• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 528
  • Last Modified:

User cannot access network resources without continually entering log on info


I have an environment with Windows 2003 SBS and a few other member servers. one of the member servers is acting as a file server. One particular user can log on to his computer using a domain account but cannot access any domain resources that are hosted on the SBS box without re-entering the same credentials.  When he opens outlook he is faced with a logon prompt, which accepts his credentials, when he access shares on the SBS server same thing, Printer no go also. But any resources on the member servers is fine. I had another user log on to the same machine to rule out a computer account issue and he is able to access everything ok. Any ideas?

1 Solution
If I understand correctly, you have a domain with at least the three servers described above on the domain.  You have ruled out the computer account with another user login.  Have you ruled out the user's account whom you're having issues.  Have that user log onto another workstation and attempt to access the same resources.  I am betting, that he should be able to access resources.  Then leaving me to believe that the user profile on his workstation may be corrupt and may need to be recreated.
Are all of your member servers running 2003 or less OS's? Are there any 2008s? If there are, is your domain running on a 2000 or 2003 functionality level?
What is the OS of the client that can't authenticate to the SBS?
====> MOST LIKELY <====

I would check for "cached credentials" which have the wrong user name and password for the SBS server.  I bet the printers are hosted on the same SBS server.  I've seen this happen a zillion times.

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

Firstly try to access the file server from any other machine with this username and password. If it work fine then on the culprit system disjoin the domain and rejoin it. On second thought new profile is also an option.

Most of all when it asks you for the credentials did you check by saving the correct username and password.
I agree with vdh_tech, he is logging in with cached credentials on the workstaiton and that is why he can logon to the workstation, but the security is not there.
Here is the process I go through:
1. login to the workstation (ws) with the local administrator account.
2. drop the ws from the domain and reboot.
3. go to documents and settings folder and copy the most current profile for the user that logs into this machine to a safe place. The date modified should tell you which one that is.
4. right click on my computer and click on properties then the advanced tab and then user profiles.
5. remove all users except the local administrator account.
6. go to control panel and local user accounts and remove all except local administrator.
7. open IE and go to http://sbsservername/connectcomputer follow the wizard. it should be pretty straight forward.
This will give you a clean install of the user profile for the new domain without pulling any old crap (that is the technical term:-)) from the user profile. Trust me it is usually not worth it. You can then copy most data back over to the proper folders in the new user profile including the nk2 file.
I hope this helps, please let me know if I've missunderstood your question or you need further clarification.
Only one user seems to be having problems:

for that user, create a new profile.

1)Go into documents and settings and call that users profile xxx.xxxx.old<<<

2)Now have that client logon, to create a new domain profile.

3)Once the new profile is created, logon as administrator and copy/paste documents and settings from teh old profile.

Before doing so, go to :

control pannel>>users>>advanced>>managed passwords, and delete any passwords for that user. You may have old credentials saved in managed passwords.

Also make sure that client machine is pointed to your DNS servers, and ONLY your DNS servers for DNS.  It may be asking for authentication because its going to the outside world for authentication.

Remember that CIFS/SMB and netbios shares use Netbios to communicate with. So, you are seeing this share via netbios, but unable to communicate with the authentication server, (the AD server), from time to time because you have an ISP's DNS server listed as a preferred server on that one client machine.
MichaelAuthor Commented:
Thanks vdh_tech and others who replied. The cached password was the problem. I've never come accross this in a domain environment where all machines are the member of the same domain. I was suspecting the profile as some had suggested and was dreading having to re-create it. I'm guessing it would have worked also as the cached passwords would be stored in the profile somewhere.

thanks again

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

Tackle projects and never again get stuck behind a technical roadblock.
Join Now