none
Problem accessing file in netlogon share

    Pregunta

  • Info first:
    -Clients: Win7
    -DC's: server 2008 R2

    We have a weird issue with our Netlogon share. This particular problem has occured only three times in the past 2 years. In the Netlogon share we have some scripts and shortcuts, etc.

    A day out of no where - A user logs into their machine, clicks on shortcut on desktop pointing to a script in the netlogon share (a shortcut created from group policy that lies in the netlogon share)(essentially its a fancy script to open a link in IE, dont ask), then gets an error that the shortcut is "unavailable." I've proven this to be an isolated issue to the logged in user and thats it. If you log the user out, login as another user w/ same priviledges, it works fine. If you have the user with the troubled problem login on a different machine, it works fine. So as I said before, the problem seems isolated to the windows profile on the specific computer only.


    Troubleshooting:
    -From the run prompt - typing \\domain\netlogon\ times out and gets "an extended error has occured".
    -Pinging the domain (group of servers) returns replies. (for ex - ping domain.fries.com) and pinging each individual dc returns replies 
    -From the run prompt - choosing a dc's netlogon share works fine - for ex - \\dc1\netlogon
    -Given that the above works, I've tried all our dc's (for ex - \\dc1\netlogon, \\dc2\netlogon, \\dc3\netlogon), all working fine
    -Tried the obvious, restart users machine, log user out, etc.
    -On the same computer, logged in as a different user (same priviledges) no problems
    -On a different computer, had the user with the problem, login and access to \\domain\netlogon\ works just fine. . . 

    My first thought, DNS issue? DNS seems to be fine as everything has always been working in the past (and currently) and this issue has occured at months apart. Permissions? Humm, doesn't seem to be as the user could access the resources fine before and fine on a different machine. 

    Something corrupted in user profile?  I was able to link a possible connection to the problem, but cant say for sure. The user said that the same day, Windows popped up in the system tray that their password expired. The user rebooted and changed their password. Then after logging in, the problem above occurred. I can't say for sure this happened to the previous users though....

    HELP! Not a big problem, but could be on a larger scale. Any ideas?
    viernes, 02 de marzo de 2012 17:39

Respuestas

  • I figured out what happened with a Wireshark trace. The users password expired while they were already logged in. When trying to access the shortcut on desktop that points to a file in the netlogon share, windows prompted for credentials (that weren't expired). The user put in 3rd party software credentials instead accidently. Windows then cached those incorrect credentials for \\ad\netlogon. Removing the cached credentials from Credential Manger fixed the problem. 
    • Marcado como respuesta bjp106 lunes, 05 de marzo de 2012 17:25
    lunes, 05 de marzo de 2012 17:25

Todas las respuestas

  • If the user changed his password could it be possible that the domain replication is not working as fast as expected thet the credentials are diefferent on the dc`s? Have you tried to have a look in the security protocol if something is documented there. Seems to be an auth problem.
    domingo, 04 de marzo de 2012 8:44
  • Hi,

    From what you've describer so far, it sounds more like a potential DFS namespace issue. The fact that you can get to the direct server share but not the DFS namespace share says something's either not resolving correctly, or more likely simply not resolving in time.

    If it's the latter, then troubleshooting the issue will be something of a nuisance as you'll only have a limited timeframe in which to look at the problem. To at least try and confirm if it is this issue, you can try to run either of these commands:

    dfsutil cache domain
    

    - or -

    dfsutil /pktinfo
    

    In short, these commands will tell you to which replica the DFS namespace of "fries.com" or \\fries.com\netlogon has actually resolves to.

    Of course, this is just an educated guess. Have you checked the event logs to see if any issues are reported? Particularly under the Applications and Services\Microsoft\Windows\GroupPolicy\Operational node? If the client is not operating with the namespace correctly, then there's a good chance this is also true for the sysvol share and hence you might find extended diagnostic information under this location.

    If it does look to be a timing issue, you might be able to try disabling the Windows fast startup group policy settings and checking if that doesn't resolve the issue. Though, if other clients are behaving immediately after a restart, it's quite likely this has nothing to do with the problem.

    Cheers,
    Lain

    domingo, 04 de marzo de 2012 13:53
  • If Lain and Cornelius' suggestions don't help, it may be a profile corruption issue. There were other posts recently in this and the NIS forum with similar issues with accessing other types of resources. It worked for one poster by wiping the profile and have the user login again to create a new profile. That didn't help the other poster, where he had to reimage his machine, which worked.

    Btw- if using imaging, make sure you are sysprepping the image.

    .


    Ace Fekay
    MVP, MCT, MCITP Enterprise Administrator, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBookTwitterLinkedIn


    domingo, 04 de marzo de 2012 23:21
  • I figured out what happened with a Wireshark trace. The users password expired while they were already logged in. When trying to access the shortcut on desktop that points to a file in the netlogon share, windows prompted for credentials (that weren't expired). The user put in 3rd party software credentials instead accidently. Windows then cached those incorrect credentials for \\ad\netlogon. Removing the cached credentials from Credential Manger fixed the problem. 
    • Marcado como respuesta bjp106 lunes, 05 de marzo de 2012 17:25
    lunes, 05 de marzo de 2012 17:25