• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 282
  • Last Modified:

Windows XP - DC Issues

I have a Windows XP Professional workstation that is at one of my satellite offices and has been having issues from time to time accessing network drives. With further investigation I found that when you try to map drives via command line you get this error message:

The system detected a possible attempt to compromise security. Please ensure that you can contact the server that authenticated you.

If I use echo %logonserver% it reports back the correct DC, but logging in to this workstation also takes a long time. Has anyone seen this behavior or have a fix? I have several other computers at this site with no problems.

Thank You,
0
TermEcho
Asked:
TermEcho
  • 8
  • 5
  • 4
1 Solution
 
joelsplaceCommented:
Can you login as a new user created on the domain?  If not then the PC is using cached credentials.  Check your DNS and try using only the login server as a test.
0
 
TermEchoAuthor Commented:
joelsplace:

         I have set DNS address manually on this computer to see if it was a dns issue. What do you mean login server as a test? I will setup a new account in my DC and try that.
0
 
CharlWiehahnCommented:
Disable the local Windows firewall and try to logon again. Here is the Microsoft knowledgebase for this problem.

http://support.microsoft.com/kb/938457
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 
joelsplaceCommented:
I was talking about using your main DC DNS only if you have some other DNS servers also.
0
 
TermEchoAuthor Commented:
joelsplace:

        I have setup a new account and I was able to login and map drives without a problem, this issues seems to come and go with this pc. I worked on it for three hours and I believe it took me 20 minutes to login, but this time with the new account everything is working. Is there a way to see cached credentials? or perhaps a way to remove any/all cached credentials?

Thanks,
0
 
TermEchoAuthor Commented:
joelsplace:

    It looks like accounts that have been setup and logged into this computer are having issues. It takes a lot longer to login to the workstation using the Administrator or the original users login.

Thanks,
0
 
joelsplaceCommented:
You can get rid of some in User Accounts, Advanced, Manage Passwords.  I'm not sure if it will get rid of the normal user login cache.
This might help: http://support.microsoft.com/kb/823731
This will turn off credential caching: http://support.microsoft.com/kb/172931
0
 
joelsplaceCommented:
You may have some corrupted accounts or possibly malware?
0
 
CharlWiehahnCommented:
Hi joelsplace,

Have you had a chance to look at the local firewall config on the pc you are having troubles with?
0
 
TermEchoAuthor Commented:
CharlWiehahn:

           Yes, the firewall rules are pushed through AD. Firewall rules appear to be working.
0
 
CharlWiehahnCommented:
Hi TermEcho,

Just to refer to your previous question about how to remove cached credentials from a pc. This is done by setting Interactive Logons to 0  and is done via group policy. Here is the policy location.

Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options
Set Interactive logon to 0

On a seperate note, I was wondering if the shares you are connecting to are located on the same satellite site or if they are accessed over the WAN. Also are you using DFS in your setup?
0
 
TermEchoAuthor Commented:
CharlWiehahn:

     No I am not using DFS, The shares are across the WAN being accessed via VPN. I have six computers at this one satellite location 5 with out problems (a mix of XP and Win7). I have modified the registry and set logons to 0, but that did not help.
0
 
CharlWiehahnCommented:
Hi TermEcho,

This issue seems to be network related rather than your actual domain settings. I would suggest you have a look at your duplex settings and the negociated speed the pc picked up. Also if you have a managed switch, see if the port on the switch has not been statically set to for example 100 full duplex while the desktop is set to Auto. Perhaps try a different switch port and or network cable.
0
 
TermEchoAuthor Commented:
CharlWiehahn:

    It is only this one pc at this site and the duplex/speed are set correctly. I have not seen any articles that have related network issues with the error:

The system detected a possible attempt to compromise security. Please ensure that you can contact the server that authenticated you.

  The pc can access everything on the LAN, but at time is will not see the DC then other times it is working fine.
0
 
joelsplaceCommented:
I've had problems with XP and manual setting of the speed/duplex.  I have always used auto since and not had any problems.
I ran across a similar problem a few weeks ago at a client and it turned out that the network cable was bad.  It never showed to be disconnected but it would have really slow logins and intermittant problems with connecting to their server.  Luckily they had four cables run to that office so it was easy to switch.
0
 
TermEchoAuthor Commented:
No correct answer was provided. Problems still persist I am closing this question.

Thank You.
0
 
TermEchoAuthor Commented:
Question Closed
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

  • 8
  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now