FTP issue on a 2k3 domain

I had a domain controller that was running our FTP site on it. We had to demote it to server just as our local fileserver but since then we haven't been able to use the FTP.

We are thinking that it no longer has access to AD since its no longer a DC. Is this something that could be causing me this problem and could promoting it back to a DC resolve my issue?

Comments

  • blargoeblargoe Posts: 4,165Member ■■■■■■■■■□
    Did you demote it to a domain member server or a standalone (aka workgroup) server? If it's now in a workgroup, you're right, it won't have access to any of the accounts it was using previously. You could probably join the domain, but as just a member server, to get access to the AD user database.

    If it is still a domain member, maybe something else going on. Is logging enabled for the FTP Site in IIS? The error codes would be logged and it would give an idea of the type of errors you're getting.
    IT guy since 12/00

    Recent: 1/29/2018 - Passed 70-743 - MCSA 2016 Complete; 1/13/2018 - Passed 70-411 - MCSA 2012 complete
    Working on: Being a better coder, build/test/deploy automation fundamentals
    Future: Renew VCP (due 2/2019), possibly with an adjacent VCP or VCAP
  • qwertyiopqwertyiop Posts: 725Member
    Well it was demoted and is currently a domain member server but I haven't seen anything in the logs or atleast anything thats just pops out at me.
  • blargoeblargoe Posts: 4,165Member ■■■■■■■■■□
    What are you getting when you try to connect? Access denied, user unknown, etc.

    Are you able to connect but just not able to read or write?
    IT guy since 12/00

    Recent: 1/29/2018 - Passed 70-743 - MCSA 2016 Complete; 1/13/2018 - Passed 70-411 - MCSA 2012 complete
    Working on: Being a better coder, build/test/deploy automation fundamentals
    Future: Renew VCP (due 2/2019), possibly with an adjacent VCP or VCAP
  • qwertyiopqwertyiop Posts: 725Member
    I was finally able to logon but its a really odd issue. I'm on a running on a Windows 2003 network and the fileserver that im having the issue with is a window 2008 server.
    I was able to log in but only by adding the domain to the userrname (ex. Domain\User)

    My original server was on a Win 2k3 server and i didnt have to add the domain inorder to login. Is there a way that I can have my users log in without having to type that?
  • blargoeblargoe Posts: 4,165Member ■■■■■■■■■□
    qwertyiop wrote: »
    I was finally able to logon but its a really odd issue. I'm on a running on a Windows 2003 network and the fileserver that im having the issue with is a window 2008 server.
    I was able to log in but only by adding the domain to the userrname (ex. Domain\User)

    My original server was on a Win 2k3 server and i didnt have to add the domain inorder to login. Is there a way that I can have my users log in without having to type that?

    That behavior is actually by design. When you access a resource on a member server, you can use either local accounts or AD domain accounts (as I'm sure you already know). On a domain controller, the AD database IS the local account database. You can log in as just username without the domain\ or @domainname.com because it will always use the AD database either way. For a domain member server, it will always look at the local account database unless you specify that it's a domain account with the domain\ or the @domainname.com

    I don't think you can change it to not require the domain part of the username.
    IT guy since 12/00

    Recent: 1/29/2018 - Passed 70-743 - MCSA 2016 Complete; 1/13/2018 - Passed 70-411 - MCSA 2012 complete
    Working on: Being a better coder, build/test/deploy automation fundamentals
    Future: Renew VCP (due 2/2019), possibly with an adjacent VCP or VCAP
  • qwertyiopqwertyiop Posts: 725Member
    Thanks alot for your help. i deceoded just to have them logon by adding the domain to the username but im considering creating a locol account so that my users dont have to remmber that extra fact and the account that we have given them is only used for the FTP site and has very limited to no acces to the network resources.
  • astorrsastorrs Posts: 3,139Member ■■■■■■□□□□
    No need to create local accounts, you can specify the default domain for FTP logins, just follow the steps to update the IIS metabase outlined in "resolution 4" of the following KB article:

    Error message in IIS: "530 User <Username> cannot log in. Login failed."
  • blargoeblargoe Posts: 4,165Member ■■■■■■■■■□
    I figured you'd show up eventually with a workaround. :)
    IT guy since 12/00

    Recent: 1/29/2018 - Passed 70-743 - MCSA 2016 Complete; 1/13/2018 - Passed 70-411 - MCSA 2012 complete
    Working on: Being a better coder, build/test/deploy automation fundamentals
    Future: Renew VCP (due 2/2019), possibly with an adjacent VCP or VCAP
  • qwertyiopqwertyiop Posts: 725Member
    astorrs wrote: »
    No need to create local accounts, you can specify the default domain for FTP logins, just follow the steps to update the IIS metabase outlined in "resolution 4" of the following KB article:

    Error message in IIS: "530 User <Username> cannot log in. Login failed."

    Thanks for your help. I read your article and the location of the Adsutil.vbs file that is called in order to change the default domain was actually located in a diffrent part of my drive. I did a quick search for that file, changed to that directory and ran the script then restarted the FTP service and that was it.
Sign In or Register to comment.