[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2450
  • Last Modified:

Users keep losing their authentication & network drives.

I have an office with about 40 users onsite and another 10 that are remoet via Citrix. It seems my users, at random times of the day, will lose their authentication on the network. They will lose access to a network drive and get a logon failure message. They will of course lose network printers that go through that same server.

If they try to connect using \\server\vol  or \\server.domain.com\vol  it will error out but if I try \\x.x.x.x\vol  then it works. The clients are XP Pro and the servers are 2003.

I have been out of the SysAdmin role for years, having been doing networking so my AD & other M$ services are really rusty. I'm just now getting back into it and I have not been able to resolve this issue. I'd appreciate any help on this.

Thank You
0
Los22
Asked:
Los22
  • 10
  • 6
  • 3
  • +2
3 Solutions
 
amichaellCommented:
1. Does this affect all users simultaneously or only a few?
2. When this occurs, can the users ping the server by hostname?  Can they ping any other devices on the network by hostname?  
3. Is your DC also your DNS?
0
 
mikainzCommented:
hi
looks like a name resolution problem,
First check the eventlogs at the server.

Maybe you can use the Microsoft IT Environment Health Scanner from Microsoft for a first look at your environment.
hth
0
 
Los22Author Commented:
amichael - 1. It seems to be affecting the users at random times throughout the day. Most of them leave their PCs locked over night and find they've lost access when they come back in the morning. 2. I can still do a ping using just the hostname. It seems to be resolving fine.  3. The DC is the DNS server as well.
mikainz - I'll check out that link. I've been reviewing the logs but nothing is catching my eye. I might be overlooking somethnig though.
0
Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

 
ChiefITCommented:
Sounds like a master browser conflict.

check your Server's event logs for errors in the 8000's, like error 8021 and 8032. These errors are just symtpoms of the real problem. So, we will have to troubleshoot for the real problem.
0
 
Los22Author Commented:

Looked through the logs on both DCs and the last entries with any 8xxx event IDs were from 12/22/09. Nothing after that:

 Event Type: Error
Event Source: BROWSER
Event Category: None
Event ID: 8032
Date:  12/22/2009
Time:  7:34:49 PM
User:  N/A
Computer: MAIL01
Description:
The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{DEB6487C-B9AF-496C-B5E9-4948D3E98738}. The backup browser is stopping.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 40 00 00 00               @...   
0
 
mikainzCommented:
Any suspicious evntlog entries on the XP clients?

What about the guys shutting down their pcs, do they also have the issues in the morning?
 
0
 
Los22Author Commented:
Got these:
----------------------------------------------------------
Event Type:      Warning
Event Source:      LSASRV
Event Category:      SPNEGO (Negotiator)
Event ID:      40961
Date:            1/4/2010
Time:            2:33:42 AM
User:            N/A
Computer:      ACCT1
Description:
The Security System could not establish a secured connection with the server ldap/mail01.domain.com/domain.com@domain.com.  No authentication protocol was available.
----------------------------------------------------------------

Event Type:      Error
Event Source:      Kerberos
Event Category:      None
Event ID:      4
Date:            1/5/2010
Time:            9:21:48 AM
User:            N/A
Computer:      ACCT1
Description:
The kerberos client received a KRB_AP_ERR_MODIFIED error from the server host/miafs1.domain.com.  This indicates that the password used to encrypt the kerberos service ticket is different than that on the target server. Commonly, this is due to identically named  machine accounts in the target realm (DOMANI.COM), and the client realm.   Please contact your system administrator.

0
 
mikainzCommented:
Did you find any similiar entries in other client pcs?
0
 
Los22Author Commented:
I'm seeing the kerberos errors in the other PCs. I'm going to start looking more into that.
0
 
amichaellCommented:
Here is Microsoft's KB article on that error, if it helps.

http://support.microsoft.com/kb/558115
0
 
Los22Author Commented:
Based on what I've been reading on the MS site regarding Kerberos, I've made adjustments to the configuration of the NTP server. I found some settings were incorrect compared to what Microsoft recommends. I'm making the changes and keeping an eye on my users. I've inherited this network from a previous admin so surprises like these keep me busy.   :-)
0
 
ChiefITCommented:
Intermittent DNS can cause this:

Go to the Server's command prompt and type:

Dcdiag /v

Make sure DNS tests are done.

Also on the server, this informaiton would help:
IPconfig /all
0
 
Los22Author Commented:
ChiefIT-

ipconfig shows the usual. Two interfaces. One is for the network and the 2nd one is being used for a DRobo disk array (iSCSI).

It passed all the portions of the dcdiag test, with the exception of the following below.
The DC01DR being reference is a 2003 server that was offline for over 3 months. It was a DC they had and my understanding is that it's 'tombstoned'. I can shut it down if I need to.

-------------------------------------------------------
      Starting test: systemlog
         * The System Event log test
         An Error Event occured.  EventID: 0x000016AD
            Time Generated: 01/05/2010   17:07:05
            Event String: The session setup from the computer DC01DR failed to authenticate. The following error occurred:

%%5
         An Error Event occured.  EventID: 0x0000165B
            Time Generated: 01/05/2010   17:17:10
            Event String: The session setup from computer 'DC01DR' failed

because the security database does not contain a trust account 'DC01DR$' referenced by the specified computer.  

USER ACTION  

If this is the first occurrence of this event for the specified computer and account, this may be a transient issue that doesn't require any action at this time. Otherwise, the following steps may be taken to resolve this problem:  

If 'DC01DR$' is a legitimate machine account for the computer 'DC01DR', then 'DC01DR' should be rejoined to the domain.  

If 'DC01DR$' is a legitimate interdomain trustaccount, then the trust should be recreated.  

Otherwise, assuming that 'DC01DR$' is not alegitimate account, the following action should be taken on 'DC01DR':  

If 'DC01DR' is a Domain Controller, then the trust associated with 'DC01DR$' should be deleted.

If 'DC01DR' is not a Domain Controller, it should be disjoined from the domain.
......................... MIAFS1 failed test systemlog
0
 
ChiefITCommented:
OK, I think I figured out the problem.

Were things working good for a long time and then all of a sudden, PROBLEMS?
0
 
ChiefITCommented:
You appear to have two problems:

Let's deal with the most critical first and then troubleshoot from there.

DC01DR is tombstoned.

1) Unplug DC01DR from the network:

2) Make sure your five FSMO roles are on a second DC.
  --HOW TO: http://support.microsoft.com/kb/255504

3) Perform a metadata cleanup on ALL remaining DCs. This includes FRS, DNS and AD metadata:
  --HOW TO: http://www.petri.co.il/delete_failed_dcs_from_ad.htm

4) With DC01DR still unplugged from the network, logon, and force demote this DC.
0
 
Los22Author Commented:
Yes, things weer fine then these problems started to surface.
The DC01DR box is physically at a remote site and it's a VM box. I'll shut it down and then perform the other steps. I'm scheduled to fly up to the DR site soon so I can live with the box being down. The machines there can just talk to HQ.
0
 
Los22Author Commented:
Update: After making sure the tombstoned DC was completely out of our configs then setting all NTP related settings according to Microsoft's recommendations, it looks like things are much more stable. I have not received any complaints all day.
I'll close this ticket out tomorrow if I have no further issues. Looks good so far. Thanks to you all for your assistance.
0
 
ChiefITCommented:
You can keep DC01 disconnected, then force demote this DC and repromote it back into the domain.

Let us know if you want to get this DC back on board as a DC.
0
 
Los22Author Commented:
I had it powered off and all was well. I powered it on and I started to get calls within 30 minutes of people losing their network drives again. I tried to dcpromo the box to demote it and that was failing. Very annoying. It's offline now and the few that were hit have rebooted so they're ok now.
0
 
ChiefITCommented:
with DC01 not connected, go to the command prompt and type:

DCpromo /forceremoval
0
 
Los22Author Commented:
Everything is good now. I greatly appreciate the assistance.
 
0
 
msjillzCommented:
I'm having the same problem at our offices...can someone try to explain this in not so tech terms...i'm just a beginner.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 10
  • 6
  • 3
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now