Troubleshoot "access denied" authentication problems with packet sniffer on 2003 domain and Macs
Posted on 2011-09-30
I've been having intermittent problems with Mac computers accessing shares on a 2003 server/domain. Sometimes when the mac tries to authenticate, they receive "unknown account or invalid password" Sometimes this lasts several minutes to several hours, then will start working again for no apparent reason. This happens when they access the server either via SMB or AFP. The event viewer on the server shows event ID 680 - account logon failure for NT Authority/System. I have Wireshark packet sniffer installed on the server, but I have no idea what kind of traffic to filter to see where the problem lies. Sometimes resetting the account password in AD helps but not always. Any idea how I can isolate what's causing this problem?