gmwindows
asked on
Permissions Issue
Hello Experts,
I'm having a weird issue on a few of my servers.
I have a NAS that i connect to for backing stuff up. For some reason, i have lost the ability to access the NAS via it's name.
So, if i go to start run: \\backupNAS\ --> i get an error saying i don't have permissions to access this.
If i do: start run: \\10.10.10.50\ --> i get in with no problems.
Can anyone shine some light on this please?
Thank you,
gmWindows
I'm having a weird issue on a few of my servers.
I have a NAS that i connect to for backing stuff up. For some reason, i have lost the ability to access the NAS via it's name.
So, if i go to start run: \\backupNAS\ --> i get an error saying i don't have permissions to access this.
If i do: start run: \\10.10.10.50\ --> i get in with no problems.
Can anyone shine some light on this please?
Thank you,
gmWindows
if you ping backupnas does it give you the same ip address as you gave above?
ASKER
Yes it does.
When I ping it via IP, it responds.
When I ping it via Name, it responds.
When I ping it via IP, it responds.
When I ping it via Name, it responds.
it's probably due to Kerberos errors. (with IP you fall automatically to NTLM)
- is the name of your computer (backupNAS) is the same than the name you enter in start/run ?
- could you launch the command setspn /L backupNAS
you should see HOST/backupNAS and HOST/backupNAS.domain.com
if you don't see them, you should run: setspn /R backupNAS
- it could be an issue with multiples computers sharing the same SPN
take a look here http://support.microsoft.com/kb/321044/en-us
or launch the command:
dsquery * -limit 0 -filter "(&(objectcategory=compute r)(Service PrincipalN ame=HOST/b ackupNAS)) "
if duplicate, you will get more than one DN as result.
- is the name of your computer (backupNAS) is the same than the name you enter in start/run ?
- could you launch the command setspn /L backupNAS
you should see HOST/backupNAS and HOST/backupNAS.domain.com
if you don't see them, you should run: setspn /R backupNAS
- it could be an issue with multiples computers sharing the same SPN
take a look here http://support.microsoft.com/kb/321044/en-us
or launch the command:
dsquery * -limit 0 -filter "(&(objectcategory=compute
if duplicate, you will get more than one DN as result.
ASKER
All the tests you mentioned above came back ok.
The entries were there and there were not duplicates.
When i queried it from LDAP it came back with the correct machine.
I checked the System logs and found the following two entries:
Type: Warning
Source: LsaSrv
The Security System detected an authentication error for the server cifs/backupNAS.local.domai nname.com. The failure code from authentication protocol Kerberos was "The specified user does not exist.
Type: Warning
Source: Kerberos
There were password errors using the Credential Manager. To remedy, launch the Stored User Names and Passwords control panel applet, and reenter the password for the credential DOMAIN\admin.
The entries were there and there were not duplicates.
When i queried it from LDAP it came back with the correct machine.
I checked the System logs and found the following two entries:
Type: Warning
Source: LsaSrv
The Security System detected an authentication error for the server cifs/backupNAS.local.domai
Type: Warning
Source: Kerberos
There were password errors using the Credential Manager. To remedy, launch the Stored User Names and Passwords control panel applet, and reenter the password for the credential DOMAIN\admin.
ok launch this command to add the cifs service and retry
setspn /A cifs/backupNAS
setspn /A cifs/backupNAS.local.domai nname.com
setspn /A cifs/backupNAS
setspn /A cifs/backupNAS.local.domai
ASKER
It's already in there.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
That worked.
Windows caching is a blessing and a curse (more leaning towards the latter).
Thank you!
Windows caching is a blessing and a curse (more leaning towards the latter).
Thank you!
on the backupNAS server, have you looked event viewer to see if there is errors or warnings especially with Kerberos and LSASRV?
are the time on your computer, the DCs and the BackupNas server are well synched (or at least with few than 5 minutes of delta) ?
are the time on your computer, the DCs and the BackupNas server are well synched (or at least with few than 5 minutes of delta) ?
Ok happy this worked :)
As soon as you encounter issues with name but not with IP you can be pretty sure it's related to Kerberos authentication failures :)
As soon as you encounter issues with name but not with IP you can be pretty sure it's related to Kerberos authentication failures :)
ASKER
What reading material would you suggest for one who would like to learn more of how Kerberos works?
I think you can begin with this: http://technet.microsoft.com/fr-fr/library/cc772815%28WS.10%29.aspx
be carefull with headache !
be carefull with headache !
ASKER
Awesome! Thank you!