Server problems with AD? 1

[PoliMalaka]

OS = Windows 2000 Server
Environment = W2K AD

The server is running a few SQL DBs and serving files. Nothing spectacular. It had run fine when a member of our NT 4 domain. After moving most of our servers and workstations to AD, we disabled most of the accounts in the NT domain. Of course this broke some services that relied on accounts in that domain.
Fixed all of the services to run with local system account.
We then decided to move this server into the AD.
We also noticed that when viewing the security on a folder or file, that a SID would be displayed instead of a name. There were one or two names that resolved. We lost the ability to hit the server in a browser with \\servername.
Moved it back to the NT domain. Connectivity was restored.
Moved it back into AD and are getting the error below.

Application log:

Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1000
Date: 11/28/2005
Time: 1:12:58 PM
User: NT AUTHORITY\SYSTEM
Computer: GALRS1
Description:
The Group Policy client-side extension Scripts was passed flags (0) and returned a failure status code of (1231).

^ This occurs about every 30 minuts or so.

The security tab still shows the SIDs and not names. However there are still a couple of names that do show up. We have let this sit for hours so it is not a time issue (sometimes names will take a while to resolve in long lists on our other servers).

The articles at MS don't really help me. Event ID applies to so many things.

Are these related? any ideas why the SIDs are not resolving to names?

 

[xmsre]

For a userenv event 1000

http://support.microsoft.com/default.aspx?scid=kb;en-us;312164

1231 is a winerror, ERROR_NETWORK_UNREACHABLE

Have you checked your network connectivity?

 

[PoliMalaka]

Network connectivity seems fine.
We can access everything from the server and we can get to everything on the server.

 

[xmsre]

I would get a network trace, or at a minimum get some network statistics with perfmon, while the issue is occurring.

The flags are descibed in KB 312164. The returned failure code, or reason, was a winerr code 1231 or network unreachable error. The other symptoms you mentioned like failing or slow SID lookup also imply a connectivity issue as this is actually an LDAP lookup from the host to the domain controller. A connectivity issue can be complete, or only impact certain protocols. It could be as simple as a firewall rule.

You mentioned that you can no longer browse the server. Do any of the net functions work, or is this a complete loss of RPC connectivity? What protocols can you connect to the sever with, and which protocols fail? Is anything logged on the server or the domain controller in the security log when the session fails?

You mentioned moving it between an NT domain and AD. Does a two way downlevel trust exist? Is it functioning? What about the users? Are they still in the NT domain or in AD? If they were migrated, did you bring over the SID history? DId you use any third party tools to ACL SQL or the filesystem after moving into AD? Did you change the service account for SQL? DId you remove the computer account or reset it before adding the server back to AD the second time? Many times a security issue will initially look like a connectivity issue. Your security log (on the host and on the domain controller(S)) will help you decipher the problem.

 

[Seaspray0]

You show exceptional troubleshooting skills in that post, xmsre.

A+/MCP/MCSE/MCDBA

 

[PoliMalaka]

What great input!
Still checking this and will report back when/if I find a solution.