Error 1030
|
From: "Charles Yang [MSFT]" on 7 Sep 2005 21:16 HI Wael, If this occurs only on special users, you might have to check the user's permission for the sysvol folder on SBS server. You might have to recreate a user's profiles for administrator to see if this can be resolved. Have you enabled roaming profiles for that administrator or folder redirections. Thanks for updates. Please post back as your convenience. Best regards, Charles Yang (MSFT) Microsoft CSS Online Newsgroup Support Get Secure! - www.microsoft.com/security ====================================================== This newsgroup only focuses on SBS technical issues. If you have issues regarding other Microsoft products, you'd better post in the corresponding newsgroups so that they can be resolved in an efficient and timely manner. You can locate the newsgroup here: http://www.microsoft.com/communities/newsgroups/en-us/default.aspx When opening a new thread via the web interface, we recommend you check the "Notify me of replies" box to receive e-mail notifications when there are any updates in your thread. When responding to posts via your newsreader, please "Reply to Group" so that others may learn and benefit from your issue. Microsoft engineers can only focus on one issue per thread. Although we provide other information for your reference, we recommend you post different incidents in different threads to keep the thread clean. In doing so, it will ensure your issues are resolved in a timely manner. For urgent issues, you may want to contact Microsoft CSS directly. Please check http://support.microsoft.com for regional support phone numbers. Any input or comments in this thread are highly appreciated. ====================================================== This posting is provided "AS IS" with no warranties, and confers no rights. ===================================================== When responding to posts, please "Reply to Group" via your newsreader so that others may learn and benefit from your issue. ===================================================== This posting is provided "AS IS" with no warranties, and confers no rights. -------------------- | From: "Wael" <sedky(a)rocketmail.com> | Newsgroups: microsoft.public.windows.server.sbs | Subject: Re: Error 1030 | Date: 7 Sep 2005 13:37:20 -0700 | Organization: http://groups.google.com | Lines: 8 | Message-ID: <1126125440.576952.135810(a)g47g2000cwa.googlegroups.com> | References: <1125069507.678744.8300(a)o13g2000cwo.googlegroups.com> | <1125498166.671881.75700(a)f14g2000cwb.googlegroups.com> | <Uait4GprFHA.1204(a)TK2MSFTNGXA01.phx.gbl> | NNTP-Posting-Host: 66.158.138.60 | Mime-Version: 1.0 | Content-Type: text/plain; charset="iso-8859-1" | X-Trace: posting.google.com 1126125445 11382 127.0.0.1 (7 Sep 2005 20:37:25 GMT) | X-Complaints-To: groups-abuse(a)google.com | NNTP-Posting-Date: Wed, 7 Sep 2005 20:37:25 +0000 (UTC) | In-Reply-To: <Uait4GprFHA.1204(a)TK2MSFTNGXA01.phx.gbl> | User-Agent: G2/0.2 | X-HTTP-UserAgent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322),gzip(gfe),gzip(gfe) | Complaints-To: groups-abuse(a)google.com | Injection-Info: g47g2000cwa.googlegroups.com; posting-host=66.158.138.60; | posting-account=ZKTY1w0AAAAQ4NX_qq8x8t09rR0rbGty | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!newsfeed00.sul.t-online.de!t-onli ne.de!news.glorb.com!postnews.google.com!g47g2000cwa.googlegroups.com!not-fo r-mail | Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:151618 | X-Tomcat-NG: microsoft.public.windows.server.sbs | | Hi Charles, | | I forgot to mention that for error 1030, the error is usually for | mydomain\administrator. It is never for any other user. I don't know if | this tells us anything. | | Thanks | |
From: Wael on 8 Sep 2005 14:35 Hi Charles, The administrator account that I use and that is causing problem is the default domain administrator ("administrator"). I don't think it is a good idea to delete and recreate that (even though i have an emergency administrator account). I was wondering, is there a special diagnostic tool that I can run and produce a report for you to take a look at? I checked, the administrator has access to all the group policy folders in the sysvol folder.
From: "Charles Yang [MSFT]" on 9 Sep 2005 02:59 HI Wael, Thanks for updates. If the problem occurs on all the client computer not only on special computer, it might be the user's profiles issue. most likely this user's AD account is corrupted. I would suggest that we first reset the password for this user in dsa.msc and check if the problem is resolved. Usually 1030 will go together with event 1058, so could you send me the detailed application log and system event log so that we can check your log more detailed. My email is v-chayan(a)microsoft.com We do have some log files that can be enable to monitor SBS 2003 user logon. You can refer to the article below: 186454 How to Enable User Environment Event Logging in Windows 2000 http://support.microsoft.com/?id=186454 Hope the above information helpful, please feel free to post back. Best regards, Charles Yang (MSFT) Microsoft CSS Online Newsgroup Support Get Secure! - www.microsoft.com/security ====================================================== This newsgroup only focuses on SBS technical issues. If you have issues regarding other Microsoft products, you'd better post in the corresponding newsgroups so that they can be resolved in an efficient and timely manner. You can locate the newsgroup here: http://www.microsoft.com/communities/newsgroups/en-us/default.aspx When opening a new thread via the web interface, we recommend you check the "Notify me of replies" box to receive e-mail notifications when there are any updates in your thread. When responding to posts via your newsreader, please "Reply to Group" so that others may learn and benefit from your issue. Microsoft engineers can only focus on one issue per thread. Although we provide other information for your reference, we recommend you post different incidents in different threads to keep the thread clean. In doing so, it will ensure your issues are resolved in a timely manner. For urgent issues, you may want to contact Microsoft CSS directly. Please check http://support.microsoft.com for regional support phone numbers. Any input or comments in this thread are highly appreciated. ====================================================== This posting is provided "AS IS" with no warranties, and confers no rights. ===================================================== When responding to posts, please "Reply to Group" via your newsreader so that others may learn and benefit from your issue. ===================================================== This posting is provided "AS IS" with no warranties, and confers no rights. -------------------- | From: "Wael" <sedky(a)rocketmail.com> | Newsgroups: microsoft.public.windows.server.sbs | Subject: Re: Error 1030 | Date: 8 Sep 2005 11:35:52 -0700 | Organization: http://groups.google.com | Lines: 13 | Message-ID: <1126204552.590546.12210(a)g47g2000cwa.googlegroups.com> | References: <1125069507.678744.8300(a)o13g2000cwo.googlegroups.com> | <1126125440.576952.135810(a)g47g2000cwa.googlegroups.com> | <woD4zLBtFHA.536(a)TK2MSFTNGXA02.phx.gbl> | NNTP-Posting-Host: 66.158.138.60 | Mime-Version: 1.0 | Content-Type: text/plain; charset="iso-8859-1" | X-Trace: posting.google.com 1126204557 8704 127.0.0.1 (8 Sep 2005 18:35:57 GMT) | X-Complaints-To: groups-abuse(a)google.com | NNTP-Posting-Date: Thu, 8 Sep 2005 18:35:57 +0000 (UTC) | User-Agent: G2/0.2 | X-HTTP-UserAgent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322),gzip(gfe),gzip(gfe) | Complaints-To: groups-abuse(a)google.com | Injection-Info: g47g2000cwa.googlegroups.com; posting-host=66.158.138.60; | posting-account=ZKTY1w0AAAAQ4NX_qq8x8t09rR0rbGty | Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA03.phx.gbl!TK2MSFTNGP08.phx.gbl!newsfeed00. sul.t-online.de!t-online.de!border2.nntp.dca.giganews.com!border1.nntp.dca.g iganews.com!nntp.giganews.com!postnews.google.com!g47g2000cwa.googlegroups.c om!not-for-mail | Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.windows.server.sbs:203337 | X-Tomcat-NG: microsoft.public.windows.server.sbs | | Hi Charles, | | The administrator account that I use and that is causing problem is the | default domain administrator ("administrator"). I don't think it is a | good idea to delete and recreate that (even though i have an emergency | administrator account). | | I was wondering, is there a special diagnostic tool that I can run and | produce a report for you to take a look at? | | I checked, the administrator has access to all the group policy folders | in the sysvol folder. | |
From: "Charles Yang [MSFT]" on 15 Sep 2005 21:49 HI Wael, After checking your log files, I found that only 1030 occurs on your SBS 2003, it should be caused by the wrong cached credential is not correct. You can refer to my suggestions below as a test. I. You can configure this security setting by opening the appropriate policy and expanding the console tree as such: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options Network access: Do not allow storage of credentials or .NET Passports for network authentication II. Following Registry value removes the "Remember My Password" option from all prompts for authentication: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa Value Name: disabledomaincreds Value Type: REG_DWORD Values: 0 = allow domain credentials to be stored 1 = do not store domain credentials Set the disabledomaincreds value to "0" to restore the "Remember My Password" checkbox on the prompt for authentication. III. Set Kerberos to use TCP 244474 How to force Kerberos to use TCP instead of UDP in Windows Server 2003, http://support.microsoft.com/?id=244474 The steps #1 and #2 I introduced in my last reply are all used to delete the store credential. The step #1 could be applied to group policy that cover the SBS server such as domain controller policy and you will find the policy below Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network access: Do not allow storage of credentials or .NET Passports for network authentication The step #2 is used registry key way. The "0" is the default value. When you set this key to 1, to purge the original credential to clear the store and restart the machine. If you do not want the above steps, you could use the following way to delete the cached credential directly. 1. On the SBS server open control panel 2. Open 'Stored User Names and Passwords' 3. Remove all entries in the list, as the problem could be caused by the incorrect credential cached here. If the problem could not be resolved, we may need to set the Kerberos to TCP only, because of the following reasons. The Windows Kerberos authentication package is the default authentication package in Microsoft Windows Server 2003. By default, the maximum size of datagram packets for which Windows Server 2003 uses UDP is 1,465 bytes. Depending on a variety of factors including security identifier (SID) history and group membership, some accounts will have larger Kerberos authentication packet sizes. Depending on hardware of your SBS network, these larger packets may have to be fragmented when going through. The problem is caused by fragmentation of these large UDP Kerberos packets. Because UDP is a connectionless protocol, fragmented UDP packets will be dropped if they arrive at the destination out of order. Then, this issue could be occur that you logon to the SBS server remotely, and the UDP package is dropped at this situation. So, we could set the Kerberos to use TCP only, as Kerberos is designed to work under both UDP and TCP. If you have any further questions or concerns, please feel free to let me know. Thanks for your time and I look forward to your reply. Best regards, Charles Yang (MSFT) Microsoft CSS Online Newsgroup Support Get Secure! - www.microsoft.com/security ====================================================== This newsgroup only focuses on SBS technical issues. If you have issues regarding other Microsoft products, you'd better post in the corresponding newsgroups so that they can be resolved in an efficient and timely manner. You can locate the newsgroup here: http://www.microsoft.com/communities/newsgroups/en-us/default.aspx When opening a new thread via the web interface, we recommend you check the "Notify me of replies" box to receive e-mail notifications when there are any updates in your thread. When responding to posts via your newsreader, please "Reply to Group" so that others may learn and benefit from your issue. Microsoft engineers can only focus on one issue per thread. Although we provide other information for your reference, we recommend you post different incidents in different threads to keep the thread clean. In doing so, it will ensure your issues are resolved in a timely manner. For urgent issues, you may want to contact Microsoft CSS directly. Please check http://support.microsoft.com for regional support phone numbers. Any input or comments in this thread are highly appreciated. ====================================================== This posting is provided "AS IS" with no warranties, and confers no rights. ===================================================== When responding to posts, please "Reply to Group" via your newsreader so that others may learn and benefit from your issue. ===================================================== This posting is provided "AS IS" with no warranties, and confers no rights. -------------------- | X-Tomcat-ID: 102717026 | References: <1125069507.678744.8300(a)o13g2000cwo.googlegroups.com> <1126204552.590546.12210(a)g47g2000cwa.googlegroups.com> | MIME-Version: 1.0 | Content-Type: text/plain | Content-Transfer-Encoding: 7bit | From: v-chayan(a)online.microsoft.com ("Charles Yang [MSFT]") | Organization: Microsoft | Date: Fri, 09 Sep 2005 06:59:14 GMT | Subject: Re: Error 1030 | X-Tomcat-NG: microsoft.public.windows.server.sbs | Message-ID: <9kWRCwQtFHA.780(a)TK2MSFTNGXA01.phx.gbl> | Newsgroups: microsoft.public.windows.server.sbs | Lines: 116 | Path: TK2MSFTNGXA01.phx.gbl | Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:151970 | NNTP-Posting-Host: tomcatimport2.phx.gbl 10.201.218.182 | | HI Wael, | | Thanks for updates. | | If the problem occurs on all the client computer not only on special | computer, it might be the user's profiles issue. most likely this user's AD | account is corrupted. I would suggest that we first reset the password for | this user in dsa.msc and check if the problem is resolved. | | Usually 1030 will go together with event 1058, so could you send me the | detailed application log and system event log so that we can check your log | more detailed. | | My email is v-chayan(a)microsoft.com | We do have some log files that can be enable to monitor SBS 2003 user | logon. You can refer to the article below: | | 186454 How to Enable User Environment Event Logging in Windows 2000 | http://support.microsoft.com/?id=186454 | | Hope the above information helpful, please feel free to post back. | | | | Best regards, | | Charles Yang (MSFT) | | Microsoft CSS Online Newsgroup Support | | Get Secure! - www.microsoft.com/security | | ====================================================== | This newsgroup only focuses on SBS technical issues. If you have issues | regarding other Microsoft products, you'd better post in the corresponding | newsgroups so that they can be resolved in an efficient and timely manner. | You can locate the newsgroup here: | http://www.microsoft.com/communities/newsgroups/en-us/default.aspx | | When opening a new thread via the web interface, we recommend you check the | "Notify me of replies" box to receive e-mail notifications when there are | any updates in your thread. When responding to posts via your newsreader, | please "Reply to Group" so that others may learn and benefit from your | issue. | | Microsoft engineers can only focus on one issue per thread. Although we | provide other information for your reference, we recommend you post | different incidents in different threads to keep the thread clean. In doing | so, it will ensure your issues are resolved in a timely manner. | | For urgent issues, you may want to contact Microsoft CSS directly. Please | check http://support.microsoft.com for regional support phone numbers. | | Any input or comments in this thread are highly appreciated. | ====================================================== | This posting is provided "AS IS" with no warranties, and confers no rights. | | | ===================================================== | When responding to posts, please "Reply to Group" via your newsreader so | that others may learn and benefit from your issue. | ===================================================== | | This posting is provided "AS IS" with no warranties, and confers no rights. | | -------------------- | | From: "Wael" <sedky(a)rocketmail.com> | | Newsgroups: microsoft.public.windows.server.sbs | | Subject: Re: Error 1030 | | Date: 8 Sep 2005 11:35:52 -0700 | | Organization: http://groups.google.com | | Lines: 13 | | Message-ID: <1126204552.590546.12210(a)g47g2000cwa.googlegroups.com> | | References: <1125069507.678744.8300(a)o13g2000cwo.googlegroups.com> | | <1126125440.576952.135810(a)g47g2000cwa.googlegroups.com> | | <woD4zLBtFHA.536(a)TK2MSFTNGXA02.phx.gbl> | | NNTP-Posting-Host: 66.158.138.60 | | Mime-Version: 1.0 | | Content-Type: text/plain; charset="iso-8859-1" | | X-Trace: posting.google.com 1126204557 8704 127.0.0.1 (8 Sep 2005 | 18:35:57 GMT) | | X-Complaints-To: groups-abuse(a)google.com | | NNTP-Posting-Date: Thu, 8 Sep 2005 18:35:57 +0000 (UTC) | | User-Agent: G2/0.2 | | X-HTTP-UserAgent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET | CLR 1.1.4322),gzip(gfe),gzip(gfe) | | Complaints-To: groups-abuse(a)google.com | | Injection-Info: g47g2000cwa.googlegroups.com; posting-host=66.158.138.60; | | posting-account=ZKTY1w0AAAAQ4NX_qq8x8t09rR0rbGty | | Path: | TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA03.phx.gbl!TK2MSFTNGP08.phx.gbl!newsfeed00. | sul.t-online.de!t-online.de!border2.nntp.dca.giganews.com!border1.nntp.dca.g | iganews.com!nntp.giganews.com!postnews.google.com!g47g2000cwa.googlegroups.c | om!not-for-mail | | Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.windows.server.sbs:203337 | | X-Tomcat-NG: microsoft.public.windows.server.sbs | | | | Hi Charles, | | | | The administrator account that I use and that is causing problem is the | | default domain administrator ("administrator"). I don't think it is a | | good idea to delete and recreate that (even though i have an emergency | | administrator account). | | | | I was wondering, is there a special diagnostic tool that I can run and | | produce a report for you to take a look at? | | | | I checked, the administrator has access to all the group policy folders | | in the sysvol folder. | | | | | |
From: Wael on 19 Sep 2005 11:19 Hi Charles, The problem is finally resolved after following your previous recommendations. The question now is, do I keep those settings for good? I know that for VPN, I have to. Thanks for your help. Wael
First
|
Prev
|
Next
|
Last
Pages: 1 2 3 Prev: HTTP/1.1 503 Service Unavailable Next: Backup error 0X80070458 |