From: Greg Langham (greg_at_ubh.com)
Date: Tue Sep 24 2002 - 17:12:50 EDT
We have just been on the phone with Mickeysoft on a Windows 2000 Domain
Controller issue that has service pack 3 installed.
Here is the scenario:
- Machine is an active directory domain controller
- Machine handles about 30 printers.
- All printers are LPR printers that print to FQDN addresses (i.e.
printer1.ubh.com) and not raw IP addresses
- Machine upgraded to SP3
Symptoms:
- An administrator can print fine to the printer
- A "normal" user cannot print.
- Upon further review, a normal user, signed on the domain
controller locally (for testing only of course) cannot perform a DNS lookup
of any kind. An administrator can.
As it turns out, a print job is submitted to the server with the user's
credentials. The server resolves the printer address with user credentials,
which means the address could not be resolved.
It can get worse: If you happen to have a domain controller than is also a
terminal server running in application mode (and thus you have normal users
running on that server), SP3 will essentially render it useless to the
standard user as all DNS lookups will fail.
The workaround for our original printing problem is to change all of our LPR
ports to straight IP addresses (we don't like that long term, but it gets us
printing again.)
This hasn't been documented yet at Microsoft and they don't have a fix.
Greg
This archive was generated by hypermail 2.1.3 : Thu Jan 23 2003 - 09:59:21 EST