Solved

User can't access server

Posted on 2009-05-06
19
780 Views
Last Modified: 2012-05-06
We have a user that can't access a group of files on a server from a specific machine.  The user used to be able to access this location at one point but then couldn't.

Steps Taken
We have verified her access to the location on the network and verified her permissions - Everything was correct
We have had the user access the data from their account on any other machine successfully
We tried other users that had access to the server files from this user's computer and they successfully accessed the files.
From this we guessed it was the user's profile so we recreated it from scratch which it still didn't work.
We replaced the machine with a new machine freshly ghosted and gave it to the user.  It worked for a few hours and then stopped working.  The user did not have any rights other than normal user so they couldn't have installed/uninstall anything or changed any important settings, but even so we reset all of the settings to default which didn't help either.
We also cleared internet cache, deleted offline files, and made sure the computer wasn't storing passwords.

The machine is running Windows XP SP3 and has all of the normal Microsoft Windows updates.  The server is Windows Server 2003 R2.

Any idea what else we could do so this user could access the server and the files?
0
Comment
Question by:khcit
  • 10
  • 9
19 Comments
 
LVL 6

Expert Comment

by:page1985
ID: 24319684
Have you looked at the user's account in Active Directory?  It's possible she has time restrictions deined in her account.
0
 
LVL 1

Author Comment

by:khcit
ID: 24324814
I have checked AD and there is nothing in the account that has time restrictions.  Just to verify I checked the AD account with another user's that can access this location and they were virtually identical.  That, and she has been able to work from another machine all day without problems getting an access denied.

The only other thing that we did to this machine after the user started working on it was install a piece of software that installs a specifically older version of Java (jai-1_1_3-lib-windows-i586-jre).  We were thinking it was potentially this, but then realized other users that this works with have the same programs and java installations.
0
 
LVL 6

Expert Comment

by:page1985
ID: 24327193
Is there anything in the event log around the times when she stops being able to access the server?

Event logs for the server and the workstation.  Maybe a conflict or a problem with Kerberos?
0
 
LVL 1

Author Comment

by:khcit
ID: 24328540
The only things that I could find in the Event Viewer were the following

Application - Both Warnings
A provider, PolicyAgentInstanceProvider, has been registered in the WMI namespace, ROOT\ccm\policy\S_1_5_21_842925246_2139871995_839522115_7300, to use the LocalSystem account.  This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
A provider, PolicyAgentInstanceProvider, has been registered in the WMI namespace, ROOT\ccm\policy\S_1_5_21_842925246_2139871995_839522115_12267, to use the LocalSystem account.  This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Security - Failure
Logon Failure:
       Reason:            An error occurred during logon
       User Name:      user name
       Domain:            domain
       Logon Type:      11
       Logon Process:      User32  
       Authentication Package:      Negotiate
       Workstation Name:      computer name
       Status code:      0xC000005E
       Substatus code:      0x0

System - 1 error

The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{24FF4FDC-1D9F-4195-8C79-0DA39248FF48}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18).  This security permission can be modified using the Component Services administrative tool.


This is what I get.
0
 
LVL 1

Author Comment

by:khcit
ID: 24328551
I should have also mentioned that the Login succeeded the next time.
0
 
LVL 6

Expert Comment

by:page1985
ID: 24330703
This should not affect file shares, only COM applications.
0
 
LVL 1

Author Comment

by:khcit
ID: 24336695
Which is why I am still confused about the problem.

The most odd thing is that it worked fine for the new machine for a few hours and then stopped and any other user on that machine can still access the data flawlessly.  I also had the idea of copying the user's entire profile from a machine where they can access the data to the machine where they can't and that didn't work either.
0
 
LVL 6

Expert Comment

by:page1985
ID: 24339558
What about if you copy the faulty profile to a good machine?  Does that result in a second faulty connection?
0
 
LVL 6

Expert Comment

by:page1985
ID: 24339564
Also, are there any event logs on the client side?
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 1

Author Comment

by:khcit
ID: 24339860
What I pasted was the event log from the Clients side, I should have been more clear on that.  I had one of our network administrators look at the error log on the server and it was clean.

I copied the user's profile to my machine and the access ceased to work.  I then deleted the profile, created a new one with their name and it worked fine.  My plan for Monday as the user has left for the day and I don't want to do anything drastic to her while she isn't here, is to copy the profile that I created on my machine to her machine after renaming and moving her profile.  I did this before unsuccessfully but I could have missed something.  I also will not copy any of the user's data to the new profile until I test to see if accessing the server works or not.

If all goes well it should be fixed on Monday.  I will let you know.
0
 
LVL 6

Expert Comment

by:page1985
ID: 24341364
It sounds like a profile problem, then, if you can recreate it by copying the profile to a working computer.

I would be very interested in finding out what the problem is.
0
 
LVL 1

Author Comment

by:khcit
ID: 24353755
I copied the profile I created for the user from my machine to their current machine and had them log back in.  She could access the server and files just fine.  I copied most everything from the old profile to the new profile (desktop items, documents, etc...) and it still worked.  The user is going to write down everything they do on their machine because this access stopped working the last time after 3-4 hours of use.  

If it is not a problem I will also be leaving this question open until later today when I verify that the access doesn't break again.
0
 
LVL 1

Author Comment

by:khcit
ID: 24364085
The problem for the one user is fixed with a new profile that was created.  The problem now is that someone else is having the same problem and they didn't tell me until now.  It is the same problem with the profile but I don't know why it would happen with just these two people out of everyone.  I know that this may be stretching towards me asking another questions and keeping this open but would you know of anything in Group Policy that would disallow people from getting to a location.

The reason I ask is that I performed a "gpupdate /force" on the original machine after I recreated the profile and it completely broke the user's access.  I did the same function on my machine and it did not break.
0
 
LVL 6

Expert Comment

by:page1985
ID: 24366694
I'm assuming you have Administrator access and the broken user does not.  Generally, a policy does not affect administrators (as you don't want to restrict and break those logins), so it's likely that if something in group policy is the culprit, it would not affect you.
0
 
LVL 1

Author Comment

by:khcit
ID: 24373845
As a Help Desk we technically don't have admin rights on anything but the desktops and the Group Policy isn't handled by us, but we think that we found the culprit(s) of the whole mess.

Since we found that it was the profile we decided to tear the profile apart and remove folders until it started working.  We found that once we remove the following folders the access immediately works, and when we put them back it fails.

C:\Documents and Settings\%user%\Application Data\Microsoft\Credentials
C:\Documents and Settings\%user%\Local Settings\Application Data\Microsoft\Credentials

So we know that is the cause but we aren't sure the why of it and why it would stop just two people.
0
 
LVL 6

Expert Comment

by:page1985
ID: 24376657
Well, those two folders both hold the user's network credentials issued by Kerberos as well as some certificate information (if applicable).  If these folders become corrupt or are tampered with, it may cause Kerberos to throw errors because it thinks that the user is either being impersonated or someone is trying to hack the network.

Additionally, since Windows requires these folders in order to provide single sign-on for all applications that use the Integrated (Windows Authentication) scheme, if you delete the folders, Windows will automatically recreate them and replace their contents with a new set of Kerberos tickets.
0
 
LVL 1

Author Comment

by:khcit
ID: 24414885
Sorry for not saying anything lately, but I have been trying to trigger the breaks on the user's machine.  They still seem to be random and still have only seemed to be with the one person.  

Is it more believable that the server is messing up credentials or is it more believable that the user's AD account is messed up and to have that recreated?  Unfortunately these are the only two things that I can do at the moment to resolve the issue.  
0
 
LVL 6

Accepted Solution

by:
page1985 earned 500 total points
ID: 24424367
I would suggest trying to recreate the user account first simply because, whether or not it actually is the culprit (and it is a good place to start), it is the quickest and simplest method to try.
0
 
LVL 1

Author Comment

by:khcit
ID: 24435527
I will get that done and let you know
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Join & Write a Comment

We have adopted the strategy to use Computers in Student Labs as the bulletin boards. The same target can be achieved by using a Login Notice feature in Group policy but it’s not as attractive as graphical wallpapers with message which grabs the att…
If you have done a reformat of your hard drive and proceeded to do a successful Windows XP installation, you may notice that a choice between two operating systems when you start up the machine. Here is how to get rid of this: Click Start Clic…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now