to break out a network monitor and watch the traffic. Do what it is you are trying to do and see what the network is doing. Well. As a final followup to this, I can't reproduce the problem at all any more. The computer that was doing it is not any longer, it now behaves exactly like the one right next to it. I can't detect anything out of the ordinary with any of the tools anyone suggested to me. Unless someone has a better guess, I'm going to assume that there was some transient network or hardware glitch (gremlins? solar flares? The Hand of Fate?) that is now gone. Thanks to everyone who responded with assistance. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bill Moran Sent: Saturday, October 18, 2003 2:05 PM To: [EMAIL PROTECTED] Hello all, I posted earlier concerning Windows XP machines not allowing any scripts to run and presenting no clue as to why. After additional discussion with other techs, as well as multiple searches on the 'net, we decided to completely reinstall the two machines. This solved the IE problem. However, we are getting error messages on 1 machine, but not on the other. The one machine claims it can not contact the domain server. (which is ridiculous because it's mounting shared drives from it, and those shares function properly) Event ID 5719. These two machines are identical in every way. Same hardware. Same software and versions of software. Plugged in side by side to the same switch. The ONLY difference we can imagine, is that the one with the problem was configured for a workgroup during install, and then joined to the domain afterwards (just the tech clicking without thinking) while the one that works was joined to the domain during the initial install. I'm putting this out for two reasons: 1 -> to see if anyone has any insight as to what's happening. 2 -> to have this information made public, so if others come across it they can see they're not alone. Perhaps someone with some time and a lab available could test to see if the problem I describe is, in fact, caused by the install process described, or if it's just coincidence. Both machines appear to function properly aside from the errors. -- Bill Moran Potential Technologies http://www.potentialtech.com List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] One computer is fine, one has "can't find domain controller" errors
roseta wrote: Hi, I had once a problem similar to this, I do not know exactly why it is happening (but I have one guess about my situation, I had two OS on my computer Windows 98 and XP) but I did one thing and no problem till that time. I loged to the computer itself. Made it to join a test workgroup. Then after restarting, the computer was in a test workgroup. And then deleted the computer account on Windows 2000 AD. Then I changed the name of the computer of XP. Then again after restarting I joined the domain with the new name. and a new account for computer will be created in AD. I do not know maybe my problem is different from your. But the error and situation seems similar. May be my experience can help you. Unfortunately, I am unable to reproduce this problem in the lab. This makes it terribly difficult to diagnose, because of my limited access to the production environment. However, I am going to try to find time to do some diagnosis in the evenings over the next few days. Wish me luck. Roseta. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joe Sent: Sunday, October 19, 2003 1:02 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] One computer is fine, one has "can't find domain controller" errors This is the perfect case of when to break out a network monitor and watch the traffic. Do what it is you are trying to do and see what the network is doing. joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bill Moran Sent: Saturday, October 18, 2003 2:05 PM To: [EMAIL PROTECTED] Hello all, I posted earlier concerning Windows XP machines not allowing any scripts to run and presenting no clue as to why. After additional discussion with other techs, as well as multiple searches on the 'net, we decided to completely reinstall the two machines. This solved the IE problem. However, we are getting error messages on 1 machine, but not on the other. The one machine claims it can not contact the domain server. (which is ridiculous because it's mounting shared drives from it, and those shares function properly) Event ID 5719. These two machines are identical in every way. Same hardware. Same software and versions of software. Plugged in side by side to the same switch. The ONLY difference we can imagine, is that the one with the problem was configured for a workgroup during install, and then joined to the domain afterwards (just the tech clicking without thinking) while the one that works was joined to the domain during the initial install. I'm putting this out for two reasons: 1 -> to see if anyone has any insight as to what's happening. 2 -> to have this information made public, so if others come across it they can see they're not alone. Perhaps someone with some time and a lab available could test to see if the problem I describe is, in fact, caused by the install process described, or if it's just coincidence. Both machines appear to function properly aside from the errors. -- Bill Moran Potential Technologies http://www.potentialtech.com List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] One computer is fine, one has "can't find domain controller" errors
Ken Schaefer wrote: A agree with Joe. Bill - you've posted no data that you managed to collect from attempting to troubleshoot this problem, so on what basis can you conclude (or expect us to believe) that "it's definitely a bug in WinXP"? Don't put words in my mouth. I did not jump to the conclusion you accuse me of. If you look below, you'll see my exact words were "it definately appears to be a bug in Windows XP" If you feel the appearance is otherwise, that's your opinion, but I go on further to say that I'm going to try to find time to test my "theory" in a lab. I have both limited access to the production environment in which this is occurring, and I can not risk downtime - which limits the kind of testing I can do. In addition, I posted ALL of the data I collected while troubleshooting the problem. I won't argue that it's very little at this point, but I'm very early in the diagnosis of this problem, and one of the early steps I took was "post to the list to see if anyone else has any experience with this issue". We've got plenty of WinXP machines that we've either Ghosted, or Syspreped, and then added to a domain. On some occasions it doesn't take, but removing the machine, deleting the machine account in AD, and readding the machine usually fixes things. Are you trying to support your point or contradict yourself? If "on some occasions it doesn't take", then what are those occasions? Can you provide data to prove that those are operator error or other cause than a bug in Windows XP? Again, I am not saying there is a bug in XP. I'd have enough background data to support it if I were to say something like that. I think my earlier statement below is clear that I have a theory that there may be a bug in XP, and I recognize the need for further investigation. - Original Message - From: "Joe" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, October 19, 2003 11:55 PM Subject: RE: [ActiveDir] One computer is fine, one has "can't find domain controller" errors Just for an alternate viewpoint, we have tens of thousands of XP machines that are staged in workgroup mode and added to the domain after the fact via script. We don't see these issues. joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bill Moran Sent: Sunday, October 19, 2003 9:39 AM To: [EMAIL PROTECTED] roseta wrote: This actually seems very similar, since the machine that has the errors was originally part of a workgroup, then joined to the domain, whereas the one that doesn't produce errors was never part of a workgroup. This definately appears to be a bug in Windows XP. We have all available Windows updates installed, so it's apparently still a bug. Thanks for the input. I'm going to try to find time/resources to do an actual test on this and prove/disprove this theory. -- Bill Moran Potential Technologies http://www.potentialtech.com List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] One computer is fine, one has "can't find domain controller" errors
Steve Shaff wrote: Also, You may want to make sure that the DNS on the client machine is correct. I have also, have had problems in the past with windows machines. Adding static DNS entries and adding the DNS suffix (under the advanced tab) have corrected issues with problem machines, at least for me. Thanks, Steve. The DNS was wrong initially, but we corrected it prior to installing service packs. I'll check into the DNS suffix issue, as I'm not sure what we had done there. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ken Schaefer Sent: Sunday, October 19, 2003 5:37 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] One computer is fine, one has "can't find domain controller" errors A agree with Joe. Bill - you've posted no data that you managed to collect from attempting to troubleshoot this problem, so on what basis can you conclude (or expect us to believe) that "it's definitely a bug in WinXP"? We've got plenty of WinXP machines that we've either Ghosted, or Syspreped, and then added to a domain. On some occasions it doesn't take, but removing the machine, deleting the machine account in AD, and readding the machine usually fixes things. Cheers Ken - Original Message - From: "Joe" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, October 19, 2003 11:55 PM Subject: RE: [ActiveDir] One computer is fine, one has "can't find domain controller" errors Just for an alternate viewpoint, we have tens of thousands of XP machines that are staged in workgroup mode and added to the domain after the fact via script. We don't see these issues. joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bill Moran Sent: Sunday, October 19, 2003 9:39 AM To: [EMAIL PROTECTED] roseta wrote: This actually seems very similar, since the machine that has the errors was originally part of a workgroup, then joined to the domain, whereas the one that doesn't produce errors was never part of a workgroup. This definately appears to be a bug in Windows XP. We have all available Windows updates installed, so it's apparently still a bug. Thanks for the input. I'm going to try to find time/resources to do an actual test on this and prove/disprove this theory. -- Bill Moran Potential Technologies http://www.potentialtech.com List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] One computer is fine, one has "can't find domain controller" errors
roseta wrote: Hi, I had once a problem similar to this, I do not know exactly why it is happening (but I have one guess about my situation, I had two OS on my computer Windows 98 and XP) but I did one thing and no problem till that time. I loged to the computer itself. Made it to join a test workgroup. Then after restarting, the computer was in a test workgroup. And then deleted the computer account on Windows 2000 AD. Then I changed the name of the computer of XP. Then again after restarting I joined the domain with the new name. and a new account for computer will be created in AD. I do not know maybe my problem is different from your. But the error and situation seems similar. May be my experience can help you. This actually seems very similar, since the machine that has the errors was originally part of a workgroup, then joined to the domain, whereas the one that doesn't produce errors was never part of a workgroup. This definately appears to be a bug in Windows XP. We have all available Windows updates installed, so it's apparently still a bug. Thanks for the input. I'm going to try to find time/resources to do an actual test on this and prove/disprove this theory. Roseta. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joe Sent: Sunday, October 19, 2003 1:02 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] One computer is fine, one has "can't find domain controller" errors This is the perfect case of when to break out a network monitor and watch the traffic. Do what it is you are trying to do and see what the network is doing. joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bill Moran Sent: Saturday, October 18, 2003 2:05 PM To: [EMAIL PROTECTED] Hello all, I posted earlier concerning Windows XP machines not allowing any scripts to run and presenting no clue as to why. After additional discussion with other techs, as well as multiple searches on the 'net, we decided to completely reinstall the two machines. This solved the IE problem. However, we are getting error messages on 1 machine, but not on the other. The one machine claims it can not contact the domain server. (which is ridiculous because it's mounting shared drives from it, and those shares function properly) Event ID 5719. These two machines are identical in every way. Same hardware. Same software and versions of software. Plugged in side by side to the same switch. The ONLY difference we can imagine, is that the one with the problem was configured for a workgroup during install, and then joined to the domain afterwards (just the tech clicking without thinking) while the one that works was joined to the domain during the initial install. I'm putting this out for two reasons: 1 -> to see if anyone has any insight as to what's happening. 2 -> to have this information made public, so if others come across it they can see they're not alone. Perhaps someone with some time and a lab available could test to see if the problem I describe is, in fact, caused by the install process described, or if it's just coincidence. Both machines appear to function properly aside from the errors. -- Bill Moran Potential Technologies http://www.potentialtech.com List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] One computer is fine, one has "can't find domain controller" errors
Chris Lynch wrote: By chance, do you have Cisco switches? No. If so, check the PORTFAST command on the port this client is connected to. PORTFAST has to do with Spanning Tree (mainly used if you have redundant links between two or more switches). With PORTFAST disabled, it takes about almost a minute for the port to allow traffic through (go from a BLOCKING state to LEARNING state, then to FORWARDING state if the switch determines that another switch isn't connected at that port). Sorry. I forgot to mention that we already researched this particular issue (it seems to be a well-documented problem). The switch is a D-Link DSS-8+. Low-end switch, non-managed. The manual provided gives a lot of information on the "exciting features", but mentions nothing about portfast or spanning tree, which leads me to believe that it doesn't have those features. Even if it did, that would not explain why one computer has the problem while another does not (since they're both plugged into the same switch). Thanks for the input. Chris -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bill Moran Sent: Saturday, October 18, 2003 11:05 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] One computer is fine, one has "can't find domain controller" errors Hello all, I posted earlier concerning Windows XP machines not allowing any scripts to run and presenting no clue as to why. After additional discussion with other techs, as well as multiple searches on the 'net, we decided to completely reinstall the two machines. This solved the IE problem. However, we are getting error messages on 1 machine, but not on the other. The one machine claims it can not contact the domain server. (which is ridiculous because it's mounting shared drives from it, and those shares function properly) Event ID 5719. These two machines are identical in every way. Same hardware. Same software and versions of software. Plugged in side by side to the same switch. The ONLY difference we can imagine, is that the one with the problem was configured for a workgroup during install, and then joined to the domain afterwards (just the tech clicking without thinking) while the one that works was joined to the domain during the initial install. I'm putting this out for two reasons: 1 -> to see if anyone has any insight as to what's happening. 2 -> to have this information made public, so if others come across it they can see they're not alone. Perhaps someone with some time and a lab available could test to see if the problem I describe is, in fact, caused by the install process described, or if it's just coincidence. Both machines appear to function properly aside from the errors. -- Bill Moran Potential Technologies http://www.potentialtech.com List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] One computer is fine, one has "can't find domain controller" errors
Hello all, I posted earlier concerning Windows XP machines not allowing any scripts to run and presenting no clue as to why. After additional discussion with other techs, as well as multiple searches on the 'net, we decided to completely reinstall the two machines. This solved the IE problem. However, we are getting error messages on 1 machine, but not on the other. The one machine claims it can not contact the domain server. (which is ridiculous because it's mounting shared drives from it, and those shares function properly) Event ID 5719. These two machines are identical in every way. Same hardware. Same software and versions of software. Plugged in side by side to the same switch. The ONLY difference we can imagine, is that the one with the problem was configured for a workgroup during install, and then joined to the domain afterwards (just the tech clicking without thinking) while the one that works was joined to the domain during the initial install. I'm putting this out for two reasons: 1 -> to see if anyone has any insight as to what's happening. 2 -> to have this information made public, so if others come across it they can see they're not alone. Perhaps someone with some time and a lab available could test to see if the problem I describe is, in fact, caused by the install process described, or if it's just coincidence. Both machines appear to function properly aside from the errors. -- Bill Moran Potential Technologies http://www.potentialtech.com List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] VERY OT: Preventing Viruses from Lab to Live network
[EMAIL PROTECTED] wrote:
Thanks, Bill.
We all have had to live with management-driven decisions at one time or the
other, no? We change what we can, and accept what we can't and try to make
the best of it. This is one of those situations.
But sometimes you have to have the fortitude to stand up to management and
tell them they're asking for something that's not possible. You can't have
100% security and 100% access at the same time.
The line of thought is "we don't care what's running around in the Labs as
long as they remain in the Labs, but, by the way, we need to be able to pull
files from our Labs machines to our production desktops so we can work on
them. So, you see, you can't block off the Labs"
Anyway, the cost is really not a factor. Finding what to invest the money in
is the issue. The PRIMARY (and, maybe, ONLY) concern is keeping viruses that
propagate through network shares from coming to the production network. The
device I was testing does SMTP, POP and Web filtering, but 90% of the Virus
problems is NetBIOS borne. And, no, I can't filter out NetBIOS ports between
the Labs and the production sides. That is my dilemma. IF there is a device
on the market that does NetBIOS virus scanning and prevention, a big part of
my problem will disappear overnight. And, if wishes were horses :-p
Well, I still think you could work it out with an intermediate machine. Just
put a Server in between the two networks with two interfaces on it. Load it
up with all the virus protection you can find (most server-based virus
protection will check incomming and outgoing files as they are up/downloaded)
and keep the machine updated with all patches/etc.
Then set it up so the only way to get files from production to lab is to copy
them on to this server first. It's a little annoying for the people copying
the files ("Damn ... I forgot to copy this to the transfer server from the
lab") but I would say that this is where you've got to draw the line if you
want have any level of safety/protection whatsoever.
From the look of things, though, it seems that this is on of the situations
where we say "There are seldom good technological solutions to behavioral
problems." Apologies to Ed Crowley :)
I agree. I think the only way you're going to get any sane level of protection
is to come to a compromise. Sometimes you have to be willing to push back.
Good luck in whatever approach you take.
Sincerely,
Dèjì Akómöláfé, MCSE MCSA MCP+I
www.akomolafe.com
www.iyaburo.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
From: [EMAIL PROTECTED] on behalf of Bill Moran
Sent: Fri 10/17/2003 10:08 AM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] VERY OT: Preventing Viruses from Lab to Live network
[EMAIL PROTECTED] wrote:
I forgot to mention that. Yeah, there is a requirement for connectivity
between the 2 sides. That's why firewalling them is not an option.
I've been following this because I think it's outrageous. I don't envy
your problem.
I think you're in a situation where you'll have to say "if that's what
you want, then it's going to cost you" to whoever put the connectivity
requirement in place.
First off, you are going to want a firewall between production and lab.
Set it to deny by default, then allow ONLY the EXACT traffic that you
want to allow. Then configure logging and make it a point to review
the logs regularly.
I would also suggest a dedicated SMTP relay for the lab, with virus
scanning and extensive access restrictions: again, allow only what
you KNOW is safe, log everything, and review the logs regularly.
Configure your firewall so that ONLY mail that's gone through the
SMTP relay is allowed anywhere. This will stop a lot of SMTP-based
worms from getting anywhere, as well as alerting you to their
existance.
Even this will not protect you from every type of attack, but it
should reduce the rate of occurance significantly.
--
Bill Moran
Potential Technologies
http://www.potentialtech.com
List info : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] VERY OT: Preventing Viruses from Lab to Live network
[EMAIL PROTECTED] wrote: I forgot to mention that. Yeah, there is a requirement for connectivity between the 2 sides. That's why firewalling them is not an option. I've been following this because I think it's outrageous. I don't envy your problem. I think you're in a situation where you'll have to say "if that's what you want, then it's going to cost you" to whoever put the connectivity requirement in place. First off, you are going to want a firewall between production and lab. Set it to deny by default, then allow ONLY the EXACT traffic that you want to allow. Then configure logging and make it a point to review the logs regularly. I would also suggest a dedicated SMTP relay for the lab, with virus scanning and extensive access restrictions: again, allow only what you KNOW is safe, log everything, and review the logs regularly. Configure your firewall so that ONLY mail that's gone through the SMTP relay is allowed anywhere. This will stop a lot of SMTP-based worms from getting anywhere, as well as alerting you to their existance. Even this will not protect you from every type of attack, but it should reduce the rate of occurance significantly. Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Gil Kirkpatrick Sent: Fri 10/17/2003 8:49 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] VERY OT: Preventing Viruses from Lab to Live network Is there some requirement that the peope/devices in the test labs be able to access the production network? Would a firewall between the two help? -gil -Original Message- From: deji Agba [mailto:[EMAIL PROTECTED] Sent: Thursday, October 16, 2003 6:17 PM To: [EMAIL PROTECTED] Subject: VERY OT: Preventing Viruses from Lab to Live network I'm sure this does not have much bearing on AD, per se. So, I apologize for sending it to this forum that has one of the best collection of brains I've ever seen. I have some Engineering Testing Labs with a number of Domains and computers sharing the same network with my LIVE domain. It's actually worse than just sharing, but that's another story. Business requirements prevent some clients on these domains from installing AV clients, updating patches or even having passwords for the local admin password. Yeah, I know, but, again, another story entirely. But, as you can deduce, Viruses happen in these Labs. My question is this. How do you protect your Production networks from settings like these? All production systems follow strict adherence to strict security practices, but we occasionally have slippage (like someone on a month-long vacation turning off a computer and thereby not getting patches and AV pattern updates). How do you PREVENT share-eating Viruses like Mofei, Nachi, etc from spreading from the Lab to your live network? I have been evaluating a Product called Fortigate (from Fortinet), but I gave it up as soon as I discovered that they do not protect against NetBIOS, share-borne Viruses. Any product there that can help me out? -- Bill Moran Potential Technologies http://www.potentialtech.com List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] OT Received Packets
Salandra, Justin A. wrote: I am watching my interface in netmon and there is nothing coming up. I see other traffic on the network. You could install Ethereal (http://www.ethereal.com) which will capture and analyze individual packets. That would answer the question once and for all, since you'd be able to see details of every single packet. At the rate you're gathering incomming packets, you should only need a few seconds worth of capture to find out where it's coming from. -Original Message- From: Joe [mailto:[EMAIL PROTECTED] Sent: Monday, October 06, 2003 10:36 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] OT Received Packets I would guess that it is probably mostly ARP's and other broadcasts. I would say whomever mentioned the viruses is probably accurate, but open that up to all of the broadcast and searching viruses like mumu and code red and nimda and ... And ... And ... And ... Whatever traffic it is though, it should be readily available in netmon unless the wrong interface is being watched. joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick Sent: Monday, October 06, 2003 2:35 PM To: '[EMAIL PROTECTED]' My first thought it might be machine policy, but it sounds like the traffic is fairly continuous, as opposed to just after boot. Are you running any p2p software? -g -Original Message- From: Salandra, Justin A. [mailto:[EMAIL PROTECTED] Sent: Monday, October 06, 2003 10:47 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] OT Received Packets Netmon is gathering traffic but not showing all the packets that I am receiving. I am finding these numbers by going into Network and clicking on the status of my network connection. Right now I have 29,000 packets received and 5,000 sent and my laptop has been on for an hour. -Original Message- From: Gil Kirkpatrick [mailto:[EMAIL PROTECTED] Sent: Monday, October 06, 2003 1:26 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] OT Received Packets "I have run network monitor and can not find what the traffic is that I am receiving." Meaning that NETMON is not showing any traffic? Or that NETMON can't identify the traffic? How are you determining that you are actually receiving this traffic? PERFMON? -gil -Original Message- From: Salandra, Justin A. [mailto:[EMAIL PROTECTED] Sent: Monday, October 06, 2003 5:39 AM To: ActiveDir (E-mail) Subject: [ActiveDir] OT Received Packets This a little off topic, but I have to ask. My Laptop within minutes of being turned on receives over 7,000 packets and sends only 300 or so. In 15 minutes I will have over 30,000 received packets. My computer is the only one this is happening too. I have run network monitor and can not find what the traffic is that I am receiving. I have run a antivirus scan on my computer with updated DAT files and found nothing. I have looked at my services and did not find anything different. This only happens on my work network, not at home. Does anyone have any ideas? Justin A. Salandra, MCSE Senior Network Engineer Catholic Healthcare System 212.752.7300 - office 917.455.0110 - cell [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ -- Bill Moran Potential Technologies http://www.potentialtech.com List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Problems with running ActiveX controls (i.e. Windows Update) ...
Hey all. This is my first post to this list - just found it today. I'm having a problem with a W2K3 domain (WinXP Pro WSs) and I believe I've done something to some setting in Active Directory to cause it, but I can't figure out what. Basically, None of the machines in the domain will run Windows Update because "Your current security setting prohibit running ActiveX controls on this page. As a result, the page may not display correctly." I'm worried that this might be causing other problems as well, for example, Norton AV won't let me run the AV control program. Of course, any search of MS website or the Internet at large will bring up the canonical answer to this problem: "Under Internet Settings, under security, make sure the running of ActiveX is enabled for the zone you're in." However, this doesn't fix the problem. I've enabled ActiveX in ALL zones, and I still get the error. I used GPMC to enable the running of ActiveX controls in Internet Explorer for all zones, Domain wide, yet the error still exists. I've spent many hours just browsing the GPMC tree of the domain, looking for any setting that could be causing this, to no avail. Does anyone have any suggestions on where this is configured, or how to track it down? I'm sure it's in the AD somewhere, since we ran Windows update on the workstations prior to joining them to the domain, but after joining the AD, they won't run WU anymore. Honestly, I'm at the end of my rope ... any assistance would be a Godsend. -- Bill Moran Potential Technologies http://www.potentialtech.com List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
