Solved

Loss of File share Connections / mapped drives

Posted on 2004-08-11
9
225 Views
Last Modified: 2010-05-18
I've seen some related questions posted, but none have yielded a fix:
I'm running a Win2k3 memeber server in a flat domain.  I don't have access to the DC and can't change any domain-wide policies.  I control an OU for my office, with the member server and a dozen XP workstations.  Login authentication is routed through kerberos servers.

I recently switched from an NT 4 domain to the 2003 OU set up, and now some of my workstations are dropping their connections to the shared file network drive for no apparent reason.

The server shows an event ID 529 - bad username and password with the NTLMSsp process, then locks out the workstations shortly after.  I can reconnect after rebooting, but none of the fixes I've seen have stopped it from happening.  I also have repeated 1048/1030 event ID's, stating that the GPO objects can't be reached and policy processing is aborted.  I'm wondering if my access rights or permissions are mistaken, but I can't figure out where I might have erred.  I'm hoping someone has an idea of what's behind these errors.
0
Comment
Question by:Zeek0
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
9 Comments
 
LVL 16

Expert Comment

by:Nyaema
ID: 11777418
Make sure all the clients are pointing to the same DNS server windows 2003 server is using for active directory

Also make sure they are not pointing to a WINS server.
0
 
LVL 16

Expert Comment

by:Nyaema
ID: 11777464
What OS are the clients giving you this problem?
Are there any clients running win98/95?

Do you still have the NT4 servers running somewhere in your network?
0
 

Author Comment

by:Zeek0
ID: 11777661
No, the NT 4 system is dead and gone.  All the workstation systems are fully up-to-date XP systems, and the member server is a fully updated 2k3 system.  
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:Zeek0
ID: 11784292
I fixed the 1058/1030 errors (turned on the TCP/NetBios helper service).  I can't figure out what's up with the NTLMSsp failure audits on the server, though.  Kerberos logins are fine, but at the same time as the Kerberos stuff checks out, I'm getting the bad username/password (529) errors all over the server's event log.  Is there a permission that needs to be given to a particular account for NTLMSsp?  I know these aren't attacks, and I know the usernames and passwords are correct, so something is hanging up - sending bad information or the information is not being read correctly, but I don't know where.  
0
 

Author Comment

by:Zeek0
ID: 11794104
Here's a copy of one of the event notifications I get on the file server when these logon failures start occuring.  

Event Type:     Failure Audit
Event Source:     Security
Event Category:     Logon/Logoff
Event ID:     529
Date:          8/13/2004
Time:          11:38:20 AM
User:          NT AUTHORITY\SYSTEM
Computer:     (SERVER)
Description:
Logon Failure:
      Reason:          Unknown user name or bad password
      User Name:     (Username)
      Domain:          (DomainName)
      Logon Type:     3
      Logon Process:     NtLmSsp
      Authentication Package:     NTLM
      Workstation Name:     (WSNAME)
      Caller User Name:     -
      Caller Domain:     -
      Caller Logon ID:     -
      Caller Process ID:     -
      Transited Services:     -
      Source Network Address:     (ip.ip.ip.ip)
      Source Port:     0

I've tried the net config solution, no dice.  The domain set up (which is new to me and not a standard AD implimentation) authenticates sign on through external kerberos servers, and all the kerberos authentication is fine.  I get successful audits of the kerberos processes and logins at the same time as I'm getting these 529 errors from the NTLM deal.  It seems like the info NTLMSsp is trying to use to authenticate is no good for some reason - it's not an incorrect username or password though (unless one or the other is being relayed incorrectly).  
0
 
LVL 16

Expert Comment

by:Nyaema
ID: 11794965
Are the machines part of the domain
or are they in a network
0
 

Author Comment

by:Zeek0
ID: 11795499
all part of the domain.  i'm wondering if i have a setting somewhere in a GPO that's screwing it up, i.e. not giving access to the system in a particular way that allows the NTLM stuff to connect and transfer data properly.  
0
 
LVL 1

Expert Comment

by:ameen_al
ID: 11807935
Hi,

you just make sure that you are  using  same  Version of NTLM at DC and client.


See this URL for more help.   http://support.microsoft.com/default.aspx?scid=kb;en-us;Q239869


Ameen
0
 
LVL 16

Accepted Solution

by:
Nyaema earned 500 total points
ID: 11863454
This is the description I can find for that event on the microsoft website.

http://www.microsoft.com/technet/support/ee/result.aspx?EvtSrc=Security&EvtID=529&ProdName=Windows+Operating+System&LCID=1033&ProdVer=5.0

Doesn't look very helpful...

Further research shows that Windows XP service pack 2 might sort your probelm out

Though you have not mentioned what version of Kerberos you are using
this articles might apply to you but more specifically applies to to MIT Kerberos

http://support.microsoft.com/default.aspx?scid=kb;en-us;836878&Product=winxp
http://support.microsoft.com/default.aspx?scid=kb;en-us;811802&Product=winxp

Given the dates the articles were written
you will find that the relevant hotfixes have been included in Windows XP Service Pack 2

http://www.microsoft.com/downloads/details.aspx?FamilyId=049C9DBE-3B8E-4F30-8245-9E368D3CDB5A&displaylang=en
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction How to create multiboot configuration with XP\Vista and Windows 7 on it? And most important question - how to do this correctly so not to have any kind of nightmares we get when system gets screwed? First of all one should realize t…
Just about everyone has an old PC laying around.  Ask anyone in the IT industry, whether they are a professional or play in it as a hobby.  From outdated Desktops to cheap "throwaway" laptops, they are all around and not as hard to "fix up" as you m…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.
Suggested Courses

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question