Solved

Loss of File share Connections / mapped drives

Posted on 2004-08-11
9
220 Views
Last Modified: 2010-05-18
I've seen some related questions posted, but none have yielded a fix:
I'm running a Win2k3 memeber server in a flat domain.  I don't have access to the DC and can't change any domain-wide policies.  I control an OU for my office, with the member server and a dozen XP workstations.  Login authentication is routed through kerberos servers.

I recently switched from an NT 4 domain to the 2003 OU set up, and now some of my workstations are dropping their connections to the shared file network drive for no apparent reason.

The server shows an event ID 529 - bad username and password with the NTLMSsp process, then locks out the workstations shortly after.  I can reconnect after rebooting, but none of the fixes I've seen have stopped it from happening.  I also have repeated 1048/1030 event ID's, stating that the GPO objects can't be reached and policy processing is aborted.  I'm wondering if my access rights or permissions are mistaken, but I can't figure out where I might have erred.  I'm hoping someone has an idea of what's behind these errors.
0
Comment
Question by:Zeek0
  • 4
  • 4
9 Comments
 
LVL 16

Expert Comment

by:Nyaema
ID: 11777418
Make sure all the clients are pointing to the same DNS server windows 2003 server is using for active directory

Also make sure they are not pointing to a WINS server.
0
 
LVL 16

Expert Comment

by:Nyaema
ID: 11777464
What OS are the clients giving you this problem?
Are there any clients running win98/95?

Do you still have the NT4 servers running somewhere in your network?
0
 

Author Comment

by:Zeek0
ID: 11777661
No, the NT 4 system is dead and gone.  All the workstation systems are fully up-to-date XP systems, and the member server is a fully updated 2k3 system.  
0
 

Author Comment

by:Zeek0
ID: 11784292
I fixed the 1058/1030 errors (turned on the TCP/NetBios helper service).  I can't figure out what's up with the NTLMSsp failure audits on the server, though.  Kerberos logins are fine, but at the same time as the Kerberos stuff checks out, I'm getting the bad username/password (529) errors all over the server's event log.  Is there a permission that needs to be given to a particular account for NTLMSsp?  I know these aren't attacks, and I know the usernames and passwords are correct, so something is hanging up - sending bad information or the information is not being read correctly, but I don't know where.  
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:Zeek0
ID: 11794104
Here's a copy of one of the event notifications I get on the file server when these logon failures start occuring.  

Event Type:     Failure Audit
Event Source:     Security
Event Category:     Logon/Logoff
Event ID:     529
Date:          8/13/2004
Time:          11:38:20 AM
User:          NT AUTHORITY\SYSTEM
Computer:     (SERVER)
Description:
Logon Failure:
      Reason:          Unknown user name or bad password
      User Name:     (Username)
      Domain:          (DomainName)
      Logon Type:     3
      Logon Process:     NtLmSsp
      Authentication Package:     NTLM
      Workstation Name:     (WSNAME)
      Caller User Name:     -
      Caller Domain:     -
      Caller Logon ID:     -
      Caller Process ID:     -
      Transited Services:     -
      Source Network Address:     (ip.ip.ip.ip)
      Source Port:     0

I've tried the net config solution, no dice.  The domain set up (which is new to me and not a standard AD implimentation) authenticates sign on through external kerberos servers, and all the kerberos authentication is fine.  I get successful audits of the kerberos processes and logins at the same time as I'm getting these 529 errors from the NTLM deal.  It seems like the info NTLMSsp is trying to use to authenticate is no good for some reason - it's not an incorrect username or password though (unless one or the other is being relayed incorrectly).  
0
 
LVL 16

Expert Comment

by:Nyaema
ID: 11794965
Are the machines part of the domain
or are they in a network
0
 

Author Comment

by:Zeek0
ID: 11795499
all part of the domain.  i'm wondering if i have a setting somewhere in a GPO that's screwing it up, i.e. not giving access to the system in a particular way that allows the NTLM stuff to connect and transfer data properly.  
0
 
LVL 1

Expert Comment

by:ameen_al
ID: 11807935
Hi,

you just make sure that you are  using  same  Version of NTLM at DC and client.


See this URL for more help.   http://support.microsoft.com/default.aspx?scid=kb;en-us;Q239869


Ameen
0
 
LVL 16

Accepted Solution

by:
Nyaema earned 500 total points
ID: 11863454
This is the description I can find for that event on the microsoft website.

http://www.microsoft.com/technet/support/ee/result.aspx?EvtSrc=Security&EvtID=529&ProdName=Windows+Operating+System&LCID=1033&ProdVer=5.0

Doesn't look very helpful...

Further research shows that Windows XP service pack 2 might sort your probelm out

Though you have not mentioned what version of Kerberos you are using
this articles might apply to you but more specifically applies to to MIT Kerberos

http://support.microsoft.com/default.aspx?scid=kb;en-us;836878&Product=winxp
http://support.microsoft.com/default.aspx?scid=kb;en-us;811802&Product=winxp

Given the dates the articles were written
you will find that the relevant hotfixes have been included in Windows XP Service Pack 2

http://www.microsoft.com/downloads/details.aspx?FamilyId=049C9DBE-3B8E-4F30-8245-9E368D3CDB5A&displaylang=en
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Suggested Solutions

In a recent article here at Experts Exchange (http://www.experts-exchange.com/articles/18880/PaperPort-14-in-Windows-10-A-First-Look.html), I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension (http://www.experts-exchange.com/discussions/210281/Attachments-with-no-extension.html). This reminded me of questions tha…
This video discusses moving either the default database or any database to a new volume.
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now