[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1231
  • Last Modified:

Ghost error you were logged on but

Ghost Drive Mapping Boot Disk problem.

Setup a Laptop with AD, DHCP, and DNS.  Connected a single client to verify DHCP is updating DNS which it is.  All records show up and the computer can access all resources.

Created a Ghost Network (mapping) Boot Disk, which connects and when I logon to the server as the domain admin(or any other user I create), I get the message:  You were logged on, but have not been validated by a server.  Therefore you may not have permission to use some network resources.

The disk continues and gives me a mapped drive but of course when I try to access anything I get Access Denied.

Any ideas?
0
dgore1
Asked:
dgore1
  • 4
  • 3
1 Solution
 
dgore1Author Commented:
Also forgot to mention that this is an AD 2003 server.
0
 
John Gates, CISSPSecurity ProfessionalCommented:
What does your NET/network.ini file look like?

It should look like this:

[network]
computername=<unique name>
lanroot=A:\NET
autostart=netbeui full
username=<your username>
domain=<your domainname>
lslogon=yes
reconnect=no
passwordcaching=no
timesync=no

Let me know and I will help further 8)

-D-
0
 
dgore1Author Commented:
[network]
computername=test1
lanroot=A:\NET
autostart=netbeui full
username=ghostie
domain=casting.local
lslogon=yes
reconnect=no
passwordcaching=no
timesync=no


Also, ghostcasting works just fine.  But that doesn't require name resolution.  And for the domain area, if I leave the .local off, it denies me access with net help 5 I belive.
0
Free tool for managing users' photos in Office 365

Easily upload multiple users’ photos to Office 365. Manage them with an intuitive GUI and use handy built-in cropping and resizing options. Link photos with users based on Azure AD attributes. Free tool!

 
John Gates, CISSPSecurity ProfessionalCommented:
change the line casting.local to just the base pre dot name:

casting

the DOS client is not going to know what to do with that ;-)  

That should fix the issue.

-D-
0
 
dgore1Author Commented:
Yup...that's what I thought too.  So I changed it again today and get the error message :

Error 5:  Access has been denied.

the full domain name is testing.casting.local, with the Server name being testing.  Netbios name is testing as well.

I even found this symantec article that said if you receive access denied on a Windows 2003 server, change the network security: Lan Manager Authentication Level from Send NTLM response only to Send LM & NTLM responses.

Same error.

I then joined another computer to the domain using the user ghostie with no problems since they are an enterprise admin.
0
 
dgore1Author Commented:
Another update:

I forgot to read the whole article:  You also have to find microsoft network server: digitally sign communications (always), and change the setting from enbled to disabled.

Wow...That did the trick!! Even though I changed the domain to be casting, going to award you the poinst since you made me go down the path one more time!!(and it was wrong!!)

Thanks,
Dale
0
 
John Gates, CISSPSecurity ProfessionalCommented:
Is one of the choices for digitally sign communications "Respond" ?  I think I would set it to that before disabling it completely.
0

Featured Post

Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now