+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 21
Wireless Networks Thread, Group policy etc in Technical; A quick thanks to a very useful bunch of people, been reading for a while and it seems that i ...
  1. #1

    Join Date
    Aug 2006
    Location
    Lichfield
    Posts
    25
    Thank Post
    0
    Thanked 2 Times in 2 Posts
    Rep Power
    16

    Group policy etc

    A quick thanks to a very useful bunch of people, been reading for a while and it seems that i am not suffering alone However, the school i work for (which means me) has this problem:
    Two servers one W2k3 and one W2k, the newer one for curriculum and the other for Admin(we had another but someone else found out what happens if you boot to CD and don't know what you are doing :twisted: )
    The first issue is folder redirection(i have read most of the posts on this) not working for all students ALL of the time. I am only redirecting desktop and start menu its very temperamental. The GP i have(vbs script) for setting default printer per room(OU) only works when the full set of policies work.

    All of this started when the curriculum server was upgraded. I have checked(today) after reading about the SYSVOL and FRS to discover that not only is that not working(path not found) but GPM on the W2k3 server has completley lost the will to find anything and just reports errors.
    Have tried stopping and restarting the service as per error message and running Net Share. :?:
    So... i thought i would share a few of my woes instead of continuing fishing through microsofts Volumes of 'help'.
    Thanks in advance

  2. #2
    ChrisH's Avatar
    Join Date
    Jun 2005
    Location
    East Lancs
    Posts
    4,938
    Thank Post
    114
    Thanked 272 Times in 250 Posts
    Rep Power
    104

    Re: Group policy etc

    Go to the microsoft site and download dcdiag and netdiag and run them both and see if they bring up anything.

  3. #3

    Join Date
    Aug 2006
    Location
    Lichfield
    Posts
    25
    Thank Post
    0
    Thanked 2 Times in 2 Posts
    Rep Power
    16

    Re: Group policy etc

    Very quick thank you ChrisH, have downloaded both now i will wait...till Monday. I actually stated the problem started with the server(W2k3) i meant to say it started after the summer when i upgraded all the clients to XP Sp2 from 2000. I deleted the old profiles, i was using mandatory for the pupils but have not been able to get that to work either since.
    Cheers again

  4. #4

    Join Date
    Feb 2006
    Posts
    1,187
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0

    Re: Group policy etc

    Ah manadatory profiles ....

    I suspect that the permisions of the mandatory profile weren't changed to allow changes in the student context. GPOs operate by making registry changes on the user hive (ntuser.man). If this is still set to only give administrators or the user it was copied from full control then that might cause problems.

  5. #5
    ajbritton's Avatar
    Join Date
    Jul 2005
    Location
    Wandsworth
    Posts
    1,632
    Thank Post
    23
    Thanked 75 Times in 45 Posts
    Rep Power
    33

    Re: Group policy etc

    Install this on your server, use it to enable 'full logging' on the problem PCs, logon on to a PC with a problem account then use the log analysis feature to find out excatly what is going on.

  6. #6

    Join Date
    Aug 2006
    Location
    Lichfield
    Posts
    25
    Thank Post
    0
    Thanked 2 Times in 2 Posts
    Rep Power
    16

    Re: Group policy etc

    Cheers again, i had the security on the profile folder set as instructed by an MS walktrough(create a user MPM, copy locally ect) but will check again. Have downloaded the suggested program will try and see what shows up on what looks to be a very busy Monday(like there is any other sort!)

  7. #7

    Join Date
    Aug 2006
    Location
    Lichfield
    Posts
    25
    Thank Post
    0
    Thanked 2 Times in 2 Posts
    Rep Power
    16

    Re: Group policy etc

    Monday..How nasty? Anyway i ran Netdiag and came up with errors(no surprise there)
    -Default Gateway Test (fail) no gateway reachable for this adapter
    -DNS test - (fail) FATAL dns registration for " " is incorrect on all DNS servers

    Not completely sure what caused this, i have been told today that one of the (i didn't know there were two) network cards was disabled by EDIT last week.

    The servers IP address' are correct, however i can not ping the stated IP for the Gateway??

    All other tested items (netdiag) are passed.
    Having not too much joy at the moment, help please

  8. #8

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,800
    Thank Post
    110
    Thanked 582 Times in 503 Posts
    Blog Entries
    1
    Rep Power
    223

    Re: Group policy etc

    The gateway test will fail if:

    a) the gateway IP is unpingable (firewalled) this is a reasonable configuration for your border router/firewall and you shouldn't worry about it.
    b) you didn't set a gateway IP.

    Primary DNS should point to another AD DNS server. Secondary DNS should point to localhost. (Assuming you have 2 DCs).

  9. #9

    Join Date
    Sep 2006
    Location
    Essex
    Posts
    777
    Thank Post
    1
    Thanked 31 Times in 29 Posts
    Rep Power
    23

    Re: Group policy etc

    I disagree with Geoff, the primary DNS should point to itself if it is an AD DNS server.

    Check the DNS records for the DC, if the server has two NIC's and one has been disabled this could cause serious issues with DNS

  10. #10

    Join Date
    Aug 2006
    Location
    Lichfield
    Posts
    25
    Thank Post
    0
    Thanked 2 Times in 2 Posts
    Rep Power
    16

    Re: Group policy etc

    Okay getting just a little confused right about now The W2K3 server has one NIC. It can not resolve the stated 'gateway', GPM says network path not found. File replication is showing errors relating to the in ability to resolve the share(it explains the possible causes and suggests forcing a stop/start of ntfrs) Which due to the fact it can't reach the other server is obvious.
    The W2K server has two NIC's a 10/100 and a 1000. The 10/100 has been disabled. The event log for this machine is altogether more relaxed and has more warnings than anything else suggesting that it can't contact the other server but will try again later(if it feels like it?) AD and GP both work as 'normal' except for the fact its obviously not right. The significant error is that shown from netdiag : no gateway!
    Having neither set the servers up or having paid that much attention in the past(or being responsible for them) this is a new one on me. cheers for the help

  11. #11

    Join Date
    Jul 2005
    Location
    Corby
    Posts
    1,056
    Thank Post
    12
    Thanked 20 Times in 18 Posts
    Rep Power
    23

    Re: Group policy etc

    Quote Originally Posted by djm968
    I disagree with Geoff, the primary DNS should point to itself if it is an AD DNS server.

    Check the DNS records for the DC, if the server has two NIC's and one has been disabled this could cause serious issues with DNS
    Yeah- Primary DNS Server (if it is an AD Server) should indeed point to itself.

    Paul

  12. #12

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,800
    Thank Post
    110
    Thanked 582 Times in 503 Posts
    Blog Entries
    1
    Rep Power
    223

    Re: Group policy etc

    I disagree with Geoff, the primary DNS should point to itself if it is an AD DNS server.
    While this will work, it'll also fill your event logs up on the DC with lots of errors complaining about the netlogin service not being able to find the SRV records. This is because the netlogin service starts before the DNS service does. In extreme cases you will actually start to see replication delays or even failures.

    It's all explained in this KB article.

    http://support.microsoft.com/kb/825036

    'Domain controller with DNS installed' is the relevant section. As I explained above, I'm advocating the third method.

  13. #13

    Join Date
    Jul 2005
    Location
    Corby
    Posts
    1,056
    Thank Post
    12
    Thanked 20 Times in 18 Posts
    Rep Power
    23

    Re: Group policy etc

    I think Geoff what may have prompted the query about your point was your emphatic "..should point". This is only a third option in a list of three possible (and workable) methods of installing DNS on an AD network- as detailed on the KB article you linked to.

    I have installed dozens of servers with DNS on them using the primary DC with DNS installed as the primary DNS reference- as per most training materials (even MS Press) and never had my event log even hint at SRV records not being found (even that can be remedied). Im sure it probably happens, but I have never seen it.

    Good link though- thanks.

  14. #14

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,881
    Thank Post
    1,316
    Thanked 1,738 Times in 1,087 Posts
    Blog Entries
    19
    Rep Power
    563

    Re: Group policy etc

    I'm another one in favour of pointing the DNS to itself .. and secondary pointing to the other DC.

    We do get the odd error but that tends to point at other issues ... and they can be helpful in resolving issues.

    Then again, I would recommend DNS & BIND and DNS on Windows Server 2003 to most people though ... and they do talk about the option of alternate pointing for DNS ...

  15. #15

    Join Date
    Jan 2006
    Location
    Surburbia
    Posts
    2,178
    Thank Post
    74
    Thanked 307 Times in 243 Posts
    Rep Power
    114

    Re: Group policy etc

    the gateway IP is unpingable (firewalled) this is a reasonable configuration for your border router/firewall
    It's no big deal, but I think a pingable gateway is better. If a Windows box with an unexpired lease starts up and can't find your DHCP server, it will ping the gateway. If it gets a reply it carries on using that lease, if it doesn't get a reply it uses APIPA.

    If it does go to APIPA it then checks for the DHCP every few mins so everything will recover shortly after you've fixed a DHCP outage, but users are much less likely to notice when your gateway is pingable.

    [This is useful for renumbering in a mostly DHCP environment]

    Edit/PS: I remember that Net Logon & DNS thing at startup, but haven't seen it for a while.. is it something that stopped happening with 2K3?

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Group policy
    By pedster666 in forum Hardware
    Replies: 5
    Last Post: 27th February 2008, 10:03 AM
  2. group policy not being seen at all
    By krisd32 in forum Windows
    Replies: 5
    Last Post: 31st August 2007, 09:07 AM
  3. group policy
    By kevin_lane in forum How do you do....it?
    Replies: 2
    Last Post: 27th July 2007, 12:17 PM
  4. Group Policy
    By faza in forum Wireless Networks
    Replies: 27
    Last Post: 5th July 2006, 06:34 AM
  5. Group Policy
    By faza in forum Wireless Networks
    Replies: 2
    Last Post: 23rd May 2006, 07:30 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •