I had a similar issue at ISP…  Basically the problem amounted to DNS.  Once I set our domain controllers/DNS servers to be a secondary zone to msu.edu, and then manually created the msdcs_, tcp_, udp_, and dc_ scopes, the DCs started registering themselves on our DNS servers so the users could find them.  Oh, and make sure that the MSU DNS servers (35.8.2.41, .42) have Host A records for the domain controllers.  Once that change was made, machines really started cranking through group policies and picking up LAN drives.  The problem seems to be that the machine will work when first added, and sets the secure channel password to the DCs, but after 30 days, that PW expires and the machine can’t communicate back to update it.  They’ll still log in because of cached credentials, but they can’t browse the network or connect to anything because the machine is basically no longer trusted.

 

Hope this helps,

Jon

 

 

Jon Galbreath

MCSA/MCSE/Security+

Network/System Administrator

International Studies and Programs

Ph: 517-355-2350

[log in to unmask]

 

 

 

From: MSU Network Administrators Group [mailto:[log in to unmask]] On Behalf Of Scott Cassaday
Sent: Wednesday, October 17, 2007 11:37 AM
To: [log in to unmask]
Subject: Re: [MSUNAG] Wierd issue with IMC domain

 

DNS and netbios are both the same

nothing in the event logs.

This whole thing started as they are not able to map network drives to some server... odd thing is they seem to have a "little" connection to the domain, enough to authenticate as users, but not to map drives over on other servers.

----- Original Message -----

From: [log in to unmask]">Duynslager, Lee

To: [log in to unmask]">Scott Cassaday

Sent: Wednesday, October 17, 2007 11:33 AM

Subject: RE: [MSUNAG] Wierd issue with IMC domain

 

Scott:

 

 

Are the DNS entry and the NETBIOS settings exactly the same as the settings on the machines that work?

 

 

Anything in the event logs?

 

Lee Duynslager

 

From: MSU Network Administrators Group [mailto:[log in to unmask]] On Behalf Of Scott Cassaday
Sent: Wednesday, October 17, 2007 11:22 AM
To: [log in to unmask]
Subject: [MSUNAG] Wierd issue with IMC domain

 

Im having a wierd issue with the IMC domain....

Yesterday 3 machines just stopped connecting to the domain. Other machines in the same office are just fine. The machines can ping the domain servers and tracert shows only a couple of hops. Just as a test I tried removing one of the machines from the domain and re-adding. It comes up with a login window for the domain ( so it apparently is finding the domain" but once I try to login it throws a "the network location cannot be reached" I have switched IP's and checked that all settings are correct. The machines in question are able to browse the web. Any ideas ?

 

Scott Cassaday