Can't Connect to Shared Drives

Thanks Morgan, I forgot!

Ok, I've discovered something else...

I went into AD to check out operations master roles...turns out it thinks this pesky BDC is offline (which it is anything but). So I go into the network browser, and sure enough, any attempt to access this BDC (though it does appear in the browser) is met with "access denied"!

So I log on to the BDC and start piddling around...Turns out that w32time is disabled. Aha! We all know that having the time services out of sync between two DCs can cause AD problems galore, so this could be the culprit! Odd thing is, it shouldn't be stopped; I've had Windows Time enabled and synced between all machines on the network since some time ago.

So I enable w32time, but when I try to start it up, I still get this message:

"The service cannot be started, either because it is disabled or because it has
no enabled devices associated with it."

Even though w32time is enabled once again, it still can't be started? What could be the cause of this?

Angelic:

I have stayed out of this conversation for one simple reason... trying to determine domain issues remotely is a lot like trying to determine what's wrong with your grannies car when she lives in LA and you live in NY..... It's not only very difficult it's also very dangerous when you are discussing a live network.

What I _do_ know is that since you inherited this domain you have had some "odd" issues. More than once..... and those issues seem to revolve around an AD domain that isn't functioning properly. IME, an AD domain is pretty much a "fire and forget" system if it is set up from scratch and properly managed in between. It strikes me that the system has been improperly put together over time and you are left with the dross that results from that.

I'll take issue with MLF on the patch issue.... Simply because I know that, properly managed, the patch level isn't a problem. However, I will say that if the domain isn't "intact", (for want of a better way of putting it), she may well be right in that it will exacerbate the issues you see.

Were I in your position, and I know this will 'hurt", I would drop the whole domain and start from scratch. The downside is the potential downtime... The upside is a network that doesn't randomly "flake out" on you..... Which peeves the users, gives you stress and generally isn't a good thing...

It's going to be a pain... I don't really have time to sit and list the considerations like every mapped drive you have etc.... You know.... But, in the long run, your issues will be solved.

I guess the biggest problem will be convincing your "genius" boss that it has to be done.... Why do I get the horrible feeling that he will tell you that "everything is just peachy"????? :rolleyes:

That's my best advice in your situation..... Sorry I can't be more helpful. There are things that are obvious in AD and things that have too many variables for me to feel comfortable saying "do this".... On my network I might _think_ about trying them... But I take responsibility for my network.... I really don't want to be risking someone elses network by telling them to try it when I have no real clue....

You have my best answer in this situation bearing in mind the history of the network in question..... And you know how much I _hate_ to say that........

Indeed, Tiger, indeed...Yeah, I'm fearful of even suggesting starting from scratch...

To my previous question...Does anyone know of a way to manually demote a server? As stated pior, I can't demote it by the typical means, because it won't communicate with the other DC ("access denied" problem). Demoting this particular server (it's the newest DC) may ease the situation...

Try this

Dang, I'm really screwed up at the moment. That didn't even work!

This is what I got:

Quote:

---

The operation failed because: The Directory Service failed to replicate off changes made locally. "Access is denied. "

---

That's with the proper admin account and password used...

Go back to my link and look at the sublinks too.....

About 6 months ago I redid my AD domain at home and because I have a pretty slow box for the server and I'm an impatient SOB I forced a reboot after the box appeared to hang during a dcpromo.... :o In response to a specific error message I found a way to force the server to believe that it is no longer a member of an AD domain on M$' web site... Unfortunately it was one of those accurate but cryptic error message and I have no clue what it was. There is a registry key out there that you can change from it's existing value to "NTServer" I believe it was and it's all it takes to con a server into thinking it is a standalone. Then you can run NTDSutils, IIRC, to run a cleanup and then dcpromo the box again..... Sorry, but it's all a bit fuzzy now but it worked for me in a situation that appears similar to what you may have now..... I tried searching for it for you yeserday and came up with nothing except the link I put there for you. The search terms I used were:-

NTServer registry key
AD domain force demotion
demote AD NTServer registry
force demotion

and a couple of others I don't remember..... If you have a specific error number search on that.... Good luck

Go back to my link and look at the sublinks too.....

About 6 months ago I redid my AD domain at home and because I have a pretty slow box for the server and I'm an impatient SOB I forced a reboot after the box appeared to hang during a dcpromo.... :o In response to a specific error message I found a way to force the server to believe that it is no longer a member of an AD domain on M$' web site... Unfortunately it was one of those accurate but cryptic error message and I have no clue what it was. There is a registry key out there that you can change from it's existing value to "NTServer" I believe it was and it's all it takes to con a server into thinking it is a standalone. Then you can run NTDSutils, IIRC, to run a cleanup and then dcpromo the box again..... Sorry, but it's all a bit fuzzy now but it worked for me in a situation that appears similar to what you may have now..... I tried searching for it for you yeserday and came up with nothing except the link I put there for you. The search terms I used were:-

NTServer registry key
AD domain force demotion
demote AD NTServer registry
force demotion

and a couple of others I don't remember..... If you have a specific error number search on that.... Good luck