We have a client with two offices, one is a PC shop and the other is a Mac shop. The enjoy a friendly rivalry and it’s up to me to make sure that they play nicely together.
We recently upgraded the servers in Microsoft shop to Windows 2003 and found that the Mac clients could no longer access the shares over the VPN.
Some googling and experimenting later, and we stumbled upon the issue.
The Samba client that the Macs use doesn’t support encrypted communications, and the Windows 2003 server out of the box turns on encrypted communications and prevents anyone who isn’t encrypting from accessing its shares.
So, a quick detour through the Domain Controller Security Policy applet in the Administrative Tools folder did the trick.
In there, go to Local Policies / Security Options.
Scroll down to “Microsoft network server: digitally sign communications (always)” and set that sucker to DISABLED.
Reapply the policy by running GPUPDATE (start, run, gpupdate) and sit back in delight as your clients can connect to the shares once again.
Thanks to MacOSXHints and AllInTheHead for the pointers.
Ran into a couple snags trying to install VMWare Server 2.0 onto Windows Server 2003 R2 today, and figured I’d share in the workarounds:
First issue was an error when trying to launch the setup program: “The System Administrator has set policies to prevent this installation.” Hm. I’m the system administrator, and I don’t recall setting any such policies.
Happily, Jason Boche — a VMWare Virtualtization Evangelist — wrote a blog entry which explained a simple fix. Apparently this is part of Windows 2003’s new “high security” mode, and I suppose I can’t fault Microsoft for it… much.
Jason’s solution is thus:
- Click Start
- Click Run
- gpedit.msc <enter>
- Drill down to Computer configuration
- Windows Settings
- Security Settings
- Software Restriction Policies
- Right click Software Restriction Policies
- Choose Create New Policies
- On the right hand side, right click Enforcement
- Choose Properties
- Down below, choose All users except local administrators
- Click OK
- Close Group Policy
- Open a Command Prompt
- Run the command gpupdate /force <enter>
- When local group policy is finished updating, re-run the VMware Server 2.0 setup
Worked like a charm. Thanks, Jason!
Second up was once the install started running, I got stymied with “Error 1718: File c:\windows\installer\randomstring.msi was rejected by digitial signature policy.”
According to Shawn Bass’ blog, there’s an issue with the WIndows Installer engine and big MSIs. Microsoft has made a hotfix availablewhich, after a reboot, took care of things.