Am 16.11.2015 um 14:06 schrieb Viktor Trojanovic:> > > On 16.11.2015 13:48, Viktor Trojanovic wrote: >> See replies below >> >> On 16.11.2015 12:39, Rowland Penny wrote: >>> On 16/11/15 11:19, Viktor Trojanovic wrote: >>>> So I ran a samba-tool ntacl sysvolcheck, and the following error >>>> message came up: >>>> >>>> --------------------snip-------------------- >>>> ERROR(<class 'samba.provision.ProvisioningError'>): uncaught >>>> exception - ProvisioningError: DB ACL on GPO directory >>>> /var/lib/samba/sysvol/samdom.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/MACHINE/Scripts/Startup >>>> O:BAG:DUD:(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;;0x001f01ff;;;BA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) >>>> does not match expected value >>>> O:DAG:DAD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) >>>> from GPO object >>>> File "/usr/lib/python2.7/site-packages/samba/netcmd/__init__.py", >>>> line 175, in _run >>>> return self.run(*args, **kwargs) >>>> File "/usr/lib/python2.7/site-packages/samba/netcmd/ntacl.py", >>>> line 249, in run >>>> lp) >>>> File >>>> "/usr/lib/python2.7/site-packages/samba/provision/__init__.py", >>>> line 1733, in checksysvolacl >>>> direct_db_access) >>>> File >>>> "/usr/lib/python2.7/site-packages/samba/provision/__init__.py", >>>> line 1684, in check_gpos_acl >>>> domainsid, direct_db_access) >>>> File >>>> "/usr/lib/python2.7/site-packages/samba/provision/__init__.py", >>>> line 1650, in check_dir_acl >>>> raise ProvisioningError('%s ACL on GPO directory %s %s does not >>>> match expected value %s from GPO object' % >>>> (acl_type(direct_db_access), os.path.join(root, name), fsacl_sddl, >>>> acl)) >>>> --------------------snip-------------------- >>>> >>>> The GPO directory in question is the Default Domain Policy. >>>> >>>> Any idea what happened here? I never touched the DDD, it's still on >>>> version 0, and I never did any changes to those files either. I >>>> manually checked the ACL, without having made a diff on it, it >>>> looks pretty much the same like the ACL on the other containers. >>>> >>>> Is it safe to run sysvolreset? >>>> >>>> Viktor >>>> >>>> On 16.11.2015 09:34, L.P.H. van Belle wrote: >>>>> I guest, >>>>> >>>>> incorrect rights on you sysvol, >>>>> Try : samba-tool ntacl sysvolreset >>>>> And check the share rights. >>>>> >>>>> By default this should work out of the box. >>>>> Did you change the sysvol rights? >>>>> >>>>> >>>>> Greetz, >>>>> >>>>> Louis >>>>> >>>>> >>>>>> -----Oorspronkelijk bericht----- >>>>>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Ole Traupe >>>>>> Verzonden: maandag 16 november 2015 9:25 >>>>>> Aan: samba at lists.samba.org >>>>>> Onderwerp: Re: [Samba] Win Clients and DNS >>>>>> >>>>>> Viktor, can you manually check whether you have DNS records for >>>>>> your Win >>>>>> clients? >>>>>> >>>>>> In the DNS settings for your Win clients' network adapters you can >>>>>> uncheck that the current address shall be registered in DNS. >>>>>> >>>>>> Ole >>>>>> >>>>>> >>>>>> Am 16.11.2015 um 01:31 schrieb Viktor Trojanovic: >>>>>>> I have an AD with 1 Samba DC and 5 Windows 10 clients. The DC >>>>>>> and the >>>>>>> clients all have a fixed IPv4 address. >>>>>>> >>>>>>> In the windows event viewer, I constantly see the following >>>>>>> warning: >>>>>>> >>>>>>> Event 8019, DNS Client Events >>>>>>> ------------------------------------------ >>>>>>> The system failed to register host (A or AAA) resource records >>>>>>> (RRs) >>>>>>> for network adapter with settings: >>>>>>> >>>>>>> Adapter Name: {someGUID} >>>>>>> Host Name: Client-PC >>>>>>> Primary Domain Suffix: SAMDOM.COM >>>>>>> DNS Server list: >>>>>>> 192.168.0.1 >>>>>>> Sent update to server: <?> >>>>>>> IP Addresses: >>>>>>> 192.168.0.15 >>>>>>> ------------------------------------------ >>>>>>> >>>>>>> Is it necessary to manually make some entries in DNS for the client >>>>>>> machines? I didn't see anything about that in the Wiki. >>>>>>> >>>>>>> I'm trying to figure out if this is connected to another problem >>>>>>> I'm >>>>>>> facing. A machine based GPO is not executed because "the file >>>>>>> \\SAMDOM.COM\SysVol\[...]\gpt.ini from a domain controller could >>>>>>> not >>>>>>> be read", and as one of the possible reasons for the error, name >>>>>>> resolution is mentioned. I can access the file just fine once I'm >>>>>>> logged in so I really don't know what the issue is here. >>>>>>> >>>>>>> Thanks, >>>>>>> Viktor >>>>>>> >>>>>> >>>>>> -- >>>>>> To unsubscribe from this list go to the following URL and read the >>>>>> instructions: https://lists.samba.org/mailman/options/samba >>>>> >>>>> >>>> >>>> >>> >>> Firstly, have you changed anything on the DC after provision? I >>> don't mean adding users or groups, but anything else? >>> >>> I think if you examine what samba-tool thinks is different, you will >>> find that it is only these: >>> >>> O:BAG:DUD and O:DAG:DAD >>> >>> To turn these into English :-) >>> >>> O = owner >>> BA = BUILTIN\Administrators >>> G = group >>> DU = Domain Users >>> DA = Domain Administrators >>> >>> BA becoming DA is fairly common and I don't think is relevant >>> But somehow DA has become DU >>> >> Yes, those are the ACL's I see, BA is the owner, DA has full rights, >> DU can read. >> >>> That is why I asked if you have changed anything. >>> >> No, I haven't. Please also check my new thread about the ACL issue. >> >>> Now as for do your computers A and PTR records need to be added to >>> AD, try this on the DC: >>> >>> ping -c1 member1 >>> >>> where 'member1' is the hostname of one of your workstations, it >>> should return something like this: >>> >>> PING member1.samdom.example.com (192.168.0.2) 56(84) bytes of data. >>> 64 bytes from 192.168.0.2: icmp_seq=1 ttl=64 time=0.261 ms >>> >>> >>> >> This is making things even more confusing.. if I enter the DNS >> records, then the command nslookup clientname will provide the >> correct IP address. Ping doesn't work for half of the clients but it >> doesn't work even using the IP address. Seems like the firewall is >> blocking it which is again really weird because I didn't make any >> changes and all clients are exactly the same. >> > > Off topic but some of my Win 10 clients have ICMP echo blocked in the > domain, some allow it. And I never even touched this setting. >To my knowledge, ping requires File and Printer Sharing on Windows. Is it activated on all your clients?
On 16/11/15 13:25, Ole Traupe wrote:> > > Am 16.11.2015 um 14:06 schrieb Viktor Trojanovic: >> >> >> On 16.11.2015 13:48, Viktor Trojanovic wrote: >>> See replies below >>> >>> On 16.11.2015 12:39, Rowland Penny wrote: >>>> On 16/11/15 11:19, Viktor Trojanovic wrote: >>>>> So I ran a samba-tool ntacl sysvolcheck, and the following error >>>>> message came up: >>>>> >>>>> --------------------snip-------------------- >>>>> ERROR(<class 'samba.provision.ProvisioningError'>): uncaught >>>>> exception - ProvisioningError: DB ACL on GPO directory >>>>> /var/lib/samba/sysvol/samdom.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/MACHINE/Scripts/Startup >>>>> O:BAG:DUD:(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;;0x001f01ff;;;BA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) >>>>> does not match expected value >>>>> O:DAG:DAD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) >>>>> from GPO object >>>>> File >>>>> "/usr/lib/python2.7/site-packages/samba/netcmd/__init__.py", line >>>>> 175, in _run >>>>> return self.run(*args, **kwargs) >>>>> File "/usr/lib/python2.7/site-packages/samba/netcmd/ntacl.py", >>>>> line 249, in run >>>>> lp) >>>>> File >>>>> "/usr/lib/python2.7/site-packages/samba/provision/__init__.py", >>>>> line 1733, in checksysvolacl >>>>> direct_db_access) >>>>> File >>>>> "/usr/lib/python2.7/site-packages/samba/provision/__init__.py", >>>>> line 1684, in check_gpos_acl >>>>> domainsid, direct_db_access) >>>>> File >>>>> "/usr/lib/python2.7/site-packages/samba/provision/__init__.py", >>>>> line 1650, in check_dir_acl >>>>> raise ProvisioningError('%s ACL on GPO directory %s %s does >>>>> not match expected value %s from GPO object' % >>>>> (acl_type(direct_db_access), os.path.join(root, name), fsacl_sddl, >>>>> acl)) >>>>> --------------------snip-------------------- >>>>> >>>>> The GPO directory in question is the Default Domain Policy. >>>>> >>>>> Any idea what happened here? I never touched the DDD, it's still >>>>> on version 0, and I never did any changes to those files either. I >>>>> manually checked the ACL, without having made a diff on it, it >>>>> looks pretty much the same like the ACL on the other containers. >>>>> >>>>> Is it safe to run sysvolreset? >>>>> >>>>> Viktor >>>>> >>>>> On 16.11.2015 09:34, L.P.H. van Belle wrote: >>>>>> I guest, >>>>>> >>>>>> incorrect rights on you sysvol, >>>>>> Try : samba-tool ntacl sysvolreset >>>>>> And check the share rights. >>>>>> >>>>>> By default this should work out of the box. >>>>>> Did you change the sysvol rights? >>>>>> >>>>>> >>>>>> Greetz, >>>>>> >>>>>> Louis >>>>>> >>>>>> >>>>>>> -----Oorspronkelijk bericht----- >>>>>>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Ole Traupe >>>>>>> Verzonden: maandag 16 november 2015 9:25 >>>>>>> Aan: samba at lists.samba.org >>>>>>> Onderwerp: Re: [Samba] Win Clients and DNS >>>>>>> >>>>>>> Viktor, can you manually check whether you have DNS records for >>>>>>> your Win >>>>>>> clients? >>>>>>> >>>>>>> In the DNS settings for your Win clients' network adapters you can >>>>>>> uncheck that the current address shall be registered in DNS. >>>>>>> >>>>>>> Ole >>>>>>> >>>>>>> >>>>>>> Am 16.11.2015 um 01:31 schrieb Viktor Trojanovic: >>>>>>>> I have an AD with 1 Samba DC and 5 Windows 10 clients. The DC >>>>>>>> and the >>>>>>>> clients all have a fixed IPv4 address. >>>>>>>> >>>>>>>> In the windows event viewer, I constantly see the following >>>>>>>> warning: >>>>>>>> >>>>>>>> Event 8019, DNS Client Events >>>>>>>> ------------------------------------------ >>>>>>>> The system failed to register host (A or AAA) resource records >>>>>>>> (RRs) >>>>>>>> for network adapter with settings: >>>>>>>> >>>>>>>> Adapter Name: {someGUID} >>>>>>>> Host Name: Client-PC >>>>>>>> Primary Domain Suffix: SAMDOM.COM >>>>>>>> DNS Server list: >>>>>>>> 192.168.0.1 >>>>>>>> Sent update to server: <?> >>>>>>>> IP Addresses: >>>>>>>> 192.168.0.15 >>>>>>>> ------------------------------------------ >>>>>>>> >>>>>>>> Is it necessary to manually make some entries in DNS for the >>>>>>>> client >>>>>>>> machines? I didn't see anything about that in the Wiki. >>>>>>>> >>>>>>>> I'm trying to figure out if this is connected to another >>>>>>>> problem I'm >>>>>>>> facing. A machine based GPO is not executed because "the file >>>>>>>> \\SAMDOM.COM\SysVol\[...]\gpt.ini from a domain controller >>>>>>>> could not >>>>>>>> be read", and as one of the possible reasons for the error, name >>>>>>>> resolution is mentioned. I can access the file just fine once I'm >>>>>>>> logged in so I really don't know what the issue is here. >>>>>>>> >>>>>>>> Thanks, >>>>>>>> Viktor >>>>>>>> >>>>>>> >>>>>>> -- >>>>>>> To unsubscribe from this list go to the following URL and read the >>>>>>> instructions: https://lists.samba.org/mailman/options/samba >>>>>> >>>>>> >>>>> >>>>> >>>> >>>> Firstly, have you changed anything on the DC after provision? I >>>> don't mean adding users or groups, but anything else? >>>> >>>> I think if you examine what samba-tool thinks is different, you >>>> will find that it is only these: >>>> >>>> O:BAG:DUD and O:DAG:DAD >>>> >>>> To turn these into English :-) >>>> >>>> O = owner >>>> BA = BUILTIN\Administrators >>>> G = group >>>> DU = Domain Users >>>> DA = Domain Administrators >>>> >>>> BA becoming DA is fairly common and I don't think is relevant >>>> But somehow DA has become DU >>>> >>> Yes, those are the ACL's I see, BA is the owner, DA has full rights, >>> DU can read. >>> >>>> That is why I asked if you have changed anything. >>>> >>> No, I haven't. Please also check my new thread about the ACL issue. >>> >>>> Now as for do your computers A and PTR records need to be added to >>>> AD, try this on the DC: >>>> >>>> ping -c1 member1 >>>> >>>> where 'member1' is the hostname of one of your workstations, it >>>> should return something like this: >>>> >>>> PING member1.samdom.example.com (192.168.0.2) 56(84) bytes of data. >>>> 64 bytes from 192.168.0.2: icmp_seq=1 ttl=64 time=0.261 ms >>>> >>>> >>>> >>> This is making things even more confusing.. if I enter the DNS >>> records, then the command nslookup clientname will provide the >>> correct IP address. Ping doesn't work for half of the clients but it >>> doesn't work even using the IP address. Seems like the firewall is >>> blocking it which is again really weird because I didn't make any >>> changes and all clients are exactly the same. >>> >> >> Off topic but some of my Win 10 clients have ICMP echo blocked in the >> domain, some allow it. And I never even touched this setting. >> > To my knowledge, ping requires File and Printer Sharing on Windows. Is > it activated on all your clients? > > >OK, if ping is a problem, try 'nslookup member1' on the DC, it should return something like this: Server: 192.168.0.6 Address: 192.168.0.6#53 Name: member1.samdom.example.com Address: 192.168.0.2 If it returns this: Server: 192.168.0.6 Address: 192.168.0.6#53 ** server can't find member1: NXDOMAIN Then your DNS is up the spout, probably because the record for 'member1' isn't in AD. Rowland
On 16.11.2015 14:44, Rowland Penny wrote:> On 16/11/15 13:25, Ole Traupe wrote: >> >> >> Am 16.11.2015 um 14:06 schrieb Viktor Trojanovic: >>> >>> >>> On 16.11.2015 13:48, Viktor Trojanovic wrote: >>>> See replies below >>>> >>>> On 16.11.2015 12:39, Rowland Penny wrote: >>>>> On 16/11/15 11:19, Viktor Trojanovic wrote: >>>>>> So I ran a samba-tool ntacl sysvolcheck, and the following error >>>>>> message came up: >>>>>> >>>>>> --------------------snip-------------------- >>>>>> ERROR(<class 'samba.provision.ProvisioningError'>): uncaught >>>>>> exception - ProvisioningError: DB ACL on GPO directory >>>>>> /var/lib/samba/sysvol/samdom.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/MACHINE/Scripts/Startup >>>>>> O:BAG:DUD:(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;;0x001f01ff;;;BA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) >>>>>> does not match expected value >>>>>> O:DAG:DAD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) >>>>>> from GPO object >>>>>> File >>>>>> "/usr/lib/python2.7/site-packages/samba/netcmd/__init__.py", line >>>>>> 175, in _run >>>>>> return self.run(*args, **kwargs) >>>>>> File "/usr/lib/python2.7/site-packages/samba/netcmd/ntacl.py", >>>>>> line 249, in run >>>>>> lp) >>>>>> File >>>>>> "/usr/lib/python2.7/site-packages/samba/provision/__init__.py", >>>>>> line 1733, in checksysvolacl >>>>>> direct_db_access) >>>>>> File >>>>>> "/usr/lib/python2.7/site-packages/samba/provision/__init__.py", >>>>>> line 1684, in check_gpos_acl >>>>>> domainsid, direct_db_access) >>>>>> File >>>>>> "/usr/lib/python2.7/site-packages/samba/provision/__init__.py", >>>>>> line 1650, in check_dir_acl >>>>>> raise ProvisioningError('%s ACL on GPO directory %s %s does >>>>>> not match expected value %s from GPO object' % >>>>>> (acl_type(direct_db_access), os.path.join(root, name), >>>>>> fsacl_sddl, acl)) >>>>>> --------------------snip-------------------- >>>>>> >>>>>> The GPO directory in question is the Default Domain Policy. >>>>>> >>>>>> Any idea what happened here? I never touched the DDD, it's still >>>>>> on version 0, and I never did any changes to those files either. >>>>>> I manually checked the ACL, without having made a diff on it, it >>>>>> looks pretty much the same like the ACL on the other containers. >>>>>> >>>>>> Is it safe to run sysvolreset? >>>>>> >>>>>> Viktor >>>>>> >>>>>> On 16.11.2015 09:34, L.P.H. van Belle wrote: >>>>>>> I guest, >>>>>>> >>>>>>> incorrect rights on you sysvol, >>>>>>> Try : samba-tool ntacl sysvolreset >>>>>>> And check the share rights. >>>>>>> >>>>>>> By default this should work out of the box. >>>>>>> Did you change the sysvol rights? >>>>>>> >>>>>>> >>>>>>> Greetz, >>>>>>> >>>>>>> Louis >>>>>>> >>>>>>> >>>>>>>> -----Oorspronkelijk bericht----- >>>>>>>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Ole >>>>>>>> Traupe >>>>>>>> Verzonden: maandag 16 november 2015 9:25 >>>>>>>> Aan: samba at lists.samba.org >>>>>>>> Onderwerp: Re: [Samba] Win Clients and DNS >>>>>>>> >>>>>>>> Viktor, can you manually check whether you have DNS records for >>>>>>>> your Win >>>>>>>> clients? >>>>>>>> >>>>>>>> In the DNS settings for your Win clients' network adapters you can >>>>>>>> uncheck that the current address shall be registered in DNS. >>>>>>>> >>>>>>>> Ole >>>>>>>> >>>>>>>> >>>>>>>> Am 16.11.2015 um 01:31 schrieb Viktor Trojanovic: >>>>>>>>> I have an AD with 1 Samba DC and 5 Windows 10 clients. The DC >>>>>>>>> and the >>>>>>>>> clients all have a fixed IPv4 address. >>>>>>>>> >>>>>>>>> In the windows event viewer, I constantly see the following >>>>>>>>> warning: >>>>>>>>> >>>>>>>>> Event 8019, DNS Client Events >>>>>>>>> ------------------------------------------ >>>>>>>>> The system failed to register host (A or AAA) resource records >>>>>>>>> (RRs) >>>>>>>>> for network adapter with settings: >>>>>>>>> >>>>>>>>> Adapter Name: {someGUID} >>>>>>>>> Host Name: Client-PC >>>>>>>>> Primary Domain Suffix: SAMDOM.COM >>>>>>>>> DNS Server list: >>>>>>>>> 192.168.0.1 >>>>>>>>> Sent update to server: <?> >>>>>>>>> IP Addresses: >>>>>>>>> 192.168.0.15 >>>>>>>>> ------------------------------------------ >>>>>>>>> >>>>>>>>> Is it necessary to manually make some entries in DNS for the >>>>>>>>> client >>>>>>>>> machines? I didn't see anything about that in the Wiki. >>>>>>>>> >>>>>>>>> I'm trying to figure out if this is connected to another >>>>>>>>> problem I'm >>>>>>>>> facing. A machine based GPO is not executed because "the file >>>>>>>>> \\SAMDOM.COM\SysVol\[...]\gpt.ini from a domain controller >>>>>>>>> could not >>>>>>>>> be read", and as one of the possible reasons for the error, name >>>>>>>>> resolution is mentioned. I can access the file just fine once I'm >>>>>>>>> logged in so I really don't know what the issue is here. >>>>>>>>> >>>>>>>>> Thanks, >>>>>>>>> Viktor >>>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> To unsubscribe from this list go to the following URL and read the >>>>>>>> instructions: https://lists.samba.org/mailman/options/samba >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>> >>>>> Firstly, have you changed anything on the DC after provision? I >>>>> don't mean adding users or groups, but anything else? >>>>> >>>>> I think if you examine what samba-tool thinks is different, you >>>>> will find that it is only these: >>>>> >>>>> O:BAG:DUD and O:DAG:DAD >>>>> >>>>> To turn these into English :-) >>>>> >>>>> O = owner >>>>> BA = BUILTIN\Administrators >>>>> G = group >>>>> DU = Domain Users >>>>> DA = Domain Administrators >>>>> >>>>> BA becoming DA is fairly common and I don't think is relevant >>>>> But somehow DA has become DU >>>>> >>>> Yes, those are the ACL's I see, BA is the owner, DA has full >>>> rights, DU can read. >>>> >>>>> That is why I asked if you have changed anything. >>>>> >>>> No, I haven't. Please also check my new thread about the ACL issue. >>>> >>>>> Now as for do your computers A and PTR records need to be added to >>>>> AD, try this on the DC: >>>>> >>>>> ping -c1 member1 >>>>> >>>>> where 'member1' is the hostname of one of your workstations, it >>>>> should return something like this: >>>>> >>>>> PING member1.samdom.example.com (192.168.0.2) 56(84) bytes of data. >>>>> 64 bytes from 192.168.0.2: icmp_seq=1 ttl=64 time=0.261 ms >>>>> >>>>> >>>>> >>>> This is making things even more confusing.. if I enter the DNS >>>> records, then the command nslookup clientname will provide the >>>> correct IP address. Ping doesn't work for half of the clients but >>>> it doesn't work even using the IP address. Seems like the firewall >>>> is blocking it which is again really weird because I didn't make >>>> any changes and all clients are exactly the same. >>>> >>> >>> Off topic but some of my Win 10 clients have ICMP echo blocked in >>> the domain, some allow it. And I never even touched this setting. >>> >> To my knowledge, ping requires File and Printer Sharing on Windows. >> Is it activated on all your clients? >> >> >> > > OK, if ping is a problem, try 'nslookup member1' on the DC, it should > return something like this: > > Server: 192.168.0.6 > Address: 192.168.0.6#53 > > Name: member1.samdom.example.com > Address: 192.168.0.2 > > If it returns this: > > Server: 192.168.0.6 > Address: 192.168.0.6#53 > > ** server can't find member1: NXDOMAIN > > Then your DNS is up the spout, probably because the record for > 'member1' isn't in AD. > > Rowland > >It returns the expected result for all domain members, no issue here. Viktor