education-dynamics
asked on
Account gets locked when trying to UNC path to a server
ASKER
My comments in italics
Do you log into the workstation using your domain account, or an identically named local account on the workstation? We are logging in with our own individual domain admin accounts
Are there any replication problems occurring between the DCs? none that we are aware of
Is this occurring for one user, or for everyone? (If a single user: did that user recently change their password?) this is happening to all of us
On a single UNC path, or any UNC? (And if one UNC: is it one on the DC or a member server?) only when we UNC path to the domain controllers. other servers work fine without locking our account
Are the client machine(s) which is trying to access the UNC - Windows 7, Vista? (I assume not XP from the border of the window...) correct. all are windows7
Anything relevant in the system or security event logs on the server(s) or client? Event ID: 56
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: SRVDC1
Description:
The Terminal Server security layer detected an error in the protocol stream and has disconnected the client. Client IP: 10.79.7.3.
Do you log into the workstation using your domain account, or an identically named local account on the workstation? We are logging in with our own individual domain admin accounts
Are there any replication problems occurring between the DCs? none that we are aware of
Is this occurring for one user, or for everyone? (If a single user: did that user recently change their password?) this is happening to all of us
On a single UNC path, or any UNC? (And if one UNC: is it one on the DC or a member server?) only when we UNC path to the domain controllers. other servers work fine without locking our account
Are the client machine(s) which is trying to access the UNC - Windows 7, Vista? (I assume not XP from the border of the window...) correct. all are windows7
Anything relevant in the system or security event logs on the server(s) or client? Event ID: 56
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: SRVDC1
Description:
The Terminal Server security layer detected an error in the protocol stream and has disconnected the client. Client IP: 10.79.7.3.
Is there any consistent behaviour on accessing the UNC using servername or FQDN or IP? (E.g. IP address sometimes works, servername and FQDN never works?)
The error message looks like it's another part of the symptom of the root problem. I suspect the root problem may be an intermittent network problem. If you can, lock down the network speed and duplex settings on each network card _and_ the switch ports. (You shouldn't have one locked in, and the other using autonegotiate for example. If you can avoid it... I'd advise against autonegotated as well.) If you can, check the server interfaces and switch ports for errors.
Once the network issues are resolved, one possible resulting problem on the servers would be that too many server password exchanges have been lost. Microsoft has an knowledgebase article for resetting those as well.
The error message looks like it's another part of the symptom of the root problem. I suspect the root problem may be an intermittent network problem. If you can, lock down the network speed and duplex settings on each network card _and_ the switch ports. (You shouldn't have one locked in, and the other using autonegotiate for example. If you can avoid it... I'd advise against autonegotated as well.) If you can, check the server interfaces and switch ports for errors.
Once the network issues are resolved, one possible resulting problem on the servers would be that too many server password exchanges have been lost. Microsoft has an knowledgebase article for resetting those as well.
ASKER
Razmus - your 1st question made me realize another wrinkle....
We are in domain A. The domain controllers that we are experiencing this issue with are in Domain B. Both A and B domains are on the same LAN, so we use IP address to communicate between the two as these domains are not trusted.
This became an issue (as far as we can tell) when we upgraded domain A's DC to Server 2008. Domain A's other DC is still Server 2003. We have the same issue when UNC pathing to either DC in this domain.
We are in domain A. The domain controllers that we are experiencing this issue with are in Domain B. Both A and B domains are on the same LAN, so we use IP address to communicate between the two as these domains are not trusted.
This became an issue (as far as we can tell) when we upgraded domain A's DC to Server 2008. Domain A's other DC is still Server 2003. We have the same issue when UNC pathing to either DC in this domain.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
No, we do not have the same credentials on both domains, and no they are not sync'd.
Correct, the accounts from domain B are the ones getting locked out.
I am going to try the netdom.exe solution and see if that works. I will post my results.
Correct, the accounts from domain B are the ones getting locked out.
I am going to try the netdom.exe solution and see if that works. I will post my results.
ASKER
NETDOM didn't do anything really. I think because we haven't had any password changes.
If I UNC path from a computer in Domain B to the domain controller in Domain A, it should prompt me for credentials since it does not recognize my credentials from Domain B. However, it doesn't. Instead it will lock out my Domain A credentials even though it doesn't even give me a chance to tell it what they are because it doesn't prompt for them.
Confused
If I UNC path from a computer in Domain B to the domain controller in Domain A, it should prompt me for credentials since it does not recognize my credentials from Domain B. However, it doesn't. Instead it will lock out my Domain A credentials even though it doesn't even give me a chance to tell it what they are because it doesn't prompt for them.
Confused
Do you have any security logging turn on for Domain B? I believe by default, nothing will show up in your security logs... you may want to make certain you have audit policies turned on... at least 'audit logon events' - failure, and 'audit account logon events' - failure. Then in the DC you're hitting in Domain B, the security log may hold the answer to what is going wrong.
ASKER
Thanks, Razmus. I will look into that.
Are there any replication problems occurring between the DCs?
Is this occurring for one user, or for everyone? (If a single user: did that user recently change their password?)
On a single UNC path, or any UNC? (And if one UNC: is it one on the DC or a member server?)
Are the client machine(s) which is trying to access the UNC - Windows 7, Vista? (I assume not XP from the border of the window...)
Anything relevant in the system or security event logs on the server(s) or client?