4

I have an SBS 2008 machine which is causing me headaches.

For Windows shares, it seems to be living in its own little isolated world. It can browse a list of network shares just fine (NET VIEW), but it refuses to connect to any, with:

\\storage\shared is not accessible. You might not have permission to use this network resource. Contact the administrator of this server to find out if you have access permissions.

The specified network name is no longer available.

And the same goes for every other computer on the network. They can view the shares on the SBS 2008 server, but they cannot connect to any. they get the same message.

I don't know how long this has been going on for, and it may have been going on since the server was first deployed.

Additional information:

  • It's just a vanilla configuration, without any additional software installed
  • It's not the Symantec Endpoint Protection issue (but the symptoms are very similar).
  • There are no errors in the event logs that I can find.
  • The "Computer Browser" service is disabled. I don't know if this is normal or not, but enabling it seemed to make no difference.
  • Everything else (like Exchange, SQL Server) is all running fine and does not experience any connectivity issues
  • The ForeFront subscription has expired (probably not relevant)

There is a concerning part of DCDIAG which I've outputted below (we only have one DC in one site, so I'm not sure if NTDS issues would be affecting this problem):

 Starting test: Services
       Could not open NTDS Service on EPPINGDC, error 0x5 "Win32 Error 5"
    ......................... EPPINGDC failed test Services
 Starting test: SystemLog
    An Error Event occurred.  EventID: 0x00000457
       Time Generated: 08/22/2010   07:40:19
       EvtFormatMessage failed, error 15100 Win32 Error 15100.
       (Event String (event log = System) could not be retrieved, error
       0x3afc)
    An Error Event occurred.  EventID: 0x00000457
       Time Generated: 08/22/2010   07:40:27
       EvtFormatMessage failed, error 15100 Win32 Error 15100.
       (Event String (event log = System) could not be retrieved, error
       0x3afc)
    ......................... EPPINGDC failed test SystemLog

Any suggestions?

Mark Henderson
  • 68,316
  • 31
  • 175
  • 255

6 Answers6

2

I just had another thought. I've seen a server in the past where the IPC$ share somehow disappeared. Check your shares to make sure it's still there. If it isn't, run net use IPC$

Also let us know how the BPA changes worked out for you.

EDIT

All right. I have another suggestion. Reset winsock and TCP/IP. You'll probably want to be onsite for this. You have to reset the IP address afterwards (A good idea is to rerun the "Connect to internet" wizard when you're done). Here's the commands:

netsh winsock reset c:\winsockreset.log
netsh int ip reset c:\ipreset.log

Jason Berg
  • 18,954
  • 6
  • 38
  • 55
  • Well, the BPA changes totally screwed the server. I installed SP2 as per the instructions and when it rebooted, NetLogon couldn't start, the permissions were stuffed, it wouldn't authenticate against the domain, and when I eventually got into it the OS reported as Server 2008 FE. I'm going on-site this evening to restore it from a backup, then I will try the other suggestions in the answers (can't restore it remotely as the Windows Backup application is stuffed too). – Mark Henderson Aug 23 '10 at 00:48
  • P.S. Just in case you're worried I'm totally not blaming you for that ;) I think it's a sign that there's something larger wrong with the server. – Mark Henderson Aug 23 '10 at 00:49
  • Owch! Thanks for not blaming me :-) Have you checked the health of your NTDS database? – Jason Berg Aug 23 '10 at 00:55
  • @Jason - you had me excited beause the IPC$ share was disabled - however I put it back using a KB artical and it didn't fix anything :( – Mark Henderson Aug 23 '10 at 09:35
  • Wow. I feel like we're getting somewhere maybe. I've added another possible solution. Also, have you (or anybody else to your knowledge) mucked around in the default domain controllers group policy? – Jason Berg Aug 23 '10 at 13:48
  • Ah crap, gotta be on site - I won't be able to do this until at least Sunday at the earliest – Mark Henderson Aug 25 '10 at 05:42
  • @Jason - I'm going on site this morning to look at it, so hopefully I can give your suggestions a go before the bounty expires! – Mark Henderson Aug 27 '10 at 22:03
  • Sigh, there's something VERY wrong with this server :( the connect to network wizard failed with an unknown error. I put all the settings back in manaully. +100 for the help! – Mark Henderson Aug 28 '10 at 04:21
  • Might want to check the Connect to Internet log. It's at C:\Program Files\Windows Small Business Server\Logs\CTIW.log – Jason Berg Aug 28 '10 at 04:39
  • No need - it started working after a final reboot! Thanks heaps! – Mark Henderson Aug 28 '10 at 04:56
  • Hi, guys. Can you explain what was the solution? – Gennady Vanin Геннадий Ванин Aug 28 '10 at 09:55
  • @vgv8 - I replaced the PSU, and the problem went away. See my answer below. – Mark Henderson Sep 20 '11 at 08:26
1

I'll offer two possibilities that may or may not be helpful:

  1. When you say that there is only one domain controller, I take it that this SBS machine is the only domain controller? This may be familiar territory for you, but I want to be sure because so many people aren't fully aware of the enforced limitations of SBS.

  2. Is there any possibility that this machine's clock is out of sync with the rest of your LAN?

Skyhawk
  • 14,149
  • 3
  • 52
  • 95
  • Are you saying SBS wants to be **A** domain controller or it wants to be **THE ONLY** domain controller? – Jason Berg Aug 23 '10 at 00:44
  • Yeah, it's the **only** DC as per SBS limitations, and the clock is in sync. See my comment on Jason's answer - I'll double check the clock thing once I've run a restore. – Mark Henderson Aug 23 '10 at 00:46
  • Just want to clarify, there's no limitation that SBS be the **only** DC. It only needs to have all the FSMO roles. You can have as many DCs as you'd like as long as there are no child domains, no trusts, and SBS has all FSMO roles. – Jason Berg Aug 23 '10 at 00:53
  • @Jason: I have removed the sentence that was unclear out of context. Thanks for the heads-up. @Farseeker: A clock discrepancy definitely could cause the file share issues that you're describing, in both directions. I'm very curious! – Skyhawk Aug 23 '10 at 04:25
  • Sorry guys, clocks are in sync! – Mark Henderson Aug 23 '10 at 08:25
1

Unfortuantely after following everyones advice here, the issues came back after about a week. We just lived with it whilst preparing to rebuild the server.

Whilst we were preparing for the rebuild, the PSU in the server died. I took the oppertunity to upgrade it to a 1kw PSU and low and behold, all the problems went away!

I suspect that a recent upgrade from 4 to 16Gb of RAM drew too much power and didn't leave enough for the system to function correctly.

Mark Henderson
  • 68,316
  • 31
  • 175
  • 255
0

Some random suggestions:

  • Network configuration. Are IP address/subnet mask/gateway/DNS configured correctly? Are "Client for Microsoft Networks" and "File and Print Sharing for Microsoft Networks" present and enabled in the network interface?
  • Windows Firewall. How is it configured? Did you try disabling it?
  • Windows Firewall, again; is by chance its service stopped? I've witnessed all sort of crazy network issues when this service is stopped/disabled instead of configuring Windows Firewall to not block anything; this was common practice with Windows XP/2003, but looks like starting with Vista/2008 the Windows Firewall service became a vital component of the network stack.
  • Basic checks: can the server resolve host names and ping other computers?
  • Can other computers ping this server? Can they connect to shares on it?
Massimo
  • 68,714
  • 56
  • 196
  • 319
  • The server is currently totally stuffed (see comment on Jason's answer) - I'll check these things after I've done a restore on it tonight. – Mark Henderson Aug 23 '10 at 00:53
  • 1) Network is correct, 2) 3) Tried disabling firewall, no luck, service is started, 4) Resolution (via DNS) is fine, 5) They can ping and browse shares, but not connect to shares – Mark Henderson Aug 23 '10 at 08:24
0

In registry check:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
(DWORD) LMcompatibility to be 1 (reboot upon modification).

---Update1:
Can it these links be helpful?

Gennady Vanin Геннадий Ванин
  • 677
  • 3
  • 12
  • 28
0

This can be caused by incorret nework / dns entries.

Please try this:

ipconfig /registerdns
net stop netlogon

If you have dhcp server - please delete all leases pointing to your server. Check if all DNS A records for your server are pointing to it's current ip.

net start netlogon
Andreas Rehm
  • 841
  • 6
  • 11