[Micronet] ad autoenrollment error?

classic Classic list List threaded Threaded
12 messages Options
Reply | Threaded
Open this post in threaded view
|

[Micronet] ad autoenrollment error?

William Doyle
Good Day,

Yesterday around 14:30 users began having diffuculty logging in. Basic
authenticaiton succeeded, but our folder redirection GPO is failing. It
appears to be a rights issue (access not granted) but there were no
changes to permisisons. I have reviewed permissions on the redirected
share and "liberalized" where possible.

The Fileserver is accessible over network

The errors I'm seeing in the fileserver event log reference an
autoenrollment failure about 14:10 yesterday and a netlogon error (RPC
server unavailabe) error around 14:25.

Users logged in continuously from yesterday not experiencing problems.

Any pointers appreciated.

Bill Doyle
International House


 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] ad autoenrollment error?

Lawrence Sweet
Bill,

These may apply to your situation - forgive me if you have reviewed them already.

http://support.microsoft.com/kb/310461
http://help.lockergnome.com/windows2/issue--ftopict443716.html
http://social.technet.microsoft.com/Forums/en-US/winserversecurity/thread/7d1c1281-d72a-40aa-9e5b-9bbfecad8627/

Lawrence



-----Original Message-----
From: [hidden email] [mailto:[hidden email]] On Behalf Of [hidden email]
Sent: Tuesday, July 03, 2012 7:14 AM
To: [hidden email]
Subject: [Micronet] ad autoenrollment error?

Good Day,

Yesterday around 14:30 users began having diffuculty logging in. Basic authenticaiton succeeded, but our folder redirection GPO is failing. It appears to be a rights issue (access not granted) but there were no changes to permisisons. I have reviewed permissions on the redirected share and "liberalized" where possible.

The Fileserver is accessible over network

The errors I'm seeing in the fileserver event log reference an autoenrollment failure about 14:10 yesterday and a netlogon error (RPC server unavailabe) error around 14:25.

Users logged in continuously from yesterday not experiencing problems.

Any pointers appreciated.

Bill Doyle
International House


 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] ad autoenrollment error?

William Doyle
Lawrence,

Yes, I encountered these sites. DNS settings point to UC dns servers and
an NSlookup of yyy.com looks good.

I'm not altogether conviced it's an autoenrollment error, but that was one
of the few readily identifiable possibilities.

I will continue to plug away.

Bill


> Bill,
>
> These may apply to your situation - forgive me if you have reviewed them
> already.
>
> http://support.microsoft.com/kb/310461
> http://help.lockergnome.com/windows2/issue--ftopict443716.html
> http://social.technet.microsoft.com/Forums/en-US/winserversecurity/thread/7d1c1281-d72a-40aa-9e5b-9bbfecad8627/
>
> Lawrence
>
>
>
> -----Original Message-----
> From: [hidden email]
> [mailto:[hidden email]] On Behalf Of
> [hidden email]
> Sent: Tuesday, July 03, 2012 7:14 AM
> To: [hidden email]
> Subject: [Micronet] ad autoenrollment error?
>
> Good Day,
>
> Yesterday around 14:30 users began having diffuculty logging in. Basic
> authenticaiton succeeded, but our folder redirection GPO is failing. It
> appears to be a rights issue (access not granted) but there were no
> changes to permisisons. I have reviewed permissions on the redirected
> share and "liberalized" where possible.
>
> The Fileserver is accessible over network
>
> The errors I'm seeing in the fileserver event log reference an
> autoenrollment failure about 14:10 yesterday and a netlogon error (RPC
> server unavailabe) error around 14:25.
>
> Users logged in continuously from yesterday not experiencing problems.
>
> Any pointers appreciated.
>
> Bill Doyle
> International House
>
>
>
> -------------------------------------------------------------------------
> The following was automatically added to this message by the list server:
>
> To learn more about Micronet, including how to subscribe to or unsubscribe
> from its mailing list and how to find out about upcoming meetings, please
> visit the Micronet Web site:
>
> http://micronet.berkeley.edu
>
> Messages you send to this mailing list are public and world-viewable, and
> the list's archives can be browsed and searched on the Internet.  This
> means these messages can be viewed by (among others) your bosses,
> prospective employers, and people who have known you in the past.
>



 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] ad autoenrollment error?

Don Bernstein
In reply to this post by William Doyle
We started having similar problems at the same time yesterday. Our office is in International House, but on a separate fiber connection.

- Workstations could not reach their network printers
- Deleting network printers takes 2-3 minutes each
- Adding back the network printers to the workstations was not working. After typing in the ip address or name of the print server, there should be a dropdown list of available printers. It would not appear.
- Starting Microsoft Word would take 5-10 minutes or fail.
- Logging in can be 30-60 minutes or worse.
- Starting Thunderbird be so slow it seems to never get to the end of the inbox.

Don Bernstein
Berkeley International Office
UC Berkeley
510-643-4690 or 510-642-2818


[hidden email] wrote, on 7/3/2012 7:14 AM:
Good Day,

Yesterday around 14:30 users began having diffuculty logging in. Basic
authenticaiton succeeded, but our folder redirection GPO is failing. It
appears to be a rights issue (access not granted) but there were no
changes to permisisons. I have reviewed permissions on the redirected
share and "liberalized" where possible.

The Fileserver is accessible over network

The errors I'm seeing in the fileserver event log reference an
autoenrollment failure about 14:10 yesterday and a netlogon error (RPC
server unavailabe) error around 14:25.

Users logged in continuously from yesterday not experiencing problems.

Any pointers appreciated.

Bill Doyle
International House


 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.


 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] ad autoenrollment error?

Gabriel Gonzalez

Here at the law school we are having similar experiences, the most notable is the 30 minute log-on delay. We are getting errors from actdir11 in some of the logs, but the errors are different that what has been reported so far.  We haven't found a root cause yet.

Thanks,

Gabriel

 

On Tue, 03 Jul 2012 08:40:36 -0700, Don Bernstein <[hidden email]> wrote:

We started having similar problems at the same time yesterday. Our office is in International House, but on a separate fiber connection.

- Workstations could not reach their network printers
- Deleting network printers takes 2-3 minutes each
- Adding back the network printers to the workstations was not working. After typing in the ip address or name of the print server, there should be a dropdown list of available printers. It would not appear.
- Starting Microsoft Word would take 5-10 minutes or fail.
- Logging in can be 30-60 minutes or worse.
- Starting Thunderbird be so slow it seems to never get to the end of the inbox.

Don Bernstein
Berkeley International Office
UC Berkeley
510-643-4690 or 510-642-2818


[hidden email] wrote, on 7/3/2012 7:14 AM:
Good Day,

Yesterday around 14:30 users began having diffuculty logging in. Basic
authenticaiton succeeded, but our folder redirection GPO is failing. It
appears to be a rights issue (access not granted) but there were no
changes to permisisons. I have reviewed permissions on the redirected
share and "liberalized" where possible.

The Fileserver is accessible over network

The errors I'm seeing in the fileserver event log reference an
autoenrollment failure about 14:10 yesterday and a netlogon error (RPC
server unavailabe) error around 14:25.

Users logged in continuously from yesterday not experiencing problems.

Any pointers appreciated.

Bill Doyle
International House


 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.

 

-- 
Chief Technical Officer
UC Berkeley School of Law
366 Boalt Hall
[hidden email]
510-643-6868

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] ad autoenrollment error?

Blaine Isbelle

Hello All,

 

Looks like there were some issues on the AD domain controllers  yesterday around 14:30.  We are looking into what happened and will post our findings shortly.

 

 

Thanks,

 

Blaine Isbelle

Systems Administrator

Information Services Technology

University of California Berkeley

(510) 725-7690

 

 

From: [hidden email] [mailto:[hidden email]] On Behalf Of Gabriel Gonzalez
Sent: Tuesday, July 03, 2012 8:57 AM
To: Don Bernstein
Cc: [hidden email]
Subject: Re: [Micronet] ad autoenrollment error?

 

Here at the law school we are having similar experiences, the most notable is the 30 minute log-on delay. We are getting errors from actdir11 in some of the logs, but the errors are different that what has been reported so far.  We haven't found a root cause yet.

Thanks,

Gabriel

 

On Tue, 03 Jul 2012 08:40:36 -0700, Don Bernstein <[hidden email]> wrote:

We started having similar problems at the same time yesterday. Our office is in International House, but on a separate fiber connection.

- Workstations could not reach their network printers
- Deleting network printers takes 2-3 minutes each
- Adding back the network printers to the workstations was not working. After typing in the ip address or name of the print server, there should be a dropdown list of available printers. It would not appear.
- Starting Microsoft Word would take 5-10 minutes or fail.
- Logging in can be 30-60 minutes or worse.
- Starting Thunderbird be so slow it seems to never get to the end of the inbox.

Don Bernstein
Berkeley International Office
UC Berkeley
510-643-4690 or 510-642-2818


[hidden email] wrote, on 7/3/2012 7:14 AM:

Good Day,
 
Yesterday around 14:30 users began having diffuculty logging in. Basic
authenticaiton succeeded, but our folder redirection GPO is failing. It
appears to be a rights issue (access not granted) but there were no
changes to permisisons. I have reviewed permissions on the redirected
share and "liberalized" where possible.
 
The Fileserver is accessible over network
 
The errors I'm seeing in the fileserver event log reference an
autoenrollment failure about 14:10 yesterday and a netlogon error (RPC
server unavailabe) error around 14:25.
 
Users logged in continuously from yesterday not experiencing problems.
 
Any pointers appreciated.
 
Bill Doyle
International House
 
 
 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:
 
To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:
 
http://micronet.berkeley.edu
 
Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
 

 

-- 
Chief Technical Officer
UC Berkeley School of Law
366 Boalt Hall
[hidden email]
510-643-6868

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] ad autoenrollment error?

Michael Chung
In reply to this post by William Doyle
Hi All,

I was unable to make changes to Microsoft Exchange organization permissions during this time yesterday as well because I could not communicate with any domain controllers in the uc.berkeley.edu domain Bill's e-mail mentioned autoenrollment errors--are your workstations/servers enrolled with certificates from CalNetPKI? The UCB Subordinate Certificate Authority is in the uc.berkeley.edu domain, so it's possible this is why you were affected.

Just saw Blaine's e-mail as I finished typing this--best to wait for the Windows Teams assessment of the issue.

Cheers,

Michael Chung
Systems Administrator
Haas Enterprise Computing & Service Management
[hidden email] | 510-643-3887

-----Original Message-----
From: [hidden email] [mailto:[hidden email]] On Behalf Of [hidden email]
Sent: Tuesday, July 03, 2012 8:39 AM
To: Lawrence Sweet
Cc: [hidden email]
Subject: Re: [Micronet] ad autoenrollment error?

Lawrence,

Yes, I encountered these sites. DNS settings point to UC dns servers and an NSlookup of yyy.com looks good.

I'm not altogether conviced it's an autoenrollment error, but that was one of the few readily identifiable possibilities.

I will continue to plug away.

Bill


> Bill,
>
> These may apply to your situation - forgive me if you have reviewed
> them already.
>
> http://support.microsoft.com/kb/310461
> http://help.lockergnome.com/windows2/issue--ftopict443716.html
> http://social.technet.microsoft.com/Forums/en-US/winserversecurity/thr
> ead/7d1c1281-d72a-40aa-9e5b-9bbfecad8627/
>
> Lawrence
>
>
>
> -----Original Message-----
> From: [hidden email]
> [mailto:[hidden email]] On Behalf Of
> [hidden email]
> Sent: Tuesday, July 03, 2012 7:14 AM
> To: [hidden email]
> Subject: [Micronet] ad autoenrollment error?
>
> Good Day,
>
> Yesterday around 14:30 users began having diffuculty logging in. Basic
> authenticaiton succeeded, but our folder redirection GPO is failing.
> It appears to be a rights issue (access not granted) but there were no
> changes to permisisons. I have reviewed permissions on the redirected
> share and "liberalized" where possible.
>
> The Fileserver is accessible over network
>
> The errors I'm seeing in the fileserver event log reference an
> autoenrollment failure about 14:10 yesterday and a netlogon error (RPC
> server unavailabe) error around 14:25.
>
> Users logged in continuously from yesterday not experiencing problems.
>
> Any pointers appreciated.
>
> Bill Doyle
> International House
>
>
>
> ----------------------------------------------------------------------
> --- The following was automatically added to this message by the list
> server:
>
> To learn more about Micronet, including how to subscribe to or
> unsubscribe from its mailing list and how to find out about upcoming
> meetings, please visit the Micronet Web site:
>
> http://micronet.berkeley.edu
>
> Messages you send to this mailing list are public and world-viewable,
> and the list's archives can be browsed and searched on the Internet.  
> This means these messages can be viewed by (among others) your bosses,
> prospective employers, and people who have known you in the past.
>



 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] ad autoenrollment error?

kimbercarl
I've been contacted by a couple of people working on Windows XP machines
whose systems would not go beyond "Applying Computer Settings" when
connected via ethernet.  Their systems came up after they disconnected
their ethernet cables.  Could this be a related GP issue?
Kim
On 7/3/2012 9:07 AM, Michael Chung wrote:

> Hi All,
>
> I was unable to make changes to Microsoft Exchange organization permissions during this time yesterday as well because I could not communicate with any domain controllers in the uc.berkeley.edu domain Bill's e-mail mentioned autoenrollment errors--are your workstations/servers enrolled with certificates from CalNetPKI? The UCB Subordinate Certificate Authority is in the uc.berkeley.edu domain, so it's possible this is why you were affected.
>
> Just saw Blaine's e-mail as I finished typing this--best to wait for the Windows Teams assessment of the issue.
>
> Cheers,
>
> Michael Chung
> Systems Administrator
> Haas Enterprise Computing & Service Management
> [hidden email] | 510-643-3887
>
> -----Original Message-----
> From: [hidden email] [mailto:[hidden email]] On Behalf Of [hidden email]
> Sent: Tuesday, July 03, 2012 8:39 AM
> To: Lawrence Sweet
> Cc: [hidden email]
> Subject: Re: [Micronet] ad autoenrollment error?
>
> Lawrence,
>
> Yes, I encountered these sites. DNS settings point to UC dns servers and an NSlookup of yyy.com looks good.
>
> I'm not altogether conviced it's an autoenrollment error, but that was one of the few readily identifiable possibilities.
>
> I will continue to plug away.
>
> Bill
>
>
>> Bill,
>>
>> These may apply to your situation - forgive me if you have reviewed
>> them already.
>>
>> http://support.microsoft.com/kb/310461
>> http://help.lockergnome.com/windows2/issue--ftopict443716.html
>> http://social.technet.microsoft.com/Forums/en-US/winserversecurity/thr
>> ead/7d1c1281-d72a-40aa-9e5b-9bbfecad8627/
>>
>> Lawrence
>>
>>
>>
>> -----Original Message-----
>> From: [hidden email]
>> [mailto:[hidden email]] On Behalf Of
>> [hidden email]
>> Sent: Tuesday, July 03, 2012 7:14 AM
>> To: [hidden email]
>> Subject: [Micronet] ad autoenrollment error?
>>
>> Good Day,
>>
>> Yesterday around 14:30 users began having diffuculty logging in. Basic
>> authenticaiton succeeded, but our folder redirection GPO is failing.
>> It appears to be a rights issue (access not granted) but there were no
>> changes to permisisons. I have reviewed permissions on the redirected
>> share and "liberalized" where possible.
>>
>> The Fileserver is accessible over network
>>
>> The errors I'm seeing in the fileserver event log reference an
>> autoenrollment failure about 14:10 yesterday and a netlogon error (RPC
>> server unavailabe) error around 14:25.
>>
>> Users logged in continuously from yesterday not experiencing problems.
>>
>> Any pointers appreciated.
>>
>> Bill Doyle
>> International House
>>
>>
>>
>> ----------------------------------------------------------------------
>> --- The following was automatically added to this message by the list
>> server:
>>
>> To learn more about Micronet, including how to subscribe to or
>> unsubscribe from its mailing list and how to find out about upcoming
>> meetings, please visit the Micronet Web site:
>>
>> http://micronet.berkeley.edu
>>
>> Messages you send to this mailing list are public and world-viewable,
>> and the list's archives can be browsed and searched on the Internet.
>> This means these messages can be viewed by (among others) your bosses,
>> prospective employers, and people who have known you in the past.
>>
>
>
>  
> -------------------------------------------------------------------------
> The following was automatically added to this message by the list server:
>
> To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:
>
> http://micronet.berkeley.edu
>
> Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
>
>  
> -------------------------------------------------------------------------
> The following was automatically added to this message by the list server:
>
> To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:
>
> http://micronet.berkeley.edu
>
> Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.



 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] ad autoenrollment error?

Michael Chung
Hi Kim,

Yes, likely. The computer is trying to talk with a domain controller to obtain and apply the necessary group policy. If they are unable to communicate with the domain controller, the machine will eventually timeout and used a cached policy. By unplugging the Ethernet cable you are simply forcing the machine to switch to a cached login.

Michael Chung
Systems Administrator
Haas Enterprise Computing & Service Management
[hidden email] | 510-643-3887


-----Original Message-----
From: [hidden email] [mailto:[hidden email]] On Behalf Of Kim Carl
Sent: Tuesday, July 03, 2012 9:31 AM
To: [hidden email]
Subject: Re: [Micronet] ad autoenrollment error?

I've been contacted by a couple of people working on Windows XP machines whose systems would not go beyond "Applying Computer Settings" when connected via ethernet.  Their systems came up after they disconnected their ethernet cables.  Could this be a related GP issue?
Kim
On 7/3/2012 9:07 AM, Michael Chung wrote:

> Hi All,
>
> I was unable to make changes to Microsoft Exchange organization permissions during this time yesterday as well because I could not communicate with any domain controllers in the uc.berkeley.edu domain Bill's e-mail mentioned autoenrollment errors--are your workstations/servers enrolled with certificates from CalNetPKI? The UCB Subordinate Certificate Authority is in the uc.berkeley.edu domain, so it's possible this is why you were affected.
>
> Just saw Blaine's e-mail as I finished typing this--best to wait for the Windows Teams assessment of the issue.
>
> Cheers,
>
> Michael Chung
> Systems Administrator
> Haas Enterprise Computing & Service Management
> [hidden email] | 510-643-3887
>
> -----Original Message-----
> From: [hidden email]
> [mailto:[hidden email]] On Behalf Of
> [hidden email]
> Sent: Tuesday, July 03, 2012 8:39 AM
> To: Lawrence Sweet
> Cc: [hidden email]
> Subject: Re: [Micronet] ad autoenrollment error?
>
> Lawrence,
>
> Yes, I encountered these sites. DNS settings point to UC dns servers and an NSlookup of yyy.com looks good.
>
> I'm not altogether conviced it's an autoenrollment error, but that was one of the few readily identifiable possibilities.
>
> I will continue to plug away.
>
> Bill
>
>
>> Bill,
>>
>> These may apply to your situation - forgive me if you have reviewed
>> them already.
>>
>> http://support.microsoft.com/kb/310461
>> http://help.lockergnome.com/windows2/issue--ftopict443716.html
>> http://social.technet.microsoft.com/Forums/en-US/winserversecurity/th
>> r ead/7d1c1281-d72a-40aa-9e5b-9bbfecad8627/
>>
>> Lawrence
>>
>>
>>
>> -----Original Message-----
>> From: [hidden email]
>> [mailto:[hidden email]] On Behalf Of
>> [hidden email]
>> Sent: Tuesday, July 03, 2012 7:14 AM
>> To: [hidden email]
>> Subject: [Micronet] ad autoenrollment error?
>>
>> Good Day,
>>
>> Yesterday around 14:30 users began having diffuculty logging in.
>> Basic authenticaiton succeeded, but our folder redirection GPO is failing.
>> It appears to be a rights issue (access not granted) but there were
>> no changes to permisisons. I have reviewed permissions on the
>> redirected share and "liberalized" where possible.
>>
>> The Fileserver is accessible over network
>>
>> The errors I'm seeing in the fileserver event log reference an
>> autoenrollment failure about 14:10 yesterday and a netlogon error
>> (RPC server unavailabe) error around 14:25.
>>
>> Users logged in continuously from yesterday not experiencing problems.
>>
>> Any pointers appreciated.
>>
>> Bill Doyle
>> International House
>>
>>
>>
>> ---------------------------------------------------------------------
>> -
>> --- The following was automatically added to this message by the list
>> server:
>>
>> To learn more about Micronet, including how to subscribe to or
>> unsubscribe from its mailing list and how to find out about upcoming
>> meetings, please visit the Micronet Web site:
>>
>> http://micronet.berkeley.edu
>>
>> Messages you send to this mailing list are public and world-viewable,
>> and the list's archives can be browsed and searched on the Internet.
>> This means these messages can be viewed by (among others) your
>> bosses, prospective employers, and people who have known you in the past.
>>
>
>
>  
> ----------------------------------------------------------------------
> --- The following was automatically added to this message by the list
> server:
>
> To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:
>
> http://micronet.berkeley.edu
>
> Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
>
>  
> ----------------------------------------------------------------------
> --- The following was automatically added to this message by the list
> server:
>
> To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:
>
> http://micronet.berkeley.edu
>
> Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.



 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] ad autoenrollment error?

Don Bernstein
In reply to this post by Don Bernstein
As far as I can tell, all these networking issues appear to be resolved now. I'm looking forward to hearing from IST.

Don Bernstein
Berkeley International Office
UC Berkeley
510-643-4690 or 510-642-2818


Don Bernstein wrote, on 7/3/2012 8:40 AM:
We started having similar problems at the same time yesterday. Our office is in International House, but on a separate fiber connection.

- Workstations could not reach their network printers
- Deleting network printers takes 2-3 minutes each
- Adding back the network printers to the workstations was not working. After typing in the ip address or name of the print server, there should be a dropdown list of available printers. It would not appear.
- Starting Microsoft Word would take 5-10 minutes or fail.
- Logging in can be 30-60 minutes or worse.
- Starting Thunderbird be so slow it seems to never get to the end of the inbox.

Don Bernstein
Berkeley International Office
UC Berkeley
510-643-4690 or 510-642-2818


[hidden email] wrote, on 7/3/2012 7:14 AM:
Good Day,

Yesterday around 14:30 users began having diffuculty logging in. Basic
authenticaiton succeeded, but our folder redirection GPO is failing. It
appears to be a rights issue (access not granted) but there were no
changes to permisisons. I have reviewed permissions on the redirected
share and "liberalized" where possible.

The Fileserver is accessible over network

The errors I'm seeing in the fileserver event log reference an
autoenrollment failure about 14:10 yesterday and a netlogon error (RPC
server unavailabe) error around 14:25.

Users logged in continuously from yesterday not experiencing problems.

Any pointers appreciated.

Bill Doyle
International House


 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.

------------------------------------------------------------------------- The following was automatically added to this message by the list server: To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site: http://micronet.berkeley.edu Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet. This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] ad autoenrollment error?

Blaine Isbelle
In reply to this post by Michael Chung
Hello Micronet,

We believe we have this issue resolved.  If anyone is still experiencing these issues please let us know ASAP.

We shall post a root cause analysis shortly.

Thanks,

Blaine Isbelle
Systems Administrator
Information Services Technology
University of California Berkeley
(510) 725-7690

> -----Original Message-----
> From: [hidden email] [mailto:micronet-list-
> [hidden email]] On Behalf Of Michael Chung
> Sent: Tuesday, July 03, 2012 10:10 AM
> To: Kim Carl; [hidden email]
> Subject: Re: [Micronet] ad autoenrollment error?
>
> Hi Kim,
>
> Yes, likely. The computer is trying to talk with a domain controller to obtain
> and apply the necessary group policy. If they are unable to communicate
> with the domain controller, the machine will eventually timeout and used a
> cached policy. By unplugging the Ethernet cable you are simply forcing the
> machine to switch to a cached login.
>
> Michael Chung
> Systems Administrator
> Haas Enterprise Computing & Service Management
> [hidden email] | 510-643-3887
>
>
> -----Original Message-----
> From: [hidden email] [mailto:micronet-list-
> [hidden email]] On Behalf Of Kim Carl
> Sent: Tuesday, July 03, 2012 9:31 AM
> To: [hidden email]
> Subject: Re: [Micronet] ad autoenrollment error?
>
> I've been contacted by a couple of people working on Windows XP
> machines whose systems would not go beyond "Applying Computer
> Settings" when connected via ethernet.  Their systems came up after they
> disconnected their ethernet cables.  Could this be a related GP issue?
> Kim
> On 7/3/2012 9:07 AM, Michael Chung wrote:
> > Hi All,
> >
> > I was unable to make changes to Microsoft Exchange organization
> permissions during this time yesterday as well because I could not
> communicate with any domain controllers in the uc.berkeley.edu domain
> Bill's e-mail mentioned autoenrollment errors--are your
> workstations/servers enrolled with certificates from CalNetPKI? The UCB
> Subordinate Certificate Authority is in the uc.berkeley.edu domain, so it's
> possible this is why you were affected.
> >
> > Just saw Blaine's e-mail as I finished typing this--best to wait for the
> Windows Teams assessment of the issue.
> >
> > Cheers,
> >
> > Michael Chung
> > Systems Administrator
> > Haas Enterprise Computing & Service Management
> > [hidden email] | 510-643-3887
> >
> > -----Original Message-----
> > From: [hidden email]
> > [mailto:[hidden email]] On Behalf Of
> > [hidden email]
> > Sent: Tuesday, July 03, 2012 8:39 AM
> > To: Lawrence Sweet
> > Cc: [hidden email]
> > Subject: Re: [Micronet] ad autoenrollment error?
> >
> > Lawrence,
> >
> > Yes, I encountered these sites. DNS settings point to UC dns servers and an
> NSlookup of yyy.com looks good.
> >
> > I'm not altogether conviced it's an autoenrollment error, but that was one
> of the few readily identifiable possibilities.
> >
> > I will continue to plug away.
> >
> > Bill
> >
> >
> >> Bill,
> >>
> >> These may apply to your situation - forgive me if you have reviewed
> >> them already.
> >>
> >> http://support.microsoft.com/kb/310461
> >> http://help.lockergnome.com/windows2/issue--ftopict443716.html
> >> http://social.technet.microsoft.com/Forums/en-US/winserversecurity/th
> >> r ead/7d1c1281-d72a-40aa-9e5b-9bbfecad8627/
> >>
> >> Lawrence
> >>
> >>
> >>
> >> -----Original Message-----
> >> From: [hidden email]
> >> [mailto:[hidden email]] On Behalf Of
> >> [hidden email]
> >> Sent: Tuesday, July 03, 2012 7:14 AM
> >> To: [hidden email]
> >> Subject: [Micronet] ad autoenrollment error?
> >>
> >> Good Day,
> >>
> >> Yesterday around 14:30 users began having diffuculty logging in.
> >> Basic authenticaiton succeeded, but our folder redirection GPO is failing.
> >> It appears to be a rights issue (access not granted) but there were
> >> no changes to permisisons. I have reviewed permissions on the
> >> redirected share and "liberalized" where possible.
> >>
> >> The Fileserver is accessible over network
> >>
> >> The errors I'm seeing in the fileserver event log reference an
> >> autoenrollment failure about 14:10 yesterday and a netlogon error
> >> (RPC server unavailabe) error around 14:25.
> >>
> >> Users logged in continuously from yesterday not experiencing problems.
> >>
> >> Any pointers appreciated.
> >>
> >> Bill Doyle
> >> International House
> >>
> >>
> >>
> >> ---------------------------------------------------------------------
> >> -
> >> --- The following was automatically added to this message by the list
> >> server:
> >>
> >> To learn more about Micronet, including how to subscribe to or
> >> unsubscribe from its mailing list and how to find out about upcoming
> >> meetings, please visit the Micronet Web site:
> >>
> >> http://micronet.berkeley.edu
> >>
> >> Messages you send to this mailing list are public and world-viewable,
> >> and the list's archives can be browsed and searched on the Internet.
> >> This means these messages can be viewed by (among others) your
> >> bosses, prospective employers, and people who have known you in the
> past.
> >>
> >
> >
> >
> > ----------------------------------------------------------------------
> > --- The following was automatically added to this message by the list
> > server:
> >
> > To learn more about Micronet, including how to subscribe to or
> unsubscribe from its mailing list and how to find out about upcoming
> meetings, please visit the Micronet Web site:
> >
> > http://micronet.berkeley.edu
> >
> > Messages you send to this mailing list are public and world-viewable, and
> the list's archives can be browsed and searched on the Internet.  This means
> these messages can be viewed by (among others) your bosses, prospective
> employers, and people who have known you in the past.
> >
> >
> > ----------------------------------------------------------------------
> > --- The following was automatically added to this message by the list
> > server:
> >
> > To learn more about Micronet, including how to subscribe to or
> unsubscribe from its mailing list and how to find out about upcoming
> meetings, please visit the Micronet Web site:
> >
> > http://micronet.berkeley.edu
> >
> > Messages you send to this mailing list are public and world-viewable, and
> the list's archives can be browsed and searched on the Internet.  This means
> these messages can be viewed by (among others) your bosses, prospective
> employers, and people who have known you in the past.
>
>
>
>
> -------------------------------------------------------------------------
> The following was automatically added to this message by the list server:
>
> To learn more about Micronet, including how to subscribe to or unsubscribe
> from its mailing list and how to find out about upcoming meetings, please
> visit the Micronet Web site:
>
> http://micronet.berkeley.edu
>
> Messages you send to this mailing list are public and world-viewable, and
> the list's archives can be browsed and searched on the Internet.  This means
> these messages can be viewed by (among others) your bosses, prospective
> employers, and people who have known you in the past.
>
>
> -------------------------------------------------------------------------
> The following was automatically added to this message by the list server:
>
> To learn more about Micronet, including how to subscribe to or unsubscribe
> from its mailing list and how to find out about upcoming meetings, please
> visit the Micronet Web site:
>
> http://micronet.berkeley.edu
>
> Messages you send to this mailing list are public and world-viewable, and
> the list's archives can be browsed and searched on the Internet.  This means
> these messages can be viewed by (among others) your bosses, prospective
> employers, and people who have known you in the past.

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] ad autoenrollment error?

Blaine Isbelle
In reply to this post by Michael Chung
Hello Micronet,

Here is the root cause analysis for the AD outage last week.

Thanks,

-Blaine


> -----Original Message-----
> From: Blaine
> Sent: Tuesday, July 03, 2012 10:32 AM
> To: [hidden email]
> Subject: RE: [Micronet] ad autoenrollment error?
>
> Hello Micronet,
>
> We believe we have this issue resolved.  If anyone is still experiencing these
> issues please let us know ASAP.
>
> We shall post a root cause analysis shortly.
>
> Thanks,
>
> Blaine Isbelle
> Systems Administrator
> Information Services Technology
> University of California Berkeley
> (510) 725-7690
>
> > -----Original Message-----
> > From: [hidden email] [mailto:micronet-list-
> > [hidden email]] On Behalf Of Michael Chung
> > Sent: Tuesday, July 03, 2012 10:10 AM
> > To: Kim Carl; [hidden email]
> > Subject: Re: [Micronet] ad autoenrollment error?
> >
> > Hi Kim,
> >
> > Yes, likely. The computer is trying to talk with a domain controller
> > to obtain and apply the necessary group policy. If they are unable to
> > communicate with the domain controller, the machine will eventually
> > timeout and used a cached policy. By unplugging the Ethernet cable you
> > are simply forcing the machine to switch to a cached login.
> >
> > Michael Chung
> > Systems Administrator
> > Haas Enterprise Computing & Service Management
> > [hidden email] | 510-643-3887
> >
> >
> > -----Original Message-----
> > From: [hidden email] [mailto:micronet-list-
> > [hidden email]] On Behalf Of Kim Carl
> > Sent: Tuesday, July 03, 2012 9:31 AM
> > To: [hidden email]
> > Subject: Re: [Micronet] ad autoenrollment error?
> >
> > I've been contacted by a couple of people working on Windows XP
> > machines whose systems would not go beyond "Applying Computer
> > Settings" when connected via ethernet.  Their systems came up after
> > they disconnected their ethernet cables.  Could this be a related GP issue?
> > Kim
> > On 7/3/2012 9:07 AM, Michael Chung wrote:
> > > Hi All,
> > >
> > > I was unable to make changes to Microsoft Exchange organization
> > permissions during this time yesterday as well because I could not
> > communicate with any domain controllers in the uc.berkeley.edu domain
> > Bill's e-mail mentioned autoenrollment errors--are your
> > workstations/servers enrolled with certificates from CalNetPKI? The
> > UCB Subordinate Certificate Authority is in the uc.berkeley.edu
> > domain, so it's possible this is why you were affected.
> > >
> > > Just saw Blaine's e-mail as I finished typing this--best to wait for
> > > the
> > Windows Teams assessment of the issue.
> > >
> > > Cheers,
> > >
> > > Michael Chung
> > > Systems Administrator
> > > Haas Enterprise Computing & Service Management
> > > [hidden email] | 510-643-3887
> > >
> > > -----Original Message-----
> > > From: [hidden email]
> > > [mailto:[hidden email]] On Behalf Of
> > > [hidden email]
> > > Sent: Tuesday, July 03, 2012 8:39 AM
> > > To: Lawrence Sweet
> > > Cc: [hidden email]
> > > Subject: Re: [Micronet] ad autoenrollment error?
> > >
> > > Lawrence,
> > >
> > > Yes, I encountered these sites. DNS settings point to UC dns servers
> > > and an
> > NSlookup of yyy.com looks good.
> > >
> > > I'm not altogether conviced it's an autoenrollment error, but that
> > > was one
> > of the few readily identifiable possibilities.
> > >
> > > I will continue to plug away.
> > >
> > > Bill
> > >
> > >
> > >> Bill,
> > >>
> > >> These may apply to your situation - forgive me if you have reviewed
> > >> them already.
> > >>
> > >> http://support.microsoft.com/kb/310461
> > >> http://help.lockergnome.com/windows2/issue--ftopict443716.html
> > >> http://social.technet.microsoft.com/Forums/en-US/winserversecurity/
> > >> th r ead/7d1c1281-d72a-40aa-9e5b-9bbfecad8627/
> > >>
> > >> Lawrence
> > >>
> > >>
> > >>
> > >> -----Original Message-----
> > >> From: [hidden email]
> > >> [mailto:[hidden email]] On Behalf Of
> > >> [hidden email]
> > >> Sent: Tuesday, July 03, 2012 7:14 AM
> > >> To: [hidden email]
> > >> Subject: [Micronet] ad autoenrollment error?
> > >>
> > >> Good Day,
> > >>
> > >> Yesterday around 14:30 users began having diffuculty logging in.
> > >> Basic authenticaiton succeeded, but our folder redirection GPO is failing.
> > >> It appears to be a rights issue (access not granted) but there were
> > >> no changes to permisisons. I have reviewed permissions on the
> > >> redirected share and "liberalized" where possible.
> > >>
> > >> The Fileserver is accessible over network
> > >>
> > >> The errors I'm seeing in the fileserver event log reference an
> > >> autoenrollment failure about 14:10 yesterday and a netlogon error
> > >> (RPC server unavailabe) error around 14:25.
> > >>
> > >> Users logged in continuously from yesterday not experiencing
> problems.
> > >>
> > >> Any pointers appreciated.
> > >>
> > >> Bill Doyle
> > >> International House
> > >>
> > >>
> > >>
> > >> -------------------------------------------------------------------
> > >> --
> > >> -
> > >> --- The following was automatically added to this message by the
> > >> list
> > >> server:
> > >>
> > >> To learn more about Micronet, including how to subscribe to or
> > >> unsubscribe from its mailing list and how to find out about
> > >> upcoming meetings, please visit the Micronet Web site:
> > >>
> > >> http://micronet.berkeley.edu
> > >>
> > >> Messages you send to this mailing list are public and
> > >> world-viewable, and the list's archives can be browsed and searched on
> the Internet.
> > >> This means these messages can be viewed by (among others) your
> > >> bosses, prospective employers, and people who have known you in the
> > past.
> > >>
> > >
> > >
> > >
> > > --------------------------------------------------------------------
> > > --
> > > --- The following was automatically added to this message by the
> > > list
> > > server:
> > >
> > > To learn more about Micronet, including how to subscribe to or
> > unsubscribe from its mailing list and how to find out about upcoming
> > meetings, please visit the Micronet Web site:
> > >
> > > http://micronet.berkeley.edu
> > >
> > > Messages you send to this mailing list are public and
> > > world-viewable, and
> > the list's archives can be browsed and searched on the Internet.  This
> > means these messages can be viewed by (among others) your bosses,
> > prospective employers, and people who have known you in the past.
> > >
> > >
> > > --------------------------------------------------------------------
> > > --
> > > --- The following was automatically added to this message by the
> > > list
> > > server:
> > >
> > > To learn more about Micronet, including how to subscribe to or
> > unsubscribe from its mailing list and how to find out about upcoming
> > meetings, please visit the Micronet Web site:
> > >
> > > http://micronet.berkeley.edu
> > >
> > > Messages you send to this mailing list are public and
> > > world-viewable, and
> > the list's archives can be browsed and searched on the Internet.  This
> > means these messages can be viewed by (among others) your bosses,
> > prospective employers, and people who have known you in the past.
> >
> >
> >
> >
> > ----------------------------------------------------------------------
> > --- The following was automatically added to this message by the list
> > server:
> >
> > To learn more about Micronet, including how to subscribe to or
> > unsubscribe from its mailing list and how to find out about upcoming
> > meetings, please visit the Micronet Web site:
> >
> > http://micronet.berkeley.edu
> >
> > Messages you send to this mailing list are public and world-viewable,
> > and the list's archives can be browsed and searched on the Internet.
> > This means these messages can be viewed by (among others) your bosses,
> > prospective employers, and people who have known you in the past.
> >
> >
> > ----------------------------------------------------------------------
> > --- The following was automatically added to this message by the list
> > server:
> >
> > To learn more about Micronet, including how to subscribe to or
> > unsubscribe from its mailing list and how to find out about upcoming
> > meetings, please visit the Micronet Web site:
> >
> > http://micronet.berkeley.edu
> >
> > Messages you send to this mailing list are public and world-viewable,
> > and the list's archives can be browsed and searched on the Internet.
> > This means these messages can be viewed by (among others) your bosses,
> > prospective employers, and people who have known you in the past.

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.

Root Cause Analysis.pdf (270K) Download Attachment