Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Permissions Issue

Posted on 2011-03-08
13
Medium Priority
?
294 Views
Last Modified: 2012-05-11
Hello Experts,

I'm having a weird issue on a few of my servers.
I have a NAS that i connect to for backing stuff up. For some reason, i have lost the ability to access the NAS via it's name.
So, if i go to start run: \\backupNAS\   --> i get an error saying i don't have permissions to access this.
If i do: start run: \\10.10.10.50\    --> i get in with no problems.

Can anyone shine some light on this please?

Thank you,

gmWindows
0
Comment
Question by:gmwindows
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 6
13 Comments
 
LVL 6

Expert Comment

by:LHT_ST
ID: 35070694
if you ping backupnas does it give you the same ip address as you gave above?
0
 
LVL 2

Author Comment

by:gmwindows
ID: 35070736
Yes it does.
When I ping it via IP, it responds.
When I ping it via Name, it responds.
0
 
LVL 11

Expert Comment

by:Tasmant
ID: 35070747
it's probably due to Kerberos errors. (with IP you fall automatically to NTLM)
- is the name of your computer (backupNAS) is the same than the name you enter in start/run ?
- could you launch the command setspn /L backupNAS
  you should see HOST/backupNAS and HOST/backupNAS.domain.com
if you don't see them, you should run: setspn /R backupNAS
- it could be an issue with multiples computers sharing the same SPN
take a look here http://support.microsoft.com/kb/321044/en-us
or launch the command:
dsquery * -limit 0 -filter "(&(objectcategory=computer)(ServicePrincipalName=HOST/backupNAS))"
if duplicate, you will get more than one DN as result.
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 2

Author Comment

by:gmwindows
ID: 35070958
All the tests you mentioned above came back ok.
The entries were there and there were not duplicates.
When i queried it from LDAP it came back with the correct machine.
I checked the System logs and found the following two entries:

Type: Warning
Source: LsaSrv
The Security System detected an authentication error for the server cifs/backupNAS.local.domainname.com.  The failure code from authentication protocol Kerberos was "The specified user does not exist.

Type: Warning
Source: Kerberos

There were password errors using the Credential Manager. To remedy, launch the Stored User Names and Passwords control panel applet, and reenter the password for the credential DOMAIN\admin.

0
 
LVL 11

Expert Comment

by:Tasmant
ID: 35071040
ok launch this command to add the cifs service and retry
setspn /A cifs/backupNAS
setspn /A cifs/backupNAS.local.domainname.com
0
 
LVL 2

Author Comment

by:gmwindows
ID: 35071056
It's already in there.
0
 
LVL 11

Accepted Solution

by:
Tasmant earned 2000 total points
ID: 35071057
Else, look at the Stored User Names and Passwords control panel applet to see if you have already stored credentials for this server. Did you mount network share in the past while specifiing specific credentials?
0
 
LVL 2

Author Comment

by:gmwindows
ID: 35071101
That worked.
Windows caching is a blessing and a curse (more leaning towards the latter).
Thank you!
0
 
LVL 11

Expert Comment

by:Tasmant
ID: 35071103
on the backupNAS server, have you looked event viewer to see if there is errors or warnings especially with Kerberos and LSASRV?
are the time on your computer, the DCs and the BackupNas server are well synched (or at least with few than 5 minutes of delta) ?
0
 
LVL 11

Expert Comment

by:Tasmant
ID: 35071130
Ok happy this worked :)
As soon as you encounter issues with name but not with IP you can be pretty sure it's related to Kerberos authentication failures :)
0
 
LVL 2

Author Comment

by:gmwindows
ID: 35071141
What reading material would you suggest for one who would like to learn more of how Kerberos works?
0
 
LVL 11

Expert Comment

by:Tasmant
ID: 35071316
I think you can begin with this: http://technet.microsoft.com/fr-fr/library/cc772815%28WS.10%29.aspx
be carefull with headache !
0
 
LVL 2

Author Comment

by:gmwindows
ID: 35083683
Awesome! Thank you!
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

661 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question