R
R
RJ942018-06-05 08:20:07
Active Directory
RJ94, 2018-06-05 08:20:07

Why do folder permissions disappear after a server restart?

Good afternoon! There is a windows server 2012 that acts as a file hosting and terminal server, is not a domain controller. For several months, the SQL2014 server with 1 bases is spinning on it. It has been noticed that after the server is rebooted (by accident or controlled during work), it "forgets" user rights to folders. It manifests itself like this: when connecting remotely (RDP), the folder redirection policy does not work, the user's desktop is empty. Further attempts to enter folders and disks end with an "access denied" chipper.
At first they decided that the server had dropped out of the domain, but there were no errors about "trust relationships" (netdom verify serverB says that the secure channel was verified and the connection to the DC was established), the server pings the controller, pings from the network, you can access it via RDP. It is treated by forced output from the domain and input back. But at the same time, everything stops working at all (since the SID changes), besides, it is desirable to be near him.
The DC has a message in the logs "The Kerberos client received a KRB_AP_ERR_MODIFIED error from server serverB$. The target name used was cifs/ServerB.contoso.com. This means that the target server was unable to decrypt the ticket provided by the client." Google advises re-registering the problematic server in DNS, but this also does not work. What to do

Answer the question

In order to leave comments, you need to log in

1 answer(s)
M
Maxim Grishin, 2018-06-05
@vesper-bot

after rebooting the server (by accident or controlled during work), it "forgets" user rights to folders.
These things should not happen on a normal server. Look in the autorun for software that manages ACLs on a disk with user directories - it is very likely some kind of virus or a forgotten script to reset something there.
As an option, the RTC battery has run out in the server, as a result it starts up with an incorrect local time, which is why kerberos does not work.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question