# Sbs2003 policy edit problem



## masl-pete (Dec 8, 2011)

I have a server with SBS 2003 R2 Servername sbs1 and Domain xxx-uk.local when attempting to gain access to the Group Policy objects by using the Domain Security policy and the Default Domain Controller Security policy to edit the policies I get an error of the network path not found.

I have tried all of the fixes off the web I can find, to no avail.

I have narrowed it down to the computer name being sbs1 and my sysvol address being \\sbs1\sysvol. The problem is that the policy editor is looking for the Long Computer Name which is sbs1.xxx-uk.local and it is looking for a share of \\sbs1.xxx-uk.local\sysvol (This is shown by the forrest name which shows the domain xxx-uk.local [sbs1.xxx-uk.local]

This all stems down to an upgrade of symantec backupexec when an agent played around remotely with my server. I don't know what was done!! I now get up to 800 errors as every 5 minutes in the application log of event viewer I get two errors!

Can anyone tell me how to change the settings for the policy editor/active directory or get it to look in the right share. Thanks.


----------



## Rockn (Jul 29, 2001)

What do the error logs entail? Can you post one here?


----------



## masl-pete (Dec 8, 2011)

Hi

thanks for response, have attached the errors from the event log and also the Active directory and computers screenshots as well as the dir showing sysvol but still have network not found. I can't find shares in active directory as it is looking for wrong name server? 

Pete


----------



## Rockn (Jul 29, 2001)

Look in DNS under forward lookup zones. There is no way to get Symantec to detail exactly what they did? I am sure they did not do a domain rename so it more than likely has something to do with DNS


----------



## masl-pete (Dec 8, 2011)

Had a look here and to me all looked ok. Ran dcdiag, netdiag and ntfrsutl ds and have attached the logs. The ntfrsutl ds showed mas-svr1sbs as not being a member of any set, could this be the problem if so do you know of a solution. Also the dcdiag brings in the issue of the time service and fails the fsmocheck but I believe this is due to no group info for time service due to groups not being accessible.

Any thoughts.

Thanks in anticipation.


----------



## Rockn (Jul 29, 2001)

Does the date changed correspond to the date that the Symantec tech did his voodoo?

WhenChanged : 12/8/2011 

According to all of your tests the server name is actually MAS-SVR1SBS not SBS1

Why are you hesitent to contact Symantec to see what changes the tech made? They generally document everything.


----------



## masl-pete (Dec 8, 2011)

The date changed does not tally and I can't think for the life of me what or whom has been at it. The reason not to contact Symantec is that I was on the phone to Argentina for nearly 8 hours on and off and I have now let tech support lapse as in the end I sorted the problem out myself !

As to the server name it is mas-svr1sbs I was just using example names originally, but now the logs have been attached all the correct data is there.

Any thoughts.

Thanks.


----------



## Rockn (Jul 29, 2001)

It seems like it is just an issue accessing the SYSVOL share and the policies contained within. On a workstation can you go ti start > run and enter \\masl-uk.local\sysvol and browse the directories? Is your system date and time correct on the server?


----------



## masl-pete (Dec 8, 2011)

In answer to your questions - the system date/time is correct I can't access the sysvol directories through \\masl-uk.local\sysvol but I can through \\mas-svr1sbs\sysvol 

Thanks


----------



## Rockn (Jul 29, 2001)

What does IPCONFIG /ALL look like from the server and from a workstation? Is the DNS server setting on the NIC pointing to it's own IP address and not a loop back address?


----------



## masl-pete (Dec 8, 2011)

Hi, I have included a doc with the results and also the config of the network adapter. Dns is set to server IP address.

Thanks


----------



## Rockn (Jul 29, 2001)

I am not sure what would be wrong unless he made some changes in adsiedit.msc

What was the tech from Symantec trying to fix in regards to the upgrade and what version were you upgrading from and to. Might give me an idea as to what they might have done.


----------



## masl-pete (Dec 8, 2011)

Symantec BUE 2010 R2

It all started when my BUE stopped working and I could not re-install it, I sought help and after a great deal of toing and froing they decided to uninstall and reinstall for me. After nearly three days of trying, they had a little success but in the end I was left with a partially working BUE. I then uninstalled and reinstalled it and it seems to have been ok since. However during their attempts (3 different people) I don't know what happened. It may not even have anything to do with them. 

After your last comment I feel that looking at the adsiedit there seems to be a lot of not sets against the server names in the various sections of the DC tree. I shall investigate further, do you know if you can recover the AD from backup? Could it have been corrupted in some way and be causing this problem? Don't have too much experience of this part.

Thanks for your input to date.


----------



## Rockn (Jul 29, 2001)

The only issues I have had with BUE were due to permissions for the service account that was doing the backups. Unless the passwords or password complexity or if they used the Admin account as the service account I cannot think of what else they would be messing with.

I just did a google search and found this where adsiedit is used to remove the server instance of the BESserver.

http://www.symantec.com/business/su...v=print&impressions=&viewlocale=&id=TECH63497

You can restore the system state, but I would not even venture down that road at this point.


----------



## masl-pete (Dec 8, 2011)

The more I look at this the more I come back to naming of the server, active directory and somehow the domain default policies are still looking for the old name. When I go to run on the main server and click the arrow I can still select \\mas-svr1sbs.masl-uk.local\sysvol, when I click the browse button it shows all the shares. However when I select the share it no longer exists, I then select the masl-uk and have mas-srv1sbs and lo there are my shares and they are accessible. Looking into this it looks that the only way to recover is to rebuild, or leave as is and accept the 800 plus errors every morning in the event log. My system seems to still operate !! Please see attached screen shots which will hopefully explain my thoughts/problem.


----------

