[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 860
  • Last Modified:

Mapped drive loses authentication daily

We have a client that has 8  XP Pro workstations set up on an AD 2003 domain. The server is set up as a file server and a folder holding 2 applications that they use is shared.  There is a login script that maps the network drive for each user (net use z: \\serverip\folder /persistent:yes). Every day between 5:00 pm and 5:30 pm one of the workstations loses the mapped drive (same workstation every day).  Basically what's happening is the workstation is losing authentication with the server.  When this happens, the workstation is not able to access the mapped drive without logging out and then back in.  If you try to access the folder by UNC then I am prompted with a username/password dialog and if I enter the username/password of the user that's logged in to the machine it gives me a message saying that the username/password I am attempting to use has already been tried.  Using another username/password that's in AD works and I am able to access the folder. Initially we thought that it may be caused by Symantec Endpoint Protection so we un-installed SEP from the workstation.  

A few other things to note:
Another user said that he used to experience the same thing daily on his machine before the user of the current problem machine before the user of the current problem machine worked there.  He also said that he experiences it once in a while but not daily like the current workstation does.  

After we set a static IP and removed SEP from the current problem workstation, it seems as if the workstation that used to have the problem is having the problem again as well as the current machine.  

Looking at the system event logs on both machines shows a warning for LSASRV event ID #40960 & 40961 at almost exactly the time that the users said that they had the problem.  

There is a hardware VPN/Firewall on the network that we don't have access to, the network was set up by another company and we don't have the username/password for the VPN.

We've checked all scheduled tasks (none are set), logon hours are good, and we deleted and recreated the user's AD account.

Thanks,
Jack Smith
0
egmtech
Asked:
egmtech
  • 3
  • 2
1 Solution
 
Jessie Gill, CISSPTechnical ArchitectCommented:
do ou have any other event log, maybe from teh local machine?
0
 
Jessie Gill, CISSPTechnical ArchitectCommented:
do you have any other event logs, maybe from the local machine?
0
 
Jessie Gill, CISSPTechnical ArchitectCommented:
It seems like you have a kerberos problem, that the workstation session tokens are expiring.  

Have you tried restarting kerboros service?  Do, you have any kerboros event log errors?
0
Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

 
dnudelmanCommented:
net use x: \\machine name\resourcename /persistent:yes

this should "store" the credentials
0
 
egmtechAuthor Commented:
jessiepak: The lsasrv event is from both of the workstations.  If you're asking if I can provide the log, this is at a business that is one of our clients and I don't have access to it right now but I will be going out there this afternoon so I can be there when the problem happens.  Apparently kerberos logging isn't on by default (?) but I turned it on this morning on the server.

dnudelman: it was originally set as net use z: \\server\ccapps without /persistent:yes.. I changed it to net use z: \\192.168.0.254\ccapps /persistent:yes because of a forum post I found that suggested that setting the path to the IP instead of the machine name and adding /persistent:yes would fix the problem but it didn't.

Thanks,
Jack

0
 
egmtechAuthor Commented:
Formatting the server fixed the problem, thanks for all of the suggestions.
0

Featured Post

Free tool for managing users' photos in Office 365

Easily upload multiple users’ photos to Office 365. Manage them with an intuitive GUI and use handy built-in cropping and resizing options. Link photos with users based on Azure AD attributes. Free tool!

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now