Link to home
Start Free TrialLog in
Avatar of education-dynamics
education-dynamicsFlag for United States of America

asked on

Account gets locked when trying to UNC path to a server

We are seeing a strange issue on our network. When we try to UNC path to a server, our account gets locked out.

We have a domain with one Server 2008 DC and one 2003 DC. User generated image
Avatar of Rich Weissler
Rich Weissler

Do you log into the workstation using your domain account, or an identically named local account on the workstation?

Are there any replication problems occurring between the DCs?

Is this occurring for one user, or for everyone?  (If a single user: did that user recently change their password?)

On a single UNC path, or any UNC?  (And if one UNC: is it one on the DC or a member server?)

Are the client machine(s) which is trying to access the UNC - Windows 7, Vista?  (I assume not XP from the border of the window...)

Anything relevant in the system or security event logs on the server(s) or client?
Avatar of education-dynamics

ASKER

My comments in italics


Do you log into the workstation using your domain account, or an identically named local account on the workstation? We are logging in with our own individual domain admin accounts

Are there any replication problems occurring between the DCs? none that we are aware of

Is this occurring for one user, or for everyone?  (If a single user: did that user recently change their password?) this is happening to all of us

On a single UNC path, or any UNC?  (And if one UNC: is it one on the DC or a member server?) only when we UNC path to the domain controllers. other servers work fine without locking our account

Are the client machine(s) which is trying to access the UNC - Windows 7, Vista?  (I assume not XP from the border of the window...) correct. all are windows7

Anything relevant in the system or security event logs on the server(s) or client? Event ID:      56
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      SRVDC1
Description:
The Terminal Server security layer detected an error in the protocol stream and has disconnected the client. Client IP: 10.79.7.3.
Is there any consistent behaviour on accessing the UNC using servername or FQDN or IP?  (E.g. IP address sometimes works, servername and FQDN never works?)

The error message looks like it's another part of the symptom of the root problem.  I suspect the root problem may be an intermittent network problem.  If you can, lock down the network speed and duplex settings on each network card _and_ the switch ports.   (You shouldn't have one locked in, and the other using autonegotiate for example.  If you can avoid it... I'd advise against autonegotated as well.)  If you can, check the server interfaces and switch ports for errors.  

Once the network issues are resolved, one possible resulting problem on the servers would be that too many server password exchanges have been lost.  Microsoft has an knowledgebase article for resetting those as well.
Razmus - your 1st question made me realize another wrinkle....

We are in domain A. The domain controllers that we are experiencing this issue with are in Domain B. Both A and B domains are on the same LAN, so we use IP address to communicate between the two as these domains are not trusted.

This became an issue (as far as we can tell) when we upgraded domain A's DC to Server 2008. Domain A's other DC is still Server 2003. We have the same issue when UNC pathing to either DC in this domain.
ASKER CERTIFIED SOLUTION
Avatar of Rich Weissler
Rich Weissler

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
No, we do not have the same credentials on both domains, and no they are not sync'd.

Correct, the accounts from domain B are the ones getting locked out.

I am going to try the netdom.exe solution and see if that works. I will post my results.
NETDOM didn't do anything really. I think because we haven't had any password changes.

If I UNC path from a computer in Domain B to the domain controller in Domain A, it should prompt me for credentials since it does not recognize my credentials from Domain B. However, it doesn't. Instead it will lock out my Domain A credentials even though it doesn't even give me a chance to tell it what they are because it doesn't prompt for them.

Confused
Do you have any security logging turn on for Domain B?  I believe by default, nothing will show up in your security logs... you may want to make certain you have audit policies turned on... at least 'audit logon events' - failure, and 'audit account logon events' - failure.  Then in the DC you're hitting in Domain B, the security log may hold the answer to what is going wrong.
Thanks, Razmus. I will look into that.