I've written a script that clears the DNS client and Kerberos caches until I hit an error when trying to access \domainname.comsysvol. At that point, a gpupdate operation fails with error 1030, indicating the username or password is incorrect, and the only fix seems to be signing out and back in.
I'm trying to dig deeper into what's causing this issue—could it be related to the DFS client cache? I also want to know if there's a way to enable DFS logging on the client side.
I've noticed that accessing SMB/DFS shares can be unreliable due to caching, meaning I can access them even without a full Kerberos cache being refreshed. However, browsing printer shares appears to behave differently, as after some time it just fails to work until the screen is locked and unlocked with a password.
3 Answers
The script is just for testing purposes, right? Eventually, you'll enable Kerberos logging, which should give you a clearer picture of what's going wrong. Just keep an eye on the cache behaviors, especially with those printer shares!
You might want to stop running your script for a bit and see if it helps. Just a thought! Sometimes those caches can be tricky, and it might just be a temporary glitch that resolves on its own.
From what I gather, it seems like browsing SMB/DFS shares has a cache that’s a bit hit or miss. Even with an empty Kerberos cache, you might still get access, which is odd. Printer shares, on the other hand, just stop working at some point unless you refresh by locking and unlocking the screen.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures