Solved

Logon Unsuccessful

Posted on 2006-07-19
49
3,163 Views
Last Modified: 2010-10-04
We have a Windows 2003 Server network. Most computers stay on overnight. When i come in the morning and i try to go to \\192.168.3.* which is my server, i get a Logon Screen in which you can type your username and password. When i do, it tells me

Logon Unsuccessful: The username you typed is the same as the username you logged in with. That username has already been tried. A domain controller cannot be found to verify that username.

When i reboot the computer, it connects to it fine. But it just seems that when i come back in the morning, this happens. I have to reboot my computer every single time.
This is also bad because other computers are running backups and they cannot run the backup because of the same problem.

Any suggestions?
0
Comment
Question by:repco
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 27
  • 19
  • +2
49 Comments
 
LVL 13

Accepted Solution

by:
prashsax earned 500 total points
ID: 17139496
If this happens to some specific machines only then you can try and rejoin these machines to the domain again.

Just bring them to the workgroup first and then join them back to the domain.

This will refresh the machine account and the secure channel password.

That should solve your problem.

0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17142232
i don't think the solution is simply joiing the machine back to the domain every day.....:)

only things i have found on this are if there is a problem with the servers domain membership
0
 
LVL 1

Expert Comment

by:Smoken2337
ID: 17142698
Did this start happening when you moved to Win 2k3 or did it happen after a few weeks etc. The computers that are having this issue are they patched up with the latest MS services packs and patches.
0
Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

 
LVL 4

Expert Comment

by:shard26
ID: 17143738
Just a stab in the dark but I have seen this when the server reboots.  Maybe it is rebooting at night. Check the system event logs to see if you see "The Event log service was started" event id 6005  happeing at night. You only see this when the system reboots.
0
 

Author Comment

by:repco
ID: 17153906
Well rejoining the domain didn't work because my backups still dont run at night. THey will only run if i run them manually in the morning. (i.le. When you reboot your server and your computer still stays on, all you have to do is double click on a network folder and it will automatically sign you back in (not having to reboot your computer)).

I tried creating a batch file that runs every five minutes where it creates a file on the network and deletes it (just to keep the connection alive) but that didn't help.


This has always been happening where the backups don't run at night.

Also, the server does not reboot at night, i checked the logs.
0
 

Author Comment

by:repco
ID: 17167970
Ok, i looked at the computer this morning and it said that it cannot find the specified file M:\test.log. (I have a task program that runs every 5 minutes that opens this file and closes it to keep the network connection from disconnecting). BUT it did open it after i opened windows explorer and double clicked on the network drive.

Any suggestions on why it would not find it overnight but in the morning when i browse the network drives it will? Any suggestions on how to prevent this???
0
 
LVL 13

Expert Comment

by:prashsax
ID: 17168338
What creadential have you used to run this scheduled task.

Does this ID have access to the shared folder.
0
 

Author Comment

by:repco
ID: 17168383
I have Robotask open this file and close it every 5 minutes. It works fine throughout the day but just at night is when it doesn not work.

It should have access to the folder since it does open it throughout the day. Somehow the computer is being disconnected from the server at night.
0
 
LVL 13

Expert Comment

by:prashsax
ID: 17168812
Does someone keep logged into the machine in daytime.

And at night no one is logged into it.

Is it possible that the task is using the credentials of user logged in to access the shared access.
0
 

Author Comment

by:repco
ID: 17168840
Well the machine just stays on during daytime. It's just a backup machine and no body uses it. It does stay logged in at night, or in other words we don't log it off before we leave.

0
 

Author Comment

by:repco
ID: 17170665
i think the real problem here is that it looses connection to the server overnight. is there any way to prevent this?
0
 
LVL 13

Expert Comment

by:prashsax
ID: 17170719
Try setting up a ping to the server so that it lasts for the night.

As you care ready to levae open a dos prompt and do this:

ping IP_Address_of_Server -t > c:\pingresp.txt

This will keep pinging the server and hopefully keep the connection alive.

Have you check that your NIC is not set to turn off when not in use.

Now, you can later check the file c:\pingresp.txt in the network connectivity to the server was not lost.

One more thing, as you leave the machine locked overnight, you can open the shared folder using explorer and leave the window open and then lock the machine. Alternatively you can map the shared folder as a drive and then try can copy the files to the mapped drives.
0
 

Author Comment

by:repco
ID: 17170854
ok, i noticed that the Setting for Allow Computer to Turn this Device off for the NIC was checked, even though i have the computer to "Always On" on Power Management but we'll see how that works. Also, i'll leave the shared folders opened overnight and see what happens. Thanks!!
0
 
LVL 13

Expert Comment

by:prashsax
ID: 17171150
Well, lets see what happens.
0
 

Author Comment

by:repco
ID: 17192649
ok so i pinged the server every 30 seconds. The night before it stopped pinging at 6:00pm, as in the scheduled task for it to ping to server stopped. (I created a task where it pings the server and put the time and response time on a text file). Now last night, it stopped pinging at 1:00am. When i came in the morning and i typed in \\zeus at the Explorer bar i got a enter username and password, i used the same one i logged in with but it would just come back to the logon without any error msgs this time. BUT when i opened the mapped network drive it let me in and i also was able to go into \\zeus. (zeus is the name of our server)

I checked the event viewer and i see that these messages pop up all the time. Maybe this is the source of the problem?


The Security System could not establish a secured connection with the server cifs/ZEUS.  No authentication protocol was available.

The Security System detected an attempted downgrade attack for server cifs/ZEUS.  The failure code from authentication protocol Kerberos was "There are currently no logon servers available to service the logon request.
0
 
LVL 13

Expert Comment

by:prashsax
ID: 17192776
This will force this workstation to use TCP for kerberos authentication.
Do you see some error on domain controller at same time this error occured on workstation.
Can you provide with Event ID.

1. Start Registry Editor.
2. Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\ Kerberos\Parameters
Note If the Parameters key does not exist, create it now.
3. On the Edit menu, point to New, and then click DWORD Value.
4. Type MaxPacketSize, and then press ENTER.
5. Double-click MaxPacketSize, type 1 in the Value data box, click to select the Decimal option, and then click OK.
6. Quit Registry Editor.
7. Restart your computer.
0
 

Author Comment

by:repco
ID: 17193375
Ok, parameters wasn't there so i created the Key along with the DWORD value. Here's the event ID's...

The Security System could not establish a secured connection with the server cifs/192.168.3.198.  No authentication protocol was available. Event ID 40961

The Security System detected an attempted downgrade attack for server HTTP/zeus.  The failure code from authentication protocol Kerberos was "There are currently no logon servers available to service the logon request.
 (0xc000005e)" Event ID 40960

Thanks!!
0
 

Author Comment

by:repco
ID: 17193396
I also see this message once in a while every day.

The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible.  No attempt to contact a source will be made for 959 minutes. NtpClient has no source of accurate time. Event ID 29.

The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized. Event ID 36
0
 
LVL 13

Expert Comment

by:prashsax
ID: 17194853
Ok, can you quickly check just one thing for me.

See, if NETBIOS over TCP/IP is disabled.

If yes, then please enable it.

You can find it in the NIC Properties.
TCP/IP Properties->Advanced->WINS TAB.

The first Radio button should be selected, for enabling NetBios over TCP.
0
 
LVL 13

Expert Comment

by:prashsax
ID: 17194928
Also, check if the time between this machine and the domain controller is in sync, since you are not able to access any NTP time source on DC, time sync could also be the problem.

Windows will not authenticate any machine if time gap is more than 5 mins.

You can setup NTP time source on your DC using this command:

net time /setsntp:time.nist.gov

Just make sure the DC can access time.nist.gov over port 123/TCP to the internet.
0
 

Author Comment

by:repco
ID: 17200924
Ok, i noticed the time was not in sync also, i'll set that up too. The setting for Netbios was set to Default, i set it to Enabled.

Thanks!!
0
 
LVL 13

Expert Comment

by:prashsax
ID: 17200946
So, here you have it.

I think this time unsync is causing the authentication problems.

Just set the NTP time source on DC, and set it as time.nist.gov.

And then set NTP time source on client machine as well. For Client machines NTP time source could be DC.
0
 

Author Comment

by:repco
ID: 17201035
do i have to set it to time.nist.gov or can i set it as any time i want?
0
 
LVL 13

Expert Comment

by:prashsax
ID: 17201080
See, time.nist.gov is a internet IP address which runs a NTP Time Server. The time which this site gives you is thru a atomic clock and it accurate time.

With the command:
net time /setsntp:time.nist.gov

You are telling your DC that it should sync its time with time.nist.gov server. You are not setting time on server, instead you are tell it to get time from some other server.

0
 

Author Comment

by:repco
ID: 17216142
Ok now I'm reading these on the Event Viewer.

The time provider NtpClient was unable to find a domain controller to use as a time source. NtpClient will try again in 960 minutes. Event ID 14

The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible.  No attempt to contact a source will be made for 959 minutes. NtpClient has no source of accurate time. Event ID 29

Also the same ones...
The Security System detected an attempted downgrade attack for server cifs/zeus.  The failure code from authentication protocol Kerberos was "There are currently no logon servers available to service the logon request.

The Security System could not establish a secured connection with the server cifs/zeus.  No authentication protocol was available.


Do you think its my DC that is having problems? Before I troubleshoot it, do you have any other recommendations?
0
 

Author Comment

by:repco
ID: 17216159
Sorry i copied the wrong ones, i was copying the older events here are the new.

The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible.  No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time. Event ID 29

Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer '\\zeus'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751). Event ID 17
0
 
LVL 13

Expert Comment

by:prashsax
ID: 17218486
Can you access the time.nist.gov from your DC.

To test it, open command prompt.
>telnet time.nist.gov 123

This should open a blank window. If not you need to set the permissions on your firewall and allow port 123/TCP from DC to time.nist.gov.

0
 

Author Comment

by:repco
ID: 17223564
ok i can't telnet it through any computer including mine. how do i check if i have the port open?
0
 

Author Comment

by:repco
ID: 17223843
i have the windows firewall off, i also added the 123 as an exception. can you telnet into it? is there any other way to see if time is synched?
0
 

Author Comment

by:repco
ID: 17223975
Ok i tried doing a net stop w32time on the client computer that i'm having problems with. it stopped successfully. Then i did a net start w32time and i received error msg The Windows Time service could not be started. More help by typing NET HELPMSG 3523
0
 

Author Comment

by:repco
ID: 17224009
But if i do it again, it says W32time has already started. Hmm weird. It does take a long time to start when i do it through Services.
0
 
LVL 13

Expert Comment

by:prashsax
ID: 17226226
You need to open the port on your network firewall or the internet router.

Also, just do one thing, set this NTP time server on client machine, so that it syncronize its time from DC.

net time /setsntp:DC_NAME

That should resolve your problem.
0
 

Author Comment

by:repco
ID: 17226462
Ok will do. I don't think it would solve the problem since i've already did the net time /setsntp:olympus last week. but we'll see. thanks for helping me out here since you're the only one that knows.
0
 

Author Comment

by:repco
ID: 17233446
I'm still receiving the same event errors but at least the backups are running at night. I see that it stops pinging the server at 8:00pm, thats about 3 hours later after i leave. I do see that when i come in the morning i see a message pop up that says  M:\is not accessible. The system dectected a possible attempt to compromise security. Please ensure that you can contract the server that authenticated you.

any other suggestions?
0
 
LVL 13

Expert Comment

by:prashsax
ID: 17234449
>The system dectected a possible attempt to compromise security. Please ensure that you can contract the server that >authenticated you

The root cause for this error message is that your machine is not able to get its kerberos ticket re-authenticated from the domain controller after the original ticket has expired. Now, it will work if you reboot the machine and then login afresh.

Now I have few questions.

Does, this machine is using your internal DNS server as primary.
Or do you have specified your ISP DNS server as secondary on this machine?

The other problem could be related to your network, as you said that the server stops pinging at night, at it could be possible that at same time the machine tries to re-authenticate the ticket and it fails.

Now, we need to find out why does the server stops pinging.

Goto that server and check if Power Management is not forcing the NIC on server to go offline at inactivity.

0
 

Author Comment

by:repco
ID: 17234536
Actuall i have a task that will open the file and close it, to keep the conneciton alive, and also ping it. So if it doesn't open the file, it will not go to the next step by pinging the server. I seperated the tasks so they can run individually and see if it pings the server. So i'll check on that tomorrow.  i also checked and the NIC power is disabled.

Also, i have both my ISP's DNS server as Preffered and Alternate
0
 

Author Comment

by:repco
ID: 17234613
Ok, i think i need to set one of my DNS as my DC's IP address?
0
 
LVL 13

Expert Comment

by:prashsax
ID: 17235059
Yes, the DNS server used by machine should only be pointing to DC with Primary DNS server for your domain.

You , should not use any other DNS server in the NIC settings.

If, you want to resolve external IP address, then you can put a forwarder on your internal DNS server, so that your internal DNS server should also resolve internet IP address.
0
 

Author Comment

by:repco
ID: 17244056
Ok, i have set my Preferred and Alternate DNS to my domain controller but i'm still receiving those same event error messages.

I checked the ping log and it successfully pinged the server all night without any loss.

i checked the NIC and its power management is disabled
Device manager > Network Properties > Power Management > unchecked Allow the computer to turn off this device to save power.

I also have the Power Management as "Always ON'

Any other suggestions?

Again, i really appreciate your help here.
0
 
LVL 13

Expert Comment

by:prashsax
ID: 17244196
Ok.

First what about the backup script. Is it still giving problems.

Second, can you give the EventID for this error.

0
 

Author Comment

by:repco
ID: 17244339
the backups ran ok but the error msgs are

The Security System could not establish a secured connection with the server cifs/192.168.3.198.  No authentication protocol was available. Event ID 40961

The Security System detected an attempted downgrade attack for server cifs/192.168.3.198.  The failure code from authentication protocol Kerberos was "There are currently no logon servers available to service the logon request.
 (0xc000005e)". Event ID 40960

this happens about every hour.

0
 
LVL 13

Expert Comment

by:prashsax
ID: 17244410
Check, if there is some disconnected Terminal Sessions on your server.

You can use Terminal Server Manager to check if some user has disconnected a session and had not properly logged off.
0
 

Author Comment

by:repco
ID: 17244434
yes there are many all the time. this server is a terminal server. but this client computer does not connect to the server via terminal services.
0
 

Author Comment

by:repco
ID: 17249686
ok the backups didn't run this time. i still see the same event error messages and also the same pop up message..

M:\is not accessible. The system dectected a possible attempt to compromise security. Please ensure that you can contract the server that authenticated you.

M:\is the DC.

i'm about to give up on this.
0
 
LVL 13

Expert Comment

by:prashsax
ID: 17249778
It could be a license problem, I have seen one such situation.

If you are not running SBS, then you can stop the Windows Licensing Service on your DC and the file server.

It could be possible that your server would run out of license and then stop authenticate this machine.



0
 
LVL 13

Expert Comment

by:prashsax
ID: 17249864
What happened.
Has the issue been resolved.

0
 

Author Comment

by:repco
ID: 17249896
well no it hasn't. it first started with the logon unsuccessfull problem and i think we fixed that part.

i don't really think its the licensing since there is nobody logged on to the server at night. everyone leaves around 5 and this happens around 6 or 8
backups sometimes run and sometimes they don't.

i'll research some more and keep you posted on this. thanks very much though for trying to help me out.
0
 
LVL 13

Expert Comment

by:prashsax
ID: 17249914
Thanks, and please post the solution.
I'll also try and do some research on it as well.
0
 

Author Comment

by:repco
ID: 17249937
Thanks
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Increase size of DHCP scope? 16 125
How do I make our RDS server available from the Internet 5 67
SQL Server Communications Audit 5 125
Need network only 1 user? 10 96
FIPS stands for the Federal Information Processing Standardisation and FIPS 140-2 is a collection of standards that are generically associated with hardware and software cryptography. In most cases, people can refer to this as the method of encrypti…
Nslookup is a command line driven utility supplied as part of most Windows operating systems that can reveal information related to domain names and the Internet Protocol (IP) addresses associated with them. In simple terms, it is a tool that can …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question