I am having a strange issue at one location which is running samba 4.1. Two or three PC's out of maybe twenty-five are unable to get to the sysvol share. If I run "gpupdate" on the systems it gives error 1058. Digging deeper says the path was not found, but if I click on the path in the event log it pops right up in notepad (gpt.ini). This tells me that the user accounts can access said location. I have done "samba-tool ntacl sysvolreset" on both DC's to no avail. What I have noticed is that "Domain Computers" is not listed on the sysvol share. Is this correct? I believe it has admins, authenticated users, system, and one other, but I am not in front of the information right now. I need to know what should be correct for the sysvol so I can verify that this is correct, before the issue spreads. I feel the issue is a Windows bug, but I have to be sure before I go down that path. After resetting the ACLs I did notice that the UNIX permissions were 770 on the sysvol dircetory. Is that correct? Also, what information should I post and I will get it ASAP. Thanks in advance for any assistance you may offer. -- Reach Technology FP, Inc Lead IT/IS Specialist
I may have just solved this. I realized I could access \\dc01\sysvol and \\dc02\sysvol but I randomly could not access \\domain\sysvol for some unknown reason. I did "host -t A domain" and got THREE addresses back, but I only have TWO DCs. With that said, I imagine the systems are randomly being referred to the third, non-existent DC and failing. I will be researching this shortly and if it fixes the issue, I will report it. On 01/15/2015 08:52 AM, Ryan Ashley wrote:> I am having a strange issue at one location which is running samba 4.1. > Two or three PC's out of maybe twenty-five are unable to get to the > sysvol share. If I run "gpupdate" on the systems it gives error 1058. > Digging deeper says the path was not found, but if I click on the path > in the event log it pops right up in notepad (gpt.ini). This tells me > that the user accounts can access said location. I have done "samba-tool > ntacl sysvolreset" on both DC's to no avail. > > What I have noticed is that "Domain Computers" is not listed on the > sysvol share. Is this correct? I believe it has admins, authenticated > users, system, and one other, but I am not in front of the information > right now. I need to know what should be correct for the sysvol so I can > verify that this is correct, before the issue spreads. I feel the issue > is a Windows bug, but I have to be sure before I go down that path. > > After resetting the ACLs I did notice that the UNIX permissions were 770 > on the sysvol dircetory. Is that correct? Also, what information should > I post and I will get it ASAP. Thanks in advance for any assistance you > may offer. >-- Reach Technology FP, Inc Lead IT/IS Specialist
Alright, that was not the issue. After hours of testing, I have some results which I do not fully understand. 1) I can access \\dc01\sysvol and \\dc02\sysvol on the systems 2) I cannot access \\domain\sysvol on those same systems 3) When attempting to access (map, whatever) \\domain\sysvol I get "Internal Error" 4) Permissions on the shares (UNIX and ACL) appear to be correct 5) Most systems on the network are fine and can access the shares 6) The domain name points to dc01 and dc02 in DNS 7) I can ping the domain name fine 8) All required services (RPC, NetBIOS, etc) are running on the problem systems 9) Firewalls are the same as the others, but have been disabled for testing, which did not help So what am I looking at? I have three or four systems refusing to access the system volume and thanks to Microsoft's lovely error team, all I can get is "Internal Error", leaving me little to go on. Is there any way I can narrow this down to a PC or the servers? On 01/15/2015 10:41 AM, Ryan Ashley wrote:> I may have just solved this. I realized I could access \\dc01\sysvol and > \\dc02\sysvol but I randomly could not access \\domain\sysvol for some > unknown reason. I did "host -t A domain" and got THREE addresses back, > but I only have TWO DCs. With that said, I imagine the systems are > randomly being referred to the third, non-existent DC and failing. I > will be researching this shortly and if it fixes the issue, I will > report it. > > On 01/15/2015 08:52 AM, Ryan Ashley wrote: >> I am having a strange issue at one location which is running samba 4.1. >> Two or three PC's out of maybe twenty-five are unable to get to the >> sysvol share. If I run "gpupdate" on the systems it gives error 1058. >> Digging deeper says the path was not found, but if I click on the path >> in the event log it pops right up in notepad (gpt.ini). This tells me >> that the user accounts can access said location. I have done "samba-tool >> ntacl sysvolreset" on both DC's to no avail. >> >> What I have noticed is that "Domain Computers" is not listed on the >> sysvol share. Is this correct? I believe it has admins, authenticated >> users, system, and one other, but I am not in front of the information >> right now. I need to know what should be correct for the sysvol so I can >> verify that this is correct, before the issue spreads. I feel the issue >> is a Windows bug, but I have to be sure before I go down that path. >> >> After resetting the ACLs I did notice that the UNIX permissions were 770 >> on the sysvol dircetory. Is that correct? Also, what information should >> I post and I will get it ASAP. Thanks in advance for any assistance you >> may offer. >>-- Reach Technology FP, Inc Lead IT/IS Specialist