Solved

Permissions Issue

Posted on 2011-03-08
13
284 Views
Last Modified: 2012-05-11
Hello Experts,

I'm having a weird issue on a few of my servers.
I have a NAS that i connect to for backing stuff up. For some reason, i have lost the ability to access the NAS via it's name.
So, if i go to start run: \\backupNAS\   --> i get an error saying i don't have permissions to access this.
If i do: start run: \\10.10.10.50\    --> i get in with no problems.

Can anyone shine some light on this please?

Thank you,

gmWindows
0
Comment
Question by:gmwindows
  • 6
  • 6
13 Comments
 
LVL 6

Expert Comment

by:LHT_ST
Comment Utility
if you ping backupnas does it give you the same ip address as you gave above?
0
 
LVL 2

Author Comment

by:gmwindows
Comment Utility
Yes it does.
When I ping it via IP, it responds.
When I ping it via Name, it responds.
0
 
LVL 11

Expert Comment

by:Tasmant
Comment Utility
it's probably due to Kerberos errors. (with IP you fall automatically to NTLM)
- is the name of your computer (backupNAS) is the same than the name you enter in start/run ?
- could you launch the command setspn /L backupNAS
  you should see HOST/backupNAS and HOST/backupNAS.domain.com
if you don't see them, you should run: setspn /R backupNAS
- it could be an issue with multiples computers sharing the same SPN
take a look here http://support.microsoft.com/kb/321044/en-us
or launch the command:
dsquery * -limit 0 -filter "(&(objectcategory=computer)(ServicePrincipalName=HOST/backupNAS))"
if duplicate, you will get more than one DN as result.
0
 
LVL 2

Author Comment

by:gmwindows
Comment Utility
All the tests you mentioned above came back ok.
The entries were there and there were not duplicates.
When i queried it from LDAP it came back with the correct machine.
I checked the System logs and found the following two entries:

Type: Warning
Source: LsaSrv
The Security System detected an authentication error for the server cifs/backupNAS.local.domainname.com.  The failure code from authentication protocol Kerberos was "The specified user does not exist.

Type: Warning
Source: Kerberos

There were password errors using the Credential Manager. To remedy, launch the Stored User Names and Passwords control panel applet, and reenter the password for the credential DOMAIN\admin.

0
 
LVL 11

Expert Comment

by:Tasmant
Comment Utility
ok launch this command to add the cifs service and retry
setspn /A cifs/backupNAS
setspn /A cifs/backupNAS.local.domainname.com
0
 
LVL 2

Author Comment

by:gmwindows
Comment Utility
It's already in there.
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 11

Accepted Solution

by:
Tasmant earned 500 total points
Comment Utility
Else, look at the Stored User Names and Passwords control panel applet to see if you have already stored credentials for this server. Did you mount network share in the past while specifiing specific credentials?
0
 
LVL 2

Author Comment

by:gmwindows
Comment Utility
That worked.
Windows caching is a blessing and a curse (more leaning towards the latter).
Thank you!
0
 
LVL 11

Expert Comment

by:Tasmant
Comment Utility
on the backupNAS server, have you looked event viewer to see if there is errors or warnings especially with Kerberos and LSASRV?
are the time on your computer, the DCs and the BackupNas server are well synched (or at least with few than 5 minutes of delta) ?
0
 
LVL 11

Expert Comment

by:Tasmant
Comment Utility
Ok happy this worked :)
As soon as you encounter issues with name but not with IP you can be pretty sure it's related to Kerberos authentication failures :)
0
 
LVL 2

Author Comment

by:gmwindows
Comment Utility
What reading material would you suggest for one who would like to learn more of how Kerberos works?
0
 
LVL 11

Expert Comment

by:Tasmant
Comment Utility
I think you can begin with this: http://technet.microsoft.com/fr-fr/library/cc772815%28WS.10%29.aspx
be carefull with headache !
0
 
LVL 2

Author Comment

by:gmwindows
Comment Utility
Awesome! Thank you!
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Mapping Drives using Group policy preferences Are you still using old scripts to map your network drives if so this article will show you how to get away for old scripts and move toward Group Policy Preference for mapping them. First things f…
Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now