Thank you for posting in SBS newsgroup.
From the description, I understand the issue to be: user got event 1006 and
1030 when they log on to SBS domain. They can log on to SBS domain,
however, they can not access shares on the server. If I have misunderstood
your concerns, please do not hesitate to let me know.
Based on my research, I suspect the event 1030/1006 problem is very likely
related to either of the following problems:
1. DNS name resolution.
2. Corrupt user profiles.
Let's check DNS settings first.
Check DNS name resolution:
Windows 2000/2003 AD domains rely on DNS for name resolution. If there is
no internal DNS server, the DC cannot register their SRV, A records on the
DNS zone and therefore the other client machines and member servers will be
unable to locate the directory services.
Basically, we should ensure the following:
1. Please help me confirm if you have followed the steps to configure SBS:
1) Leave the Default Gateway of the internal NIC blank.
2) Configure both the internal NIC and the external NIC to use the internal
DNS Service as the DNS Server.
3) On the DNS Server, create the DNS Forwarder to forward the external DNS
resolution requests to the ISP's DNS server. See:
323380 How to configure DNS for Internet access in Windows Server 2003
4) Strictly followed the instructions in the KB article below to run CEICW:
825763 How to configure Internet access in Windows Small Business Server
2. All client computers should be pointed to internal DNS servers for DNS
Therefore, we need to check the TCP/IP settings on all computers and point
them to the internal DNS server as the "Preferred DNS Server".
3. Check if the Forward Lookup Zone has Dynamic Updates set to None:
1) Click Start -> All Programs -> Administrative Tools -> DNS.
2) Expand Forward Lookup Zones, right-click the zone and select Properties.
3) On the General tab, set Dynamic updates to Nonsecure and secure.
4. After performing the above steps, we can run the following commands on
the DC to create SRV records:
net stop netlogon
net start netlogon
Then please open the DNS management snap-in and browse to
DNS\<ServerName>\Forward Lookup Zones\YourDomain.local\. There should be
new subfolders: _msdcs, _sites, _tcp, _udp, DomainDnsZones and
After performing the above steps, please restart the problematic machine
and check if the problem has been resolved.
If the problem still occurs, would you please help me collect the following
1. On the SBS server, open Server Management, click Users, right-click the
user and click Change Password. Can you log on with the new password and
2. Can you log on to the domain as a domain administrator from the Windows
XP computer and access shares?
3. On the SBS server, check if the user has sufficient NTFS permissions and
Share permissions to the "C:\WINDOWS\SYSVOL\sysvol" folder.
4. You said "I can manually connect to shares if I supply the same
credentials", can you describe how you access the shares manually?
Thanks for your time and I look forward to hearing from you.
Crina Li (MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/sec