Solved

Logon Unsuccessful

Posted on 2006-07-19
49
3,137 Views
Last Modified: 2010-10-04
We have a Windows 2003 Server network. Most computers stay on overnight. When i come in the morning and i try to go to \\192.168.3.* which is my server, i get a Logon Screen in which you can type your username and password. When i do, it tells me

Logon Unsuccessful: The username you typed is the same as the username you logged in with. That username has already been tried. A domain controller cannot be found to verify that username.

When i reboot the computer, it connects to it fine. But it just seems that when i come back in the morning, this happens. I have to reboot my computer every single time.
This is also bad because other computers are running backups and they cannot run the backup because of the same problem.

Any suggestions?
0
Comment
Question by:repco
  • 27
  • 19
  • +2
49 Comments
 
LVL 13

Accepted Solution

by:
prashsax earned 500 total points
Comment Utility
If this happens to some specific machines only then you can try and rejoin these machines to the domain again.

Just bring them to the workgroup first and then join them back to the domain.

This will refresh the machine account and the secure channel password.

That should solve your problem.

0
 
LVL 48

Expert Comment

by:Jay_Jay70
Comment Utility
i don't think the solution is simply joiing the machine back to the domain every day.....:)

only things i have found on this are if there is a problem with the servers domain membership
0
 
LVL 1

Expert Comment

by:Smoken2337
Comment Utility
Did this start happening when you moved to Win 2k3 or did it happen after a few weeks etc. The computers that are having this issue are they patched up with the latest MS services packs and patches.
0
 
LVL 4

Expert Comment

by:shard26
Comment Utility
Just a stab in the dark but I have seen this when the server reboots.  Maybe it is rebooting at night. Check the system event logs to see if you see "The Event log service was started" event id 6005  happeing at night. You only see this when the system reboots.
0
 

Author Comment

by:repco
Comment Utility
Well rejoining the domain didn't work because my backups still dont run at night. THey will only run if i run them manually in the morning. (i.le. When you reboot your server and your computer still stays on, all you have to do is double click on a network folder and it will automatically sign you back in (not having to reboot your computer)).

I tried creating a batch file that runs every five minutes where it creates a file on the network and deletes it (just to keep the connection alive) but that didn't help.


This has always been happening where the backups don't run at night.

Also, the server does not reboot at night, i checked the logs.
0
 

Author Comment

by:repco
Comment Utility
Ok, i looked at the computer this morning and it said that it cannot find the specified file M:\test.log. (I have a task program that runs every 5 minutes that opens this file and closes it to keep the network connection from disconnecting). BUT it did open it after i opened windows explorer and double clicked on the network drive.

Any suggestions on why it would not find it overnight but in the morning when i browse the network drives it will? Any suggestions on how to prevent this???
0
 
LVL 13

Expert Comment

by:prashsax
Comment Utility
What creadential have you used to run this scheduled task.

Does this ID have access to the shared folder.
0
 

Author Comment

by:repco
Comment Utility
I have Robotask open this file and close it every 5 minutes. It works fine throughout the day but just at night is when it doesn not work.

It should have access to the folder since it does open it throughout the day. Somehow the computer is being disconnected from the server at night.
0
 
LVL 13

Expert Comment

by:prashsax
Comment Utility
Does someone keep logged into the machine in daytime.

And at night no one is logged into it.

Is it possible that the task is using the credentials of user logged in to access the shared access.
0
 

Author Comment

by:repco
Comment Utility
Well the machine just stays on during daytime. It's just a backup machine and no body uses it. It does stay logged in at night, or in other words we don't log it off before we leave.

0
 

Author Comment

by:repco
Comment Utility
i think the real problem here is that it looses connection to the server overnight. is there any way to prevent this?
0
 
LVL 13

Expert Comment

by:prashsax
Comment Utility
Try setting up a ping to the server so that it lasts for the night.

As you care ready to levae open a dos prompt and do this:

ping IP_Address_of_Server -t > c:\pingresp.txt

This will keep pinging the server and hopefully keep the connection alive.

Have you check that your NIC is not set to turn off when not in use.

Now, you can later check the file c:\pingresp.txt in the network connectivity to the server was not lost.

One more thing, as you leave the machine locked overnight, you can open the shared folder using explorer and leave the window open and then lock the machine. Alternatively you can map the shared folder as a drive and then try can copy the files to the mapped drives.
0
 

Author Comment

by:repco
Comment Utility
ok, i noticed that the Setting for Allow Computer to Turn this Device off for the NIC was checked, even though i have the computer to "Always On" on Power Management but we'll see how that works. Also, i'll leave the shared folders opened overnight and see what happens. Thanks!!
0
 
LVL 13

Expert Comment

by:prashsax
Comment Utility
Well, lets see what happens.
0
 

Author Comment

by:repco
Comment Utility
ok so i pinged the server every 30 seconds. The night before it stopped pinging at 6:00pm, as in the scheduled task for it to ping to server stopped. (I created a task where it pings the server and put the time and response time on a text file). Now last night, it stopped pinging at 1:00am. When i came in the morning and i typed in \\zeus at the Explorer bar i got a enter username and password, i used the same one i logged in with but it would just come back to the logon without any error msgs this time. BUT when i opened the mapped network drive it let me in and i also was able to go into \\zeus. (zeus is the name of our server)

I checked the event viewer and i see that these messages pop up all the time. Maybe this is the source of the problem?


The Security System could not establish a secured connection with the server cifs/ZEUS.  No authentication protocol was available.

The Security System detected an attempted downgrade attack for server cifs/ZEUS.  The failure code from authentication protocol Kerberos was "There are currently no logon servers available to service the logon request.
0
 
LVL 13

Expert Comment

by:prashsax
Comment Utility
This will force this workstation to use TCP for kerberos authentication.
Do you see some error on domain controller at same time this error occured on workstation.
Can you provide with Event ID.

1. Start Registry Editor.
2. Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\ Kerberos\Parameters
Note If the Parameters key does not exist, create it now.
3. On the Edit menu, point to New, and then click DWORD Value.
4. Type MaxPacketSize, and then press ENTER.
5. Double-click MaxPacketSize, type 1 in the Value data box, click to select the Decimal option, and then click OK.
6. Quit Registry Editor.
7. Restart your computer.
0
 

Author Comment

by:repco
Comment Utility
Ok, parameters wasn't there so i created the Key along with the DWORD value. Here's the event ID's...

The Security System could not establish a secured connection with the server cifs/192.168.3.198.  No authentication protocol was available. Event ID 40961

The Security System detected an attempted downgrade attack for server HTTP/zeus.  The failure code from authentication protocol Kerberos was "There are currently no logon servers available to service the logon request.
 (0xc000005e)" Event ID 40960

Thanks!!
0
 

Author Comment

by:repco
Comment Utility
I also see this message once in a while every day.

The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible.  No attempt to contact a source will be made for 959 minutes. NtpClient has no source of accurate time. Event ID 29.

The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized. Event ID 36
0
 
LVL 13

Expert Comment

by:prashsax
Comment Utility
Ok, can you quickly check just one thing for me.

See, if NETBIOS over TCP/IP is disabled.

If yes, then please enable it.

You can find it in the NIC Properties.
TCP/IP Properties->Advanced->WINS TAB.

The first Radio button should be selected, for enabling NetBios over TCP.
0
 
LVL 13

Expert Comment

by:prashsax
Comment Utility
Also, check if the time between this machine and the domain controller is in sync, since you are not able to access any NTP time source on DC, time sync could also be the problem.

Windows will not authenticate any machine if time gap is more than 5 mins.

You can setup NTP time source on your DC using this command:

net time /setsntp:time.nist.gov

Just make sure the DC can access time.nist.gov over port 123/TCP to the internet.
0
 

Author Comment

by:repco
Comment Utility
Ok, i noticed the time was not in sync also, i'll set that up too. The setting for Netbios was set to Default, i set it to Enabled.

Thanks!!
0
 
LVL 13

Expert Comment

by:prashsax
Comment Utility
So, here you have it.

I think this time unsync is causing the authentication problems.

Just set the NTP time source on DC, and set it as time.nist.gov.

And then set NTP time source on client machine as well. For Client machines NTP time source could be DC.
0
 

Author Comment

by:repco
Comment Utility
do i have to set it to time.nist.gov or can i set it as any time i want?
0
 
LVL 13

Expert Comment

by:prashsax
Comment Utility
See, time.nist.gov is a internet IP address which runs a NTP Time Server. The time which this site gives you is thru a atomic clock and it accurate time.

With the command:
net time /setsntp:time.nist.gov

You are telling your DC that it should sync its time with time.nist.gov server. You are not setting time on server, instead you are tell it to get time from some other server.

0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 

Author Comment

by:repco
Comment Utility
Ok now I'm reading these on the Event Viewer.

The time provider NtpClient was unable to find a domain controller to use as a time source. NtpClient will try again in 960 minutes. Event ID 14

The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible.  No attempt to contact a source will be made for 959 minutes. NtpClient has no source of accurate time. Event ID 29

Also the same ones...
The Security System detected an attempted downgrade attack for server cifs/zeus.  The failure code from authentication protocol Kerberos was "There are currently no logon servers available to service the logon request.

The Security System could not establish a secured connection with the server cifs/zeus.  No authentication protocol was available.


Do you think its my DC that is having problems? Before I troubleshoot it, do you have any other recommendations?
0
 

Author Comment

by:repco
Comment Utility
Sorry i copied the wrong ones, i was copying the older events here are the new.

The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible.  No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time. Event ID 29

Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer '\\zeus'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751). Event ID 17
0
 
LVL 13

Expert Comment

by:prashsax
Comment Utility
Can you access the time.nist.gov from your DC.

To test it, open command prompt.
>telnet time.nist.gov 123

This should open a blank window. If not you need to set the permissions on your firewall and allow port 123/TCP from DC to time.nist.gov.

0
 

Author Comment

by:repco
Comment Utility
ok i can't telnet it through any computer including mine. how do i check if i have the port open?
0
 

Author Comment

by:repco
Comment Utility
i have the windows firewall off, i also added the 123 as an exception. can you telnet into it? is there any other way to see if time is synched?
0
 

Author Comment

by:repco
Comment Utility
Ok i tried doing a net stop w32time on the client computer that i'm having problems with. it stopped successfully. Then i did a net start w32time and i received error msg The Windows Time service could not be started. More help by typing NET HELPMSG 3523
0
 

Author Comment

by:repco
Comment Utility
But if i do it again, it says W32time has already started. Hmm weird. It does take a long time to start when i do it through Services.
0
 
LVL 13

Expert Comment

by:prashsax
Comment Utility
You need to open the port on your network firewall or the internet router.

Also, just do one thing, set this NTP time server on client machine, so that it syncronize its time from DC.

net time /setsntp:DC_NAME

That should resolve your problem.
0
 

Author Comment

by:repco
Comment Utility
Ok will do. I don't think it would solve the problem since i've already did the net time /setsntp:olympus last week. but we'll see. thanks for helping me out here since you're the only one that knows.
0
 

Author Comment

by:repco
Comment Utility
I'm still receiving the same event errors but at least the backups are running at night. I see that it stops pinging the server at 8:00pm, thats about 3 hours later after i leave. I do see that when i come in the morning i see a message pop up that says  M:\is not accessible. The system dectected a possible attempt to compromise security. Please ensure that you can contract the server that authenticated you.

any other suggestions?
0
 
LVL 13

Expert Comment

by:prashsax
Comment Utility
>The system dectected a possible attempt to compromise security. Please ensure that you can contract the server that >authenticated you

The root cause for this error message is that your machine is not able to get its kerberos ticket re-authenticated from the domain controller after the original ticket has expired. Now, it will work if you reboot the machine and then login afresh.

Now I have few questions.

Does, this machine is using your internal DNS server as primary.
Or do you have specified your ISP DNS server as secondary on this machine?

The other problem could be related to your network, as you said that the server stops pinging at night, at it could be possible that at same time the machine tries to re-authenticate the ticket and it fails.

Now, we need to find out why does the server stops pinging.

Goto that server and check if Power Management is not forcing the NIC on server to go offline at inactivity.

0
 

Author Comment

by:repco
Comment Utility
Actuall i have a task that will open the file and close it, to keep the conneciton alive, and also ping it. So if it doesn't open the file, it will not go to the next step by pinging the server. I seperated the tasks so they can run individually and see if it pings the server. So i'll check on that tomorrow.  i also checked and the NIC power is disabled.

Also, i have both my ISP's DNS server as Preffered and Alternate
0
 

Author Comment

by:repco
Comment Utility
Ok, i think i need to set one of my DNS as my DC's IP address?
0
 
LVL 13

Expert Comment

by:prashsax
Comment Utility
Yes, the DNS server used by machine should only be pointing to DC with Primary DNS server for your domain.

You , should not use any other DNS server in the NIC settings.

If, you want to resolve external IP address, then you can put a forwarder on your internal DNS server, so that your internal DNS server should also resolve internet IP address.
0
 

Author Comment

by:repco
Comment Utility
Ok, i have set my Preferred and Alternate DNS to my domain controller but i'm still receiving those same event error messages.

I checked the ping log and it successfully pinged the server all night without any loss.

i checked the NIC and its power management is disabled
Device manager > Network Properties > Power Management > unchecked Allow the computer to turn off this device to save power.

I also have the Power Management as "Always ON'

Any other suggestions?

Again, i really appreciate your help here.
0
 
LVL 13

Expert Comment

by:prashsax
Comment Utility
Ok.

First what about the backup script. Is it still giving problems.

Second, can you give the EventID for this error.

0
 

Author Comment

by:repco
Comment Utility
the backups ran ok but the error msgs are

The Security System could not establish a secured connection with the server cifs/192.168.3.198.  No authentication protocol was available. Event ID 40961

The Security System detected an attempted downgrade attack for server cifs/192.168.3.198.  The failure code from authentication protocol Kerberos was "There are currently no logon servers available to service the logon request.
 (0xc000005e)". Event ID 40960

this happens about every hour.

0
 
LVL 13

Expert Comment

by:prashsax
Comment Utility
Check, if there is some disconnected Terminal Sessions on your server.

You can use Terminal Server Manager to check if some user has disconnected a session and had not properly logged off.
0
 

Author Comment

by:repco
Comment Utility
yes there are many all the time. this server is a terminal server. but this client computer does not connect to the server via terminal services.
0
 

Author Comment

by:repco
Comment Utility
ok the backups didn't run this time. i still see the same event error messages and also the same pop up message..

M:\is not accessible. The system dectected a possible attempt to compromise security. Please ensure that you can contract the server that authenticated you.

M:\is the DC.

i'm about to give up on this.
0
 
LVL 13

Expert Comment

by:prashsax
Comment Utility
It could be a license problem, I have seen one such situation.

If you are not running SBS, then you can stop the Windows Licensing Service on your DC and the file server.

It could be possible that your server would run out of license and then stop authenticate this machine.



0
 
LVL 13

Expert Comment

by:prashsax
Comment Utility
What happened.
Has the issue been resolved.

0
 

Author Comment

by:repco
Comment Utility
well no it hasn't. it first started with the logon unsuccessfull problem and i think we fixed that part.

i don't really think its the licensing since there is nobody logged on to the server at night. everyone leaves around 5 and this happens around 6 or 8
backups sometimes run and sometimes they don't.

i'll research some more and keep you posted on this. thanks very much though for trying to help me out.
0
 
LVL 13

Expert Comment

by:prashsax
Comment Utility
Thanks, and please post the solution.
I'll also try and do some research on it as well.
0
 

Author Comment

by:repco
Comment Utility
Thanks
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

A brief overview to explain gateways, default gateways and static routes OR NO - you CANNOT have two default gateways on the same server, PC or other Windows-based network device. In simple terms a gateway is formed when a computer such as a serv…
Nslookup is a command line driven utility supplied as part of most Windows operating systems that can reveal information related to domain names and the Internet Protocol (IP) addresses associated with them. In simple terms, it is a tool that can …
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now