[cifs-protocol] [REG:111071166110452] access denied in NetrLogonSamLogonEx

Matthieu Patou mat at samba.org
Tue Jul 19 14:03:34 MDT 2011

Hi edgar,

On 19/07/2011 22:37, Edgar Olougouna wrote:
> Matthieu,
> After reviewing this with the NRPC and DFRS product teams, MS-NRPC will be clarified to reflect the following.
> "If the Netlogon service is paused, sysvol is not in a ready state, or if the client is not using a secure RPC then the server must return STATUS_ACCESS_DENIED."
Great, it would have saved me from a trying to figure out what was wrong !

> I also confirmed with the DFRS product team that if there is no FRS/DFSR replication then sysvol data is not populated from the other domain controller. As a result, sysvol cannot be ready without the data.
> Therefore, the answer to your question is: no, sysvol cannot be ready without any replication engine used.
> In case this is useful, this article explains how FRS works on a Windows DC and how FRS sets the SysvolReady registry entry during SYSVOL creation and replication.
> How FRS Works http://technet.microsoft.com/en-us/library/cc758169(WS.10).aspx
> Section: What Happens When SYSVOL is Created During Domain Controller Promotion
Ok that's fair, FRS/DFSR will one of our next priority I guess !

Let me know when you have a draft of the new doc.


Matthieu Patou
Samba Team        http://samba.org
Private repo      http://git.samba.org/?p=mat/samba.git;a=summary

More information about the cifs-protocol mailing list