Can't access server shares - DNS problem?

[NFI]

Hello,

I have a problem where my users can't log onto my network, as they can't access their roaming profiles.

The network uses twenty XP SP2 machines and two Server 2003 servers; the profiles are stored in a share on one of the servers. The error I get at logon is "DETAIL - Access is denied".

I did a bit of investigating and have discovered that none of the server shares are accessible from the workstations - they either get "Network path not found" or a challenge for a a username and password that keeps coming back regardless what username and password you supply.

I thought this might be some sort of DNS error, but everything looks fine to me. However, what I have discovered is that NSLOOKUP throws the following error:

*** Can't find server name for address 192.168.32.1: Non-existent domain
*** Default servers are not available
Server: UnKnown
Address: 192.168.32.1

However, if I try and ping the domain, I get a response from the primary domain controller (in as much as 2003 has primary domain controllers).

So what's going on? Actually, what I'd really like to know is how to fix it all! I'll happily entertain the possibility that this is a DNS problem, but I'm pretty certain it's not anything to do with NTFS permissions or Share permissions.

Any help, ideas, opinions, stroking of beards or goings of "Hmmmm" will be much appreciated...

Thanks,

Paul

 

[DylanThompson]

Have you set up a reverse lookup zonefor your IP subnet? Thats what usually causes that NSLOOKUP error you described.

I like children. If they're properly cooked.
-- W.C. Fields

 

[ITPangaeaArchitect]

How was the folder structure set up? The method you should take (this is simple method using user account properties):

1. Establish share on a server that is not part of a DFS replica set (lets use serverA with share named profiles)
a. go to c:
b. create folder named profiles
c. right click the new profiles folder and go to properties.
d. on the sharing tab, select to share the folder then click the permissions button (by default everyone has read ONLY permissions for both share and NTFS)..check full control to give full share access to the everyone group
e. click apply and go to the security tab...click advanced
f. uncheck "allow inheritable permissions...." and click the copy button you are prompted with
g. click ok to get out of advanced, then add authenticated users with everything short of full control (read, write, list folder contents are the important ones here)
h. click apply and go to the general tab....ensure that read only is NOT checked (if win2003, it may be checekd and greyed..this is the default...checked with a black check box not greyeed out indicates a true read only status)...if it is black...uncheck it...or just for safety..uncheck it completely and click apply and ok
i. go into a test user account to the profiles tab
j. set the profile path to be (in this example):
\\serverA\profiles\%username% (after first logon this will change to their name)
k. log in as that user...does it succeed?

the main items to check:
share perms are set to everyone full control
NTFS perms allow authenticated users at least read, write, and list folder contents
if you are on Win2003 SP1, you must have 898060 installed (this is publicly downloadable and is required if you are on SP1...if not on SP1...ensure you have the newest 893066)...either of the mentioend patches I have seen cause erroneous access denied messages

check all these and let me know status

-Brandon Wilson
MCSE00/03, MCSA:Messaging, MCSA03, A+
almost got a paragraph there