Chan Min Wai
2014-Feb-12 17:47 UTC
[Samba] Software GPO deployment fail because of computer trust
Hello all, I've come a cross some strange GPO software deployment issue and below are some info. I've 2 DC + 1 Domain member (net ads join) AS per suggested, the 2 DC are only use for DC and GPO where the Domain member is working as the files sharing server. There are some strange issue happen where: 1. Win7 vm test maching can get the GPO software without problem 2. Win XP in LAN can also get the GPO software without problem 3. Win7 cannot get the GPO software Reason --> Source don't exists.>From this posthttp://www.winvistatips.com/cannot-use-gpo-deployment-cluster-volume-t774753.html (the last reply) It tell me that kerberos is required between server and client (I just know it, I though it is only required between DC and DC member) So I try something in this new win7... Without login to the domain, just the local administrator... And there are no log there. pushd \\DCmember\share Login Fail, Unknown username and password But pushd \\DC1\netlogon OR \\DC1\dfs I'll be able to login without any problem... So the Question is why fail on the DCmember And how can we make it pass According to GPO software deployment. The PC have to get the files from the software deployment server before login... So in this case on \\DCmember\share it fail Please advise... This is my DC Member config files. Thank You.
Chan Min Wai
2014-Feb-13 06:03 UTC
[Samba] Software GPO deployment fail because of computer trust
Dear All, I can confirm the behavior. Once I've move the files to sysvol (too lazy to create another share) They will work. Now the question is What is the Domain Member lacking of to provide such a trust? Any advise? Thank You. On Thu, Feb 13, 2014 at 1:47 AM, Chan Min Wai <dcmwai at gmail.com> wrote:> Hello all, > > I've come a cross some strange GPO software deployment issue and below are > some info. > > I've 2 DC + 1 Domain member (net ads join) > > AS per suggested, the 2 DC are only use for DC and GPO where the Domain > member is working as the files sharing server. > > There are some strange issue happen where: > 1. Win7 vm test maching can get the GPO software without problem > 2. Win XP in LAN can also get the GPO software without problem > 3. Win7 cannot get the GPO software Reason --> Source don't exists. > > From this post > > http://www.winvistatips.com/cannot-use-gpo-deployment-cluster-volume-t774753.html > (the last reply) > > It tell me that kerberos is required between server and client (I just > know it, I though it is only required between DC and DC member) > > So I try something in this new win7... > Without login to the domain, just the local administrator... > And there are no log there. > > pushd \\DCmember\share > > Login Fail, Unknown username and password > > But > > pushd \\DC1\netlogon OR \\DC1\dfs > > I'll be able to login without any problem... > > So the Question is why fail on the DCmember > And how can we make it pass > > According to GPO software deployment. > The PC have to get the files from the software deployment server before > login... > > So in this case on \\DCmember\share it fail > > Please advise... > This is my DC Member config files. > > > > > Thank You. > > > > > >