Michael
asked on
User cannot access network resources without continually entering log on info
Hi,
I have an environment with Windows 2003 SBS and a few other member servers. one of the member servers is acting as a file server. One particular user can log on to his computer using a domain account but cannot access any domain resources that are hosted on the SBS box without re-entering the same credentials. When he opens outlook he is faced with a logon prompt, which accepts his credentials, when he access shares on the SBS server same thing, Printer no go also. But any resources on the member servers is fine. I had another user log on to the same machine to rule out a computer account issue and he is able to access everything ok. Any ideas?
Regards
I have an environment with Windows 2003 SBS and a few other member servers. one of the member servers is acting as a file server. One particular user can log on to his computer using a domain account but cannot access any domain resources that are hosted on the SBS box without re-entering the same credentials. When he opens outlook he is faced with a logon prompt, which accepts his credentials, when he access shares on the SBS server same thing, Printer no go also. But any resources on the member servers is fine. I had another user log on to the same machine to rule out a computer account issue and he is able to access everything ok. Any ideas?
Regards
c_a_n_o_n
If I understand correctly, you have a domain with at least the three servers described above on the domain. You have ruled out the computer account with another user login. Have you ruled out the user's account whom you're having issues. Have that user log onto another workstation and attempt to access the same resources. I am betting, that he should be able to access resources. Then leaving me to believe that the user profile on his workstation may be corrupt and may need to be recreated.
Are all of your member servers running 2003 or less OS's? Are there any 2008s? If there are, is your domain running on a 2000 or 2003 functionality level?
What is the OS of the client that can't authenticate to the SBS?
What is the OS of the client that can't authenticate to the SBS?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Firstly try to access the file server from any other machine with this username and password. If it work fine then on the culprit system disjoin the domain and rejoin it. On second thought new profile is also an option.
Most of all when it asks you for the credentials did you check by saving the correct username and password.
Most of all when it asks you for the credentials did you check by saving the correct username and password.
I agree with vdh_tech, he is logging in with cached credentials on the workstaiton and that is why he can logon to the workstation, but the security is not there.
Here is the process I go through:
1. login to the workstation (ws) with the local administrator account.
2. drop the ws from the domain and reboot.
3. go to documents and settings folder and copy the most current profile for the user that logs into this machine to a safe place. The date modified should tell you which one that is.
4. right click on my computer and click on properties then the advanced tab and then user profiles.
5. remove all users except the local administrator account.
6. go to control panel and local user accounts and remove all except local administrator.
7. open IE and go to http://sbsservername/connectcomputer follow the wizard. it should be pretty straight forward.
This will give you a clean install of the user profile for the new domain without pulling any old crap (that is the technical term:-)) from the user profile. Trust me it is usually not worth it. You can then copy most data back over to the proper folders in the new user profile including the nk2 file.
I hope this helps, please let me know if I've missunderstood your question or you need further clarification.
Here is the process I go through:
1. login to the workstation (ws) with the local administrator account.
2. drop the ws from the domain and reboot.
3. go to documents and settings folder and copy the most current profile for the user that logs into this machine to a safe place. The date modified should tell you which one that is.
4. right click on my computer and click on properties then the advanced tab and then user profiles.
5. remove all users except the local administrator account.
6. go to control panel and local user accounts and remove all except local administrator.
7. open IE and go to http://sbsservername/connectcomputer follow the wizard. it should be pretty straight forward.
This will give you a clean install of the user profile for the new domain without pulling any old crap (that is the technical term:-)) from the user profile. Trust me it is usually not worth it. You can then copy most data back over to the proper folders in the new user profile including the nk2 file.
I hope this helps, please let me know if I've missunderstood your question or you need further clarification.
Only one user seems to be having problems:
for that user, create a new profile.
1)Go into documents and settings and call that users profile xxx.xxxx.old<<<
2)Now have that client logon, to create a new domain profile.
3)Once the new profile is created, logon as administrator and copy/paste documents and settings from teh old profile.
Before doing so, go to :
control pannel>>users>>advanced>>m
Also make sure that client machine is pointed to your DNS servers, and ONLY your DNS servers for DNS. It may be asking for authentication because its going to the outside world for authentication.
Remember that CIFS/SMB and netbios shares use Netbios to communicate with. So, you are seeing this share via netbios, but unable to communicate with the authentication server, (the AD server), from time to time because you have an ISP's DNS server listed as a preferred server on that one client machine.
for that user, create a new profile.
1)Go into documents and settings and call that users profile xxx.xxxx.old<<<
2)Now have that client logon, to create a new domain profile.
3)Once the new profile is created, logon as administrator and copy/paste documents and settings from teh old profile.
Before doing so, go to :
control pannel>>users>>advanced>>m
Also make sure that client machine is pointed to your DNS servers, and ONLY your DNS servers for DNS. It may be asking for authentication because its going to the outside world for authentication.
Remember that CIFS/SMB and netbios shares use Netbios to communicate with. So, you are seeing this share via netbios, but unable to communicate with the authentication server, (the AD server), from time to time because you have an ISP's DNS server listed as a preferred server on that one client machine.
ASKER
Thanks vdh_tech and others who replied. The cached password was the problem. I've never come accross this in a domain environment where all machines are the member of the same domain. I was suspecting the profile as some had suggested and was dreading having to re-create it. I'm guessing it would have worked also as the cached passwords would be stored in the profile somewhere.
thanks again
thanks again