We have a client that has 8 XP Pro workstations set up on an AD 2003 domain. The server is set up as a file server and a folder holding 2 applications that they use is shared. There is a login script that maps the network drive for each user (net use z: \\serverip\folder /persistent:yes). Every day between 5:00 pm and 5:30 pm one of the workstations loses the mapped drive (same workstation every day). Basically what's happening is the workstation is losing authentication with the server. When this happens, the workstation is not able to access the mapped drive without logging out and then back in. If you try to access the folder by UNC then I am prompted with a username/password dialog and if I enter the username/password of the user that's logged in to the machine it gives me a message saying that the username/password I am attempting to use has already been tried. Using another username/password that's in AD works and I am able to access the folder. Initially we thought that it may be caused by Symantec Endpoint Protection so we un-installed SEP from the workstation.
A few other things to note:
Another user said that he used to experience the same thing daily on his machine before the user of the current problem machine before the user of the current problem machine worked there. He also said that he experiences it once in a while but not daily like the current workstation does.
After we set a static IP and removed SEP from the current problem workstation, it seems as if the workstation that used to have the problem is having the problem again as well as the current machine.
Looking at the system event logs on both machines shows a warning for LSASRV event ID #40960 & 40961 at almost exactly the time that the users said that they had the problem.
There is a hardware VPN/Firewall on the network that we don't have access to, the network was set up by another company and we don't have the username/password for the VPN.
We've checked all scheduled tasks (none are set), logon hours are good, and we deleted and recreated the user's AD account.