Mark Minasi's Tech Forum
Register Calendar Latest Topics Chat
 
 
 


Reply
  Author   Comment   Page 1 of 2      1   2   Next
downtime

Senior Member
Registered:
Posts: 103
Reply with quote  #1 
Dear all,

I had a site (lets call it SiteA) where I have recently removed a RODC. This RODC had a hardware issue and since there are only a handful of users in SiteA I didn't see the need for another DC. Anyway, I noticed today that I cannot connect to any server shares like C$, D$, Data in SiteA using UNC.

The error is either: Share doesn't not exist or Network Access is denied.

Now, I am a Domain Admin, so this is NOT a permissions issue.

I can:

1, Ping all servers in SiteA by IP address and by name.
2, I can use RDC to all servers in SiteA.
3, From SiteA I can UNC to any share in other sites OK.

Security logs look OK, no obvious errors.

I will take a look at the other event logs in depth tomorrow.

Am I missing something obvious here?
0
donoli

Senior Member
Registered:
Posts: 520
Reply with quote  #2 
Have you tried it using the IP address instead of the computer name?
0
wkasdo

Avatar / Picture

Administrator
Registered:
Posts: 194
Reply with quote  #3 
Could be firewalling, inbound to SiteA.
__________________
[MSFT]; Blog: https://blogs.technet.microsoft.com/389thoughts/
0
downtime

Senior Member
Registered:
Posts: 103
Reply with quote  #4 
I tried to access using IP Address but that didn't work.

I checked the local Firewall logs and no traffic is being dropped.

0
wkasdo

Avatar / Picture

Administrator
Registered:
Posts: 194
Reply with quote  #5 
wireshark... stop guessing and start measuring [smile]
__________________
[MSFT]; Blog: https://blogs.technet.microsoft.com/389thoughts/
0
downtime

Senior Member
Registered:
Posts: 103
Reply with quote  #6 
I'm seeing some TCP re-transmission for target ports 139 & 445.
0
donoli

Senior Member
Registered:
Posts: 520
Reply with quote  #7 
Do you see the same error message with the IP that you saw with the computer name?  139 & 445 are the correct ports.  Are those ports opened? 
0
downtime

Senior Member
Registered:
Posts: 103
Reply with quote  #8 
Basically I get the same error: Network path not found.

Ports 139 and 445 are open.

I checked the local firewall logs and there is no dropped traffic.

Mapping via UNC within the site is working OK.
Mapping via UNC to other sites is also OK.

I just can't UNC to this particular site since I removed the DC.
0
donoli

Senior Member
Registered:
Posts: 520
Reply with quote  #9 
The DC must have provided something in the routing table that isn't there now.  Is everything on a Class C subnet?
For example: 192.168.1.xxx
0
downtime

Senior Member
Registered:
Posts: 103
Reply with quote  #10 
IP Routing is fine.

I can ping everything (in SiteA) using NetBIOS name and IP Address.

I can also ping devices in other sites from SiteA using NetBIOS name and IP Address.
0
donoli

Senior Member
Registered:
Posts: 520
Reply with quote  #11 
Were there system group policies in the removed DC that were needed to complete connections to the shares?   
0
wkasdo

Avatar / Picture

Administrator
Registered:
Posts: 194
Reply with quote  #12 
> I'm seeing some TCP re-transmission for target ports 139 & 445.

That's wrong. I'd focus on that.

It also be interesting to know if you can do anything else, like remote WMI queries. If you could, I'd confirm a network level problem.

__________________
[MSFT]; Blog: https://blogs.technet.microsoft.com/389thoughts/
0
downtime

Senior Member
Registered:
Posts: 103
Reply with quote  #13 
OK, this is now fixed [smile]

I ran "netstat -an" on the servers in the affected sites and ports 139 and 445 were open.

When I checked with Zenmap GUI in other sites it did not list ports 139 and 445 as open on any server in SiteA.

So, I doubled checked my Firewall rules and my boss had re-ordered some firewall rules which was also blocking SMB. He swears he didn't change anything. Firewall access logs beg to differ...

Thanks for your help everyone.
0
donoli

Senior Member
Registered:
Posts: 520
Reply with quote  #14 
Tell the boss to stay home.  They can mail the check to him.
0
jsclmedave

Administrator
Registered:
Posts: 446
Reply with quote  #15 
Quote:
Originally Posted by downtime
OK, this is now fixed [smile] I ran "netstat -an" on the servers in the affected sites and ports 139 and 445 were open. When I checked with Zenmap GUI in other sites it did not list ports 139 and 445 as open on any server in SiteA. So, I doubled checked my Firewall rules and my boss had re-ordered some firewall rules which was also blocking SMB. He swears he didn't change anything. Firewall access logs beg to differ... Thanks for your help everyone.


Glad its fixed..!

Correct response should have been "I don't think I changed anything or did anything to affect this but lets take a look real quick to make sure I didn't cause something unforeseen."   Or otherwise known as Learning Opportunities   : )



__________________
Tim Bolton @jsclmedave
Email: [string](0..20|%{[char][int](32+('527377347976847978324785847679797514357977').substring(($_*2),2))}) -replace ' '  

New to the forum? Please Read this
0
Previous Topic | Next Topic
Print
Reply

Quick Navigation:

Easily create a Forum Website with Website Toolbox.