An odd-ball problem for a server login

Discussion in 'OT Technology' started by 5Gen_Prelude, May 3, 2007.

  1. 5Gen_Prelude

    5Gen_Prelude There might not be an "I" in the word "Team", but

    Joined:
    Mar 14, 2000
    Messages:
    14,519
    Likes Received:
    1
    Location:
    Vancouver, BC, CANADA
    We have two servers that are identical, one we use for production, one for beta testing. We have swapped hard drives back and forth between the two of them, sometimes as a pair, sometimes as singles breaking the mirror and letting it recreate the image on the other machine. This has worked no problems.

    However, the last time I did it, it imaged fine, I unplugged the network cable, disjoined it from the domain offline, rebooted, changed the name of the computer rebooted, plugged in the network cable. I forgot to clear the IP address so there was an IP conflict (whoops - my bad). Easily fixed though. Rebooted again and joined the domain with our admin credentials, rebooted. I then logged into the computer with those same credentials using Remote Desktop (I didn't want to be in that room any longer than I had to) and it froze. I went back into the server room, and the keyboard was frozen too (No C-A-D), but the mouse was still working. I reset the computer, same problem when I tried to login locally. Tried another domain account and it worked fine. Disjoined from the domain and rejoined. Same problem. Cleared the user profile out. Same problem.

    So I'm thinking there is a registry setting it's not clearing but I'm not sure. Is there any way of knowing what each of the S- numbers that are in the user profile in the registry are referring to? Or any other ideas?
     
  2. Create

    Create :free at last:

    Joined:
    Jan 4, 2006
    Messages:
    8,043
    Likes Received:
    2
    OS is Server 2003? KB plugs into what port?
     
  3. 5Gen_Prelude

    5Gen_Prelude There might not be an "I" in the word "Team", but

    Joined:
    Mar 14, 2000
    Messages:
    14,519
    Likes Received:
    1
    Location:
    Vancouver, BC, CANADA
    Yes and it's a PS/2 KB. Besides, it only locks up the keyboard with that specific login name. It's probably the only user name that was used before the raid was broken and re-created so I'm guessing it is some setting buried but damned if I can find it.
     
  4. 5Gen_Prelude

    5Gen_Prelude There might not be an "I" in the word "Team", but

    Joined:
    Mar 14, 2000
    Messages:
    14,519
    Likes Received:
    1
    Location:
    Vancouver, BC, CANADA
    Actually no - didn't even occur to me to try that. Have to give that shot tomorrow.
     
  5. 5Gen_Prelude

    5Gen_Prelude There might not be an "I" in the word "Team", but

    Joined:
    Mar 14, 2000
    Messages:
    14,519
    Likes Received:
    1
    Location:
    Vancouver, BC, CANADA
    Hmmm - well get this. I unplugged the network and logged in and that seemed to clear the problem. Although, the desktop is grey instead of blue and it takes about 20 seconds login (as opposed to a few seconds with the other accounts). Odd behaviour, but at least its not hanging the server anymore.
     
  6. deusexaethera

    deusexaethera OT Supporter

    Joined:
    Jan 27, 2005
    Messages:
    19,712
    Likes Received:
    0
    The group policy is corrupted. Hop on the domain controller and push the domain's group policy onto the rebuilt server.
     
  7. 5Gen_Prelude

    5Gen_Prelude There might not be an "I" in the word "Team", but

    Joined:
    Mar 14, 2000
    Messages:
    14,519
    Likes Received:
    1
    Location:
    Vancouver, BC, CANADA
    That must have been it since it now works fine (no delay and I fixed the backgound this morning). I didn't push or pull the policy but I'm sure it's been long enough for it to refresh since this morning. But it begs the question, what made you say that?
     
  8. deusexaethera

    deusexaethera OT Supporter

    Joined:
    Jan 27, 2005
    Messages:
    19,712
    Likes Received:
    0
    Domain Policy, Group Policy (local machine policy), and User Policy are stored as a series of bit masks that are joined together through various logical operators to form what is called the Resultant Policy. When the various Policies conflict with each other such that they produce resultant values that can't be implemented by Windows (and I don't know what they are, I just know they exist) then the service that implements that particular policy will hang until it times out and gets terminated.

    When that happens, usually Windows will ask whatever is its highest authority (in this case, the domain) what it should do, and then it will replace the corrupted subordinate policies with copies of the highest-authority's policy. After that, it starts working right again, but if you ever remove that highest authority (take the machine off the domain) the policies that were once corrupted won't revert back to what they were before that authority took control, because the local policies got overwritten.
     
  9. 5Gen_Prelude

    5Gen_Prelude There might not be an "I" in the word "Team", but

    Joined:
    Mar 14, 2000
    Messages:
    14,519
    Likes Received:
    1
    Location:
    Vancouver, BC, CANADA
    Makes sense. Sort of. I would have thought rejoining the domain would have rewritten the policies though.
     
  10. keleko

    keleko yes, he is

    Joined:
    May 22, 2005
    Messages:
    28,741
    Likes Received:
    0
    Location:
    lauderhill, fl
    only that user?

    my 1st thought was:
    blow away the account (and associated profile files) and re-create it
     
  11. 5Gen_Prelude

    5Gen_Prelude There might not be an "I" in the word "Team", but

    Joined:
    Mar 14, 2000
    Messages:
    14,519
    Likes Received:
    1
    Location:
    Vancouver, BC, CANADA
    Yup - did that. Didn't do me any good. In fact looking at the D+S settings, it was creating a folder every time but it would fail during the logon process. I could delete out the profile and the D+S folder but it would just recreate the exact same problem over and over again.
     
  12. deusexaethera

    deusexaethera OT Supporter

    Joined:
    Jan 27, 2005
    Messages:
    19,712
    Likes Received:
    0
    Not if something went wrong during the rejoin. Besides, Domain Policy doesn't overwrite Local Policies, it overrules them except in the case I explained above. In the event that it was a the Local Policy that was corrupted (which is entirely possible given the fact that you were swapping hardware), the conflict would still have to be resolved the slow way, by detecting and overwriting the corrupt Local Policy, not just by refreshing the Domain Policy,
     
  13. deusexaethera

    deusexaethera OT Supporter

    Joined:
    Jan 27, 2005
    Messages:
    19,712
    Likes Received:
    0
    My job is formally to produce various forms of documentation to improve the software development process at my company, but the satellite office I work in has six people, only three of whom have any real IT skills, and I'm the youngest of the three, so I get the job of setting up servers and troubleshooting usability problems in addition to my real job. Besides, as Peyomp has pointed out in numerous past debates, an engineer can't possibly design a system without any working knowledge of the available components. (I always add that I don't need to have an intimate knowledge of them, just knowledge of their capabilities, but intimate knowledge works too.)
     

Share This Page