Solved

Users Must Reauthenticate in SBS2003

Posted on 2006-06-20
14
391 Views
Last Modified: 2012-05-05
I have recently set up a Windows SBS2003 server and domain.  All users were running fine.  Last week a few started having to reauthenticate to the SBS server at "random" points during the day when they accessed their e-mail and/or network mapped drives.  This problem has been worsening, with more and more users experiencing it each day.  Now, when some log on, they can't see the network drives at all (mapping applied at logon by a group policy script), yet the mappings to the old server (Windows 2000 Server) are fine, so I know they are running the script.  Once they log on (apparently not authenticating properly?), click on a network resource, they get asked to reauthenticate.  Then, once they do, they can manually run this vbs drive-mapping script and everything is peachy.  Any ideas?
0
Comment
Question by:maryatroasters
  • 7
  • 5
14 Comments
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16948651
So, you had an old server and domain?  Or was the old server just in a workgroup before?

I'm wondering as well about your drive mapping script... generally you wouldn't do this through group policy... it would be done by adding a CALL line to the SBS_LOGIN_SCRIPT.bat file that calls up a second .bat file in the same directory (which is \\SERVERNAME\NETLOGON).

And THAT makes me wonder if you added your users and computers via the required SBS Add-User and Add-Computer Wizards.  These make sure that a number of things are properly configured, and they ensure that users and computers are placed in the proper default OUs.

Jeff
TechSoEasy
0
 

Author Comment

by:maryatroasters
ID: 16954344
Yes, we had a Windows 2000 Server and different domain.  In fact, that server is still in use, and the same users and passwords are set up on both servers.  The .vbs script I have running maps drives on both servers, and interestingly enough, is always successful in mapping the drives on the older server, but it is the NEW server shares that are not getting mapped (though they USED to).  And this problem is not happening for all users... just a few, but getting worse.

And, yes,  I added the users and computers via the wizards, and all affected clients were migrated using the connectcomputer utility (along with many other users who are NOT experiencing the loss of authentication).  Everyone was running fine until last week, and I can't recall an event that might have triggered this.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16954604
So, when users want to access files on the old server you have them log onto that separately??  That doesn't make any sense at all... can you please explain?

Also, can you please post a complete IPCONFIG /ALL from both the SBS as well as the Win2K server?  I'm sure this has to do with the relationship between these two servers... whether it be DNS, NETBIOS/WINS or a combination of the two... because SBS domains do not support trusts and SBS will not tollerate another domain controller on the same subnet, I would suspect that the SBCore service is interfering.

Jeff
TechSoEasy
0
 

Author Comment

by:maryatroasters
ID: 16954786
Thank you for your quick reply, Jeff.

When the users log onto their PC, the authentication takes place on BOTH servers at that time, even though they are logging onto the SBS domain (one logon).  The 2000 domain server has been playing nicely withing the SBS domain that way since day 1.  (Have I been taking advantage of an "undocumented feature?")  The login script maps drives on both servers, and this has worked up to last week.  As I stated earlier, the drive mappings to the 2000 server are solid and there every time.

I have taken printscreens of IPCONFIG /ALL on both servers and will post them promptly (when I figure out how to do that here).

Thanks again.
0
 

Author Comment

by:maryatroasters
ID: 16954890
OK, I'll have to copy/paste, I guess.  :o)

Here is the SBS Server:

Windows IP Configuration

   Host Name . . . . . . . . . . . . : serversbs
   Primary Dns Suffix  . . . . . . . : Diedrich.local
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : Diedrich.local

Ethernet adapter Server LAN:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
   Physical Address. . . . . . . . . : 00-14-22-78-93-13
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.1.1
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   Primary WINS Server . . . . . . . : 192.168.1.1

Ethernet adapter Internet:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : NETGEAR GA311 Gigabit Adapter
   Physical Address. . . . . . . . . : 00-0F-B5-FE-8F-32
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.1.253
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.254
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   Primary WINS Server . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Disabled

Here is the Win2K server:

Windows 2000 IP Configuration

      Host Name . . . . . . . . . . . . : server2000
      Primary DNS Suffix  . . . . . . . : diedrichmfg.local
      Node Type . . . . . . . . . . . . : Hybrid
      IP Routing Enabled. . . . . . . . : No
      WINS Proxy Enabled. . . . . . . . : No
      DNS Suffix Search List. . . . . . : diedrichmfg.local

Ethernet adapter Intel Fast Ethernet LAN Controller - onboard:

      Connection-specific DNS Suffix  . :
      Description . . . . . . . . . . . : Intel(R) PRO/100 Network Connection
      Physical Address. . . . . . . . . : 00-06-5B-3F-69-CC
      DHCP Enabled. . . . . . . . . . . : No
      IP Address. . . . . . . . . . . . : 192.168.1.168
      Subnet Mask . . . . . . . . . . . : 255.255.255.0
      Default Gateway . . . . . . . . . : 192.168.1.1
      DNS Servers . . . . . . . . . . . : 192.168.1.1
                                          69.41.131.4

0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16955718
Well, I see how this may be happening... in that you have configured the same subnet on both of the SBS's NICs which essentially makes RRAS a totally ineffective firewall.  But, we'll get back to that...

Can you please explain how  "the authentication takes place on BOTH servers at that time, even though they are logging onto the SBS domain (one logon). "???

Jeff
TechSoEasy
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:maryatroasters
ID: 16955988
Well... *blush*... perhaps I cannot explain it, and hence one of my problems.  :o)   But for over a month, the users were logging into the SBS domain, and the script was running and authenticating them properly to the WIN2K server when the script called for mapping to the WIN2K server shares.  The application running on the WIN2K server runs properly, too (utilizing one of the 2 mapped drives to the older WIN2K server).  The users never actually authenticate to this WIN2K server explicitly.  But it has always worked.  Again... an undocumented feature that is now biting me in the behind?

- TTT
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16967814
Perhaps you want to provide the content of the script here?

It's definitely not an undocumented feature... but what I don't understand is why you haven't joined the Win2K server to your SBS domain??

http://sbsurl.com/addserver will explain how.

Jeff
TechSoEasy
0
 

Author Comment

by:maryatroasters
ID: 16971650
Script:

' logon script for all users
' v1.0 (09/13/02)
' v1.1 (10/21/02) added AVG workstation communications
' v1.2 (11/14/02) change location of drive T, add drive U
' v1.3 (11/10/03) change location of drive T
' v1.4 (01/05/04) add drive X for Epicor (Vista)
' v1.5 (01/26/05) add drive W for Schedules
' v1.6 (03/17/05) add drive Y for VSS
' v1.7 (10/24/05) add drive J for Fedex
' v1.8 (05/05/06) clean up for ServerSBS
'
' map drives onlogin, unmap previous mappings
'
option explicit
on error resume next

dim i, d_drv(9), d_map(9)
dim wshnet
dim ofs
dim drive_coll
dim drive_item
' define mapped drives
d_drv(0)="I:" :d_drv(1)="M:" :d_drv(2)="P:" :d_drv(3)="S:"
d_drv(4)="T:" :d_drv(5)="R:" :d_drv(6)="V:" :d_drv(7)="X:"
d_drv(8)="W:" :d_drv(9)="Y:"
' define mappings
d_map(0)="\\serversbs\ups"
d_map(1)="\\serversbs\manage"
d_map(2)="\\serversbs\apps"
d_map(3)="\\serversbs\techsupp"
d_map(4)="\\serversbs\Diedrich_db"
d_map(5)="\\serversbs\pt"
d_map(6)="\\server2000\Vista"
d_map(7)="\\server2000\epicor"
d_map(8)="\\serversbs\Schedules"
d_map(9)="\\serversbs\VSS"
set wshnet=wscript.createobject("wscript.network")
set drive_coll=wshnet.enumnetworkdrives
for i=0 to 9
      for each drive_item in drive_coll
            if drive_item=d_drv(i) then wshnet.removenetworkdrive d_drv(i),true,true
      next
      wshnet.mapnetworkdrive d_drv(i),d_map(i),true
next
set drive_item=nothing
set drive_coll=nothing
set wshnet=nothing
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16971680
Okay, that looks pretty clean... how about logging onto one of the workstations with an account that's having trouble... run the following at the command prompt and post that as well:

cd c:\
gpresult /z >result.txt

Jeff
TechSoEasy
0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 250 total points
ID: 16971697
By the way, you will need to correct your network settings on the SBS.  What kind of router do you have at 192.168.1.254?  Also what kind of switch do you have on the internal side?

Good example of how to configure:  http://sbsurl.com/twonics

Jeff
TechSoEasy
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17493226
What ever happened to this?  Did you resolve your problems?

Jeff
TechSoEasy
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Introduction At 19:33 (UST) on Tuesday 21st September the long awaited email arrived with the subject title of “ANNOUNCING THE AVAILABILITY OF WINDOWS SBS 7 PREVIEW”.  It was time to drop whatever I was doing and dedicate as much bandwidth as possi…
If you are a user of the discontinued Microsoft Office Accounting 2008 (MSOA) and have to move to a new computer running Windows 8, you will be unhappy to discover that it won't install.  In particular, Microsoft SQL Server 2005 Express Edition (SSE…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now