[Samba] Sysvol not accessible?

Ryan Ashley ryana at reachtechfp.com
Fri Jan 16 08:17:58 MST 2015 

Alright, that was not the issue. After hours of testing, I have some
results which I do not fully understand.

1) I can access \\dc01\sysvol and \\dc02\sysvol on the systems
2) I cannot access \\domain\sysvol on those same systems
3) When attempting to access (map, whatever) \\domain\sysvol I get
"Internal Error"
4) Permissions on the shares (UNIX and ACL) appear to be correct
5) Most systems on the network are fine and can access the shares
6) The domain name points to dc01 and dc02 in DNS
7) I can ping the domain name fine
8) All required services (RPC, NetBIOS, etc) are running on the problem
systems
9) Firewalls are the same as the others, but have been disabled for
testing, which did not help

So what am I looking at? I have three or four systems refusing to access
the system volume and thanks to Microsoft's lovely error team, all I can
get is "Internal Error", leaving me little to go on. Is there any way I
can narrow this down to a PC or the servers?

On 01/15/2015 10:41 AM, Ryan Ashley wrote:
> I may have just solved this. I realized I could access \\dc01\sysvol and
> \\dc02\sysvol but I randomly could not access \\domain\sysvol for some
> unknown reason. I did "host -t A domain" and got THREE addresses back,
> but I only have TWO DCs. With that said, I imagine the systems are
> randomly being referred to the third, non-existent DC and failing. I
> will be researching this shortly and if it fixes the issue, I will
> report it.
>
> On 01/15/2015 08:52 AM, Ryan Ashley wrote:
>> I am having a strange issue at one location which is running samba 4.1.
>> Two or three PC's out of maybe twenty-five are unable to get to the
>> sysvol share. If I run "gpupdate" on the systems it gives error 1058.
>> Digging deeper says the path was not found, but if I click on the path
>> in the event log it pops right up in notepad (gpt.ini). This tells me
>> that the user accounts can access said location. I have done "samba-tool
>> ntacl sysvolreset" on both DC's to no avail.
>>
>> What I have noticed is that "Domain Computers" is not listed on the
>> sysvol share. Is this correct? I believe it has admins, authenticated
>> users, system, and one other, but I am not in front of the information
>> right now. I need to know what should be correct for the sysvol so I can
>> verify that this is correct, before the issue spreads. I feel the issue
>> is a Windows bug, but I have to be sure before I go down that path.
>>
>> After resetting the ACLs I did notice that the UNIX permissions were 770
>> on the sysvol dircetory. Is that correct? Also, what information should
>> I post and I will get it ASAP. Thanks in advance for any assistance you
>> may offer.
>>

-- 
Reach Technology FP, Inc
Lead IT/IS Specialist

More information about the samba mailing list