User cannot access network resources without continually entering log on info


I have an environment with Windows 2003 SBS and a few other member servers. one of the member servers is acting as a file server. One particular user can log on to his computer using a domain account but cannot access any domain resources that are hosted on the SBS box without re-entering the same credentials.  When he opens outlook he is faced with a logon prompt, which accepts his credentials, when he access shares on the SBS server same thing, Printer no go also. But any resources on the member servers is fine. I had another user log on to the same machine to rule out a computer account issue and he is able to access everything ok. Any ideas?

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

If I understand correctly, you have a domain with at least the three servers described above on the domain.  You have ruled out the computer account with another user login.  Have you ruled out the user's account whom you're having issues.  Have that user log onto another workstation and attempt to access the same resources.  I am betting, that he should be able to access resources.  Then leaving me to believe that the user profile on his workstation may be corrupt and may need to be recreated.
Are all of your member servers running 2003 or less OS's? Are there any 2008s? If there are, is your domain running on a 2000 or 2003 functionality level?
What is the OS of the client that can't authenticate to the SBS?
====> MOST LIKELY <====

I would check for "cached credentials" which have the wrong user name and password for the SBS server.  I bet the printers are hosted on the same SBS server.  I've seen this happen a zillion times.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Cloud Class® Course: CompTIA Cloud+

The CompTIA Cloud+ Basic training course will teach you about cloud concepts and models, data storage, networking, and network infrastructure.

Firstly try to access the file server from any other machine with this username and password. If it work fine then on the culprit system disjoin the domain and rejoin it. On second thought new profile is also an option.

Most of all when it asks you for the credentials did you check by saving the correct username and password.
I agree with vdh_tech, he is logging in with cached credentials on the workstaiton and that is why he can logon to the workstation, but the security is not there.
Here is the process I go through:
1. login to the workstation (ws) with the local administrator account.
2. drop the ws from the domain and reboot.
3. go to documents and settings folder and copy the most current profile for the user that logs into this machine to a safe place. The date modified should tell you which one that is.
4. right click on my computer and click on properties then the advanced tab and then user profiles.
5. remove all users except the local administrator account.
6. go to control panel and local user accounts and remove all except local administrator.
7. open IE and go to http://sbsservername/connectcomputer follow the wizard. it should be pretty straight forward.
This will give you a clean install of the user profile for the new domain without pulling any old crap (that is the technical term:-)) from the user profile. Trust me it is usually not worth it. You can then copy most data back over to the proper folders in the new user profile including the nk2 file.
I hope this helps, please let me know if I've missunderstood your question or you need further clarification.
Only one user seems to be having problems:

for that user, create a new profile.

1)Go into documents and settings and call that users profile xxx.xxxx.old<<<

2)Now have that client logon, to create a new domain profile.

3)Once the new profile is created, logon as administrator and copy/paste documents and settings from teh old profile.

Before doing so, go to :

control pannel>>users>>advanced>>managed passwords, and delete any passwords for that user. You may have old credentials saved in managed passwords.

Also make sure that client machine is pointed to your DNS servers, and ONLY your DNS servers for DNS.  It may be asking for authentication because its going to the outside world for authentication.

Remember that CIFS/SMB and netbios shares use Netbios to communicate with. So, you are seeing this share via netbios, but unable to communicate with the authentication server, (the AD server), from time to time because you have an ISP's DNS server listed as a preferred server on that one client machine.
MichaelAuthor Commented:
Thanks vdh_tech and others who replied. The cached password was the problem. I've never come accross this in a domain environment where all machines are the member of the same domain. I was suspecting the profile as some had suggested and was dreading having to re-create it. I'm guessing it would have worked also as the cached passwords would be stored in the profile somewhere.

thanks again
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.