Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Users losing access to share folders.......

Status
Not open for further replies.

KbrooksPomeroyIT

IS-IT--Management
Jul 6, 2011
12
US
I will try and give as much info as I can on this issue, I'm sure someone has seen it before...

We have Windows Server 2003(Vanilla) box as our Domain Controller here in our Norfolk office; this handles two Domains, the main Dom for the Military Channel and the Child Domain for the private sector).

Our Domain get's it GP from a DomCont/Server in Florida.

The issue we are having is with access to User Share Folders. Each user has a personal share folder that only they can access.

Last Thurs. we had a help ticket passed to us with a user unable to access her personal share over the VPN(I'm going to refer to it as H:\Drive, the root of the users hidden share is actually D$ on the Server) .

All users on-site connected to the LAN can still access their H:\Drive as long as the drive was mapped before this issue came up. (H: is mapped for our users via a login script)

I tested this on a test account in the Lab by deleting a H:\drive that was mapped before the issue (which had access to the share before I deleted). I deleted it and re-mapped it and was then unable to access it)

Normally our Sys Admins can access this share by the following path. \\server-name\<UserID$> (Typing this in now gives your basic "\\xx\xx\xx is not accessible. You might not have permissions to user this network resource."

Logging in with a users creds and navigating to users share \\server-name\<userID$> will give you access to the drive if you are on the LAN, and some users still can access the share this way via the VPN, it seems to be fairly intermittent.
I went through AD checking User profiles making sure they were members of all the right security groups, especially for the users having issues with access to their H:\drive.
I will really appreciate any help with this issue.


Kelly Brooks
Pomeroy IT Solutions
T3 IT Support for Acosta Military Div.
 
I guess I should mention that these are the users Home folders.
(Mapped to H: in AD)

Kelly Brooks
Pomeroy IT Solutions
T3 IT Support for Acosta Military Div.
 
No, I think just the Domain in FLA is the only one with the Global Catalog. (And I'm not sure about that) I know ours is not at this site.

Kelly Brooks
Pomeroy IT Solutions
T3 IT Support for Acosta Military Div.
 
Sorry our Domain dose have Global Catalog services enabled.

Kelly Brooks
Pomeroy IT Solutions
T3 IT Support for Acosta Military Div.
 
Actually every Domain I looked at did, so I'm assuming they all probably do.

Kelly Brooks
Pomeroy IT Solutions
T3 IT Support for Acosta Military Div.
 
Any errors in the Windows logs on the server hosting the user shares? Has anyone changed the permissions to the root share for the user shares, I believe you stated the root share as d$?

_______________________________________
Great knowledge can be obtained by mastering the Google algorithm.
 
hi,
Thanks for the reply...

I've spent allot of time going through all the directories and checking permissions. Everyone seems to be a member of the correct groups. I've tried wiping them out and re-adding them on some that are being affected by the issue.

I checked the root again and everything is set up correctly there too.

I did not see much in the Event Viewer, and nothing really happening in the time frame of this problem. But there were some warnings.

There is something relating to the Global Catalog.

Not an error, but a warning, I doubt it's related but I'll post it. It's from the "File Replication Service"

"The File Replication Service has detected an enabled disk write cache on the drive containing c:\windows\ntfrs\jet on computer \\server-name. The Fire Replication Service might not recover when power the the drive is interuppted and critical updates are lost."

-------
This one is from AD;

"Internal Event: AD has encountered the following exception and associated parameters.

Exception:
e0010004
Parameter:
0

Addtional Data:
Error value:
-1603
Internal ID:
2050344

Thanks again,


Kelly Brooks
Pomeroy IT Solutions
T3 IT Support for Acosta Military Div.
 
I have a little experience running those diagnostics but I've never tried to do it in-place.

I'm having trouble finding info on whether or not either of those will start/stop/ disrupts any services

Kelly Brooks
Pomeroy IT Solutions
T3 IT Support for Acosta Military Div.
 
I might have to wait till Sunday to run these, just to be safe.

Atleast for now we have a kind of work-around.

It would have to be the home directory that is affected by this :/

Kelly Brooks
Pomeroy IT Solutions
T3 IT Support for Acosta Military Div.
 

UPDATE:

We have not ran diagnostics yet, we are going to do that on Sunday.

Right now if we get users that can't access their home dir's over VPN we have a work-around, creating a new home dir for them and re-doing the permissions and security groups.

Seems like a coruption issue almost. It's so strange that it affects only VPN users.

Hopefully the diagnostics tests will tell us something.

I'll post back Sunday.

Thank you,

Kelly Brooks
Pomeroy IT Solutions
T3 IT Support for Acosta Military Div.
 
There is no need to wait, neither DcDiag or NetDiag will do any harm as run as DcDiag.exe or NetDiag.exe or with the /v switch as the output is read only, using the /v switch is preferable, which will give you a good deal of information.


........................................
Chernobyl disaster..a must see pictorial
 
Thank you Technome,

(We did not get around to running the diagnostics yesterday, it's good to know I don't need to wait till next weekend)

And thank you for the info on the switch, (I guess it's v for verbose?)

I did a fair amount of Googling trying to find out if running those diagnostics would interrupt any services or interfere with connectivity. I did not really think they did, but I've never run them on a production server. This server is critical; we cannot afford any interruptions, especially if they are avoidable. I need to be sure.

I found a forum post that had some info DCDIAG, "How to run DCDIAG with the least amount of interruptions" but it was one of those sites that shows the first post then wants you to buy a subscription to see the rest.......




Kelly Brooks
Pomeroy IT Solutions
T3 IT Support for Acosta Military Div.
 
DCDIAG does not cause ANY outages. It only outputs your environment current "state" This is for diagnostics only. If you find an issue in the /v output, then you will need to work on those issues. I have never experienced any issues with running these commands. I have been working with these tools since they were created. Go for it! :)

_______________________________________
Great knowledge can be obtained by mastering the Google algorithm.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top