Can ping, but cannot access shares
Please allow me to give you some background information on this issue.
We have a Windows Server 2003 infrastructure with multiple XP Pro machines and a few 9x/2000 machines. Every machine could do what they needed to do traffic-wise. Recently, we upgraded our 4 Server 2003 machines with Service Pack 1. ONE older server wasn't able to be upgraded with SP1 for one reason or another (which is our BDC). The other 3 servers upgraded just fine.
After that, things were still great. The 9x machines ran just as they needed to on our network. Yesterday, however, we turned off the DC (which we will call OUR_DC1) to replace the little plastic power button that was stuck and wouldn't return. Upon restarting the DC, the XP Pro and 2000 machines were fine. The 9x machines, however, have been having many problems. I checked the services and the services we had previously run were all started, the ones we wanted off were off. I checked the event log and I did get a DNS error (event ID 4515).
I'll use one of the workstations as the primary example here. This computer is running Windows 98 SE, before this reboot it did everything it needed to do - access some file shares, printers and Exchange server which exist on OUR_DC1. It will not do this anymore, for whatever reason. I am able to ping OUR_DC1 by the server name as well as by its IP address. I am unable to access any shares (file and printer) but am able to acccess the Exchange mailstore on OUR_DC1.
Does anyone have any ideas? I've been running in circle for the last 7 hours on this issue! Any help would be much appreciated!
We have a Windows Server 2003 infrastructure with multiple XP Pro machines and a few 9x/2000 machines. Every machine could do what they needed to do traffic-wise. Recently, we upgraded our 4 Server 2003 machines with Service Pack 1. ONE older server wasn't able to be upgraded with SP1 for one reason or another (which is our BDC). The other 3 servers upgraded just fine.
After that, things were still great. The 9x machines ran just as they needed to on our network. Yesterday, however, we turned off the DC (which we will call OUR_DC1) to replace the little plastic power button that was stuck and wouldn't return. Upon restarting the DC, the XP Pro and 2000 machines were fine. The 9x machines, however, have been having many problems. I checked the services and the services we had previously run were all started, the ones we wanted off were off. I checked the event log and I did get a DNS error (event ID 4515).
I'll use one of the workstations as the primary example here. This computer is running Windows 98 SE, before this reboot it did everything it needed to do - access some file shares, printers and Exchange server which exist on OUR_DC1. It will not do this anymore, for whatever reason. I am able to ping OUR_DC1 by the server name as well as by its IP address. I am unable to access any shares (file and printer) but am able to acccess the Exchange mailstore on OUR_DC1.
Does anyone have any ideas? I've been running in circle for the last 7 hours on this issue! Any help would be much appreciated!
0
Comments
Native mode means you need minimum of Win 2000 to access a server. (I think, not 100% on that at the moment)
Check also the permissions for the shares...make sure something didn't hose on the way up after the reboot.
I'm not sure either but I think the mode just dictates the functional level the DC's will operate at....not necessarily what type of work station can attach. The newer your DC's, the higher level of functionality. I'm not positive either.
Here are the modes, straight from the help files of Server 2003.
Lots more on this issue here on the MS TechNet site.
By the way soulo4, I assume you've installed the DSclient thing you need to make Win 9x boxes work well with Server 03 haven't you?
Sorry to lead you on the wrong path Soulo4, nothing worse than looking for help and getting bad information
I did find this: http://support.microsoft.com/?kbid=555038
But since things were working before...I would guess all this has been done.
I shouldn't mention the simple stuff, but did you reboot the 98 machine/machines? Is the DSclient "stuff" in the startup for the 98 clients?
What about the possiblity of a newer GPO that didn't "activate" properly until the DC was rebooted and thus is now blocking the 98 Boxen? Possibly check recent changes?
Simple stuff has been done. We previously didn't have DSclient on the 98 machines (according to admin... I've only been working for them for amonth), but I installed it on a 98 box that we are testing. Still no dice. (Edit: I forgot to add NTLM2 verification, I'll try that and report back!)
I'll take a look at our GPOs to see if there is anything affecting older machines. I'll also check for automatic updates and such.
Have you tried connecting to the share via IP instead of name?
i.e...Map Network Drive > enter \\xx.xx.xx.xx\sharename instead of \\servername\sharename?
Does that get you a connection?
If yes, it would sound like the rebooting of the server has hosed the DNS for the updating of DNS to Non secure clients possibly? I think you have to specifically allow non secure DNS updates for Win98 machines to use DNS properly? But I am not much of an expert here.
Nope, I've tried that one already.
Tried NTLM v2 authentication as well, and nothing. This issue is giving me quite a headache...
EDIT: Are the share names longer than 12 characters?
Are the Computer accounts for the 98 machines still valid on the domain?
Did the user credentials for those using the 98 machines get borked?
Thanks for all the help, RyderOCZ.
Some share names are longer than 12 characters, yes.
Yes, the accounts are still valid on the domain.
The credentials aren't broken, as far as I know.
I have googled and I can't come up with a good search string to pinpoint this issue. Somewhere I thought that 98 just plain couldn't access Server 2003 shares...but obviously that is not the case, it worked before.
I wish I had a 98 machine here to test...but I don't, this thing is really strange.
Can you ping by name from the 98 boxes? Have you made sure that Netbios over TCP/IP is enabled on the server?
I can ping by name and ip address from the 98 boxes.
Netbios over TCP/IP wasn't enabled, but it wasn't originally either. The other servers don't have it and the 98 boxes can talk to them just fine. Nonetheless, I've installed it and I'm going to give it a try!
You turned of the PDC to repair the power button and the BDC is the one that couldn't be upgraded to SP1...is that correct?
Is it possible that while the PDC was down and the BDC was in control, that now we have the directory not synchronized between the 2 and thus the 98 machines are authenticating to the BDC and not "paying attn" to the PDC which I will also assume is the Master Catalog server?
What about trying to down the BDC for a short period and see if things get better?
It seems a bit of a stretch...but perhaps due to the BDC not being SP1....has created some kind of "glitch"
RyderOCZ, you're correct in summarization and I also think you may be right about that. I just checked my event viewer and our BDC is having trouble replicating with the PDC. This is the event:
I think this could be due to the fact that the BDC wasn't upgraded to SP1 alongside our PDC. I'm going to be looking into this error. The event ID is 13508 if you are curious.
It was just a stab...no one had a good thought till Ryder's reply...which appeared when I sent mine. His is the first idea that's connected any dots. Hope you're on to it soulo4.
With the help of you two, I've narrowed the problem down to being lack of deployment of SP1 on the BDC. I can't update it at the moment (posted a reason why on the Hardware Discussion forums). We're running pretty low on disk space so I need to upgrade the hard drives.
Yeesh, after a month of working at this new place and so many headaches for such outdated stuff!
I appreciate you both participating in this thread. I'll keep it up to date as soon as I make my next move.
Sounds like Ryder got you going the right direction now.
I think the lack of deployment of SP1 on our BDC has hosed DNS somehow, somewhere. Primary DNS (on all clients) is pointed toward the PDC while the backup/secondary DNS points to the BDC. I'm also getting event ID 4515 on both DCs' DNS event logs.
I ran nslookup from a couple of computers and this is what they all said (server names/domain names substituted):
C:\>nslookup
*** Can't find server name for address 10.1.0.8: Non-existent domain
Default Server: bdc.domain.local
Address: 10.1.0.9
> 10.1.0.8
Server: bdc.domain.local
Address: 10.1.0.9
*** bdc.domain.local can't find 10.1.0.8: Non-existent domain
> pdc
Server: bdc.domain.local
Address: 10.1.0.9
Name: pdc.domain.local
Address: 10.1.0.8
> 10.1.0.9
Server: bdc.domain.local
Address: 10.1.0.9
Name: bdc.domain.local
Address: 10.1.0.9
> bdc
Server: bdc.domain.local
Address: 10.1.0.9
Name: bdc.domain.local
Addresses: 10.1.0.9, 10.1.0.109
After doing some research, I've come across a few articles. I won't go into too much detail, but some of them say I should delete the whole zone on the DNS server that has the problem and recreate it using ADSI Edit, changing one of the DNS servers to Primary only (no AD integration), and to ignore what the nslookup tool says cause it is buggy!
Does anyone have experience with Event ID 4515 or this problem?
Yea I'm interested if it doesn't take you too long to type it all out.
I examined the entries (in both forward and reverse lookup zones) of both the PDC and BDC. The BDC did not have an entry pointing toward the PDC (in both directions). I created new entries in the forward and reverse lookup zones on the BDC and it worked.
I was kicking myself for how simple this was, but I never would have thought that would be the problem since pinging by hostname AND IP address of the PDC from the BDC worked.
Alas, this fixed that problem!