Group Policy Question

jlhctjlhct Member Posts: 92 ■■□□□□□□□□
Hey Everyone, I'm having an issue and wanted to see what you all think:

I'm trying to implement a group policy where users "My Documents" folder points to a place on the network. The policy seems to work, but disconnects them from 1 particular server. Here are some more details

Server #1 &#2 are domain controllers. Server #3 is a file server. the folder is being redirected to a volume named sys on server #3

Server #2 also has a volume called sys (it used to be our old file server and the data was moved)

Once a user logs onto their PC the folder redirection happens but they get disconnected from Server #2 (which is a problem because server #2 hosts the printers)

Could this be happening because Server #2 & Server #3 both have volumes named the same? With the exception that Server #2's volume is empty while Server #3's volume has data?

Thanks for your help! :)

Comments

  • blargoeblargoe Member Posts: 4,174 ■■■■■■■■■□
    Now that's weird. Shouldn't have anything to do directly with the name of the volume on the server.

    Did you rename server 2 to something else and give that name to server 3 for some reason, or re-assign the IP address that server 2 had to server 3? If so there might be name resolution issues you need to work out (like removing old static records from wins and dns).

    When you get disconnected from #2, what happens when you try to manually connect back to the resources on #2? Does it error out or not? Does it disconnect you from #3?
    IT guy since 12/00

    Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
    Working on: RHCE/Ansible
    Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands...
  • jlhctjlhct Member Posts: 92 ■■□□□□□□□□
    blargoe wrote:
    Now that's weird. Shouldn't have anything to do directly with the name of the volume on the server.

    Did you rename server 2 to something else and give that name to server 3 for some reason, or re-assign the IP address that server 2 had to server 3? If so there might be name resolution issues you need to work out (like removing old static records from wins and dns).

    When you get disconnected from #2, what happens when you try to manually connect back to the resources on #2? Does it error out or not? Does it disconnect you from #3?

    I know right? weird indeed!

    No we didn't rename server 2 to something else or give server 3 the same name or IP address.

    When the users get disconnect from server 2 all of the other shares there are not seen, only the SYS volume. there are about 10-15 other shared objects there that disappear when the "you are working offline" message appears
  • sprkymrksprkymrk Member Posts: 4,884 ■■■□□□□□□□
    You can try to rename or delete the empty sys folder on server 2 and see what happens.

    How do they "connect" to server2 in the first place? Drive map at login?
    All things are possible, only believe.
  • blargoeblargoe Member Posts: 4,174 ■■■■■■■■■□
    By chance, there wouldn't be any other settings turned on in this gpo? for example, security settings the might prevent these clients from talking to server #2?
    IT guy since 12/00

    Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
    Working on: RHCE/Ansible
    Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands...
  • jlhctjlhct Member Posts: 92 ■■□□□□□□□□
    sprkymrk wrote:
    You can try to rename or delete the empty sys folder on server 2 and see what happens.

    How do they "connect" to server2 in the first place? Drive map at login?

    I thought of that too...and the mystery deepens...I looked in computer management to see if the "SYS" share was listed and its not! icon_sad.gif

    No drive mapping to that particular server. It is just seen...it is a DC and hosts the printers as well
  • jlhctjlhct Member Posts: 92 ■■□□□□□□□□
    blargoe wrote:
    By chance, there wouldn't be any other settings turned on in this gpo? for example, security settings the might prevent these clients from talking to server #2?

    I don't think so...I created an entirely new GPO for this container. I also blocked inheritance & checked no override.

    hmmm...definitely interesting, let me take a look in the top level policy to make sure nothing looks odd up there
  • sprkymrksprkymrk Member Posts: 4,884 ■■■□□□□□□□
    jlhct wrote:
    No drive mapping to that particular server. It is just seen...it is a DC and hosts the printers as well
    So they just browse through AD or My Network Places to access those shares?
    All things are possible, only believe.
  • Danman32Danman32 Member Posts: 1,243
    You say it is all shares on that server.

    Can you ping the server by name? What happens if you try in a command prompt: net view \\sever2

    Why do you have inheritance blocked? That means any domain wide policies won't apply.
  • jlhctjlhct Member Posts: 92 ■■□□□□□□□□
    sprkymrk wrote:
    jlhct wrote:
    No drive mapping to that particular server. It is just seen...it is a DC and hosts the printers as well
    So they just browse through AD or My Network Places to access those shares?

    right, exactly...

    back in the day though, before we got our current file server, server #2 used to host the SYS volume...and people were mapped to it. Since then though, the login scripts were changed to reflect the share ont he new server
  • sprkymrksprkymrk Member Posts: 4,884 ■■■□□□□□□□
    In your login script, just before the part where they map the new drive to server 3, place a line that says:
    net use * /delete /y

    This will start them off fresh each day and avoid conflicts. Then map a drive to a top level share point on the old server where they still need to access files. Printers should not be a problem once they are installed on the client computer are they? Is it just when they try to add new printers they can't see them, or what? One last thing, there was a registry setting for timeouts on inactive connections. I am looking for it now....
    All things are possible, only believe.
  • blargoeblargoe Member Posts: 4,174 ■■■■■■■■■□
    You don't want to block inheiritance, unless you don't want ANY site, domain, or parent OU policies to apply. Is there something enabled in a policy in a parent container that could have been blocked by the "block policy inh." setting, ie security settings?
    IT guy since 12/00

    Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
    Working on: RHCE/Ansible
    Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands...
  • jlhctjlhct Member Posts: 92 ■■□□□□□□□□
    Danman32 wrote:
    You say it is all shares on that server.

    Can you ping the server by name? What happens if you try in a command prompt: net view \\sever2

    Why do you have inheritance blocked? That means any domain wide policies won't apply.

    I tried a couple of more things to try to aleviate the problem. Now when I do a net view \\server 2 I see the printers and the other (correct) shares on server 2

    On the top level policy I took out the changes made ( they involved offline files) We are just starting to use group policy so we are still in a testing/implementation process. This is why I blocked inheritance to observe the behavior in the test container.

    One more thing I observed and made changes to...there is another server, lets call it server 0 since it came WAY before all of the others...it used to be our DC & mail server(wayyyy before I arrived ont he scene) and has since been demoted to a member server. On that server there was a connection that pointed to server2\sys. I deleted that place on server 0 thinking that there could be some leftover connection that could be causing the problem.
  • jlhctjlhct Member Posts: 92 ■■□□□□□□□□
    blargoe wrote:
    You don't want to block inheiritance, unless you don't want ANY site, domain, or parent OU policies to apply. Is there something enabled in a policy in a parent container that could have been blocked by the "block policy inh." setting, ie security settings?

    it was just to test the new settings we wanted to change, to see what their behavior would be before we added in everything else.

    See above for the server 0 part of the story, but I'm wondering since server 0 used to have SBS and acted as the DC and mail if it could have any part to play in all of this. I removed the connection it had to the old server2\sys to see if that could be part of the problem.

    The domain here was kind of built out, not in the right way because there was no IT department for so long...so I constantly find things that are really weird! :) of course, there is no documentation either
Sign In or Register to comment.