Windows XP - DC Issues
I have a Windows XP Professional workstation that is at one of my satellite offices and has been having issues from time to time accessing network drives. With further investigation I found that when you try to map drives via command line you get this error message:
The system detected a possible attempt to compromise security. Please ensure that you can contact the server that authenticated you.
If I use echo %logonserver% it reports back the correct DC, but logging in to this workstation also takes a long time. Has anyone seen this behavior or have a fix? I have several other computers at this site with no problems.
Thank You,
The system detected a possible attempt to compromise security. Please ensure that you can contact the server that authenticated you.
If I use echo %logonserver% it reports back the correct DC, but logging in to this workstation also takes a long time. Has anyone seen this behavior or have a fix? I have several other computers at this site with no problems.
Thank You,
joelsplace
Can you login as a new user created on the domain? If not then the PC is using cached credentials. Check your DNS and try using only the login server as a test.
ASKER
joelsplace:
I have set DNS address manually on this computer to see if it was a dns issue. What do you mean login server as a test? I will setup a new account in my DC and try that.
I have set DNS address manually on this computer to see if it was a dns issue. What do you mean login server as a test? I will setup a new account in my DC and try that.
Disable the local Windows firewall and try to logon again. Here is the Microsoft knowledgebase for this problem.
http://support.microsoft.com/kb/938457
http://support.microsoft.com/kb/938457
I was talking about using your main DC DNS only if you have some other DNS servers also.
ASKER
joelsplace:
I have setup a new account and I was able to login and map drives without a problem, this issues seems to come and go with this pc. I worked on it for three hours and I believe it took me 20 minutes to login, but this time with the new account everything is working. Is there a way to see cached credentials? or perhaps a way to remove any/all cached credentials?
Thanks,
I have setup a new account and I was able to login and map drives without a problem, this issues seems to come and go with this pc. I worked on it for three hours and I believe it took me 20 minutes to login, but this time with the new account everything is working. Is there a way to see cached credentials? or perhaps a way to remove any/all cached credentials?
Thanks,
ASKER
joelsplace:
It looks like accounts that have been setup and logged into this computer are having issues. It takes a lot longer to login to the workstation using the Administrator or the original users login.
Thanks,
It looks like accounts that have been setup and logged into this computer are having issues. It takes a lot longer to login to the workstation using the Administrator or the original users login.
Thanks,
You can get rid of some in User Accounts, Advanced, Manage Passwords. I'm not sure if it will get rid of the normal user login cache.
This might help: http://support.microsoft.com/kb/823731
This will turn off credential caching: http://support.microsoft.com/kb/172931
This might help: http://support.microsoft.com/kb/823731
This will turn off credential caching: http://support.microsoft.com/kb/172931
You may have some corrupted accounts or possibly malware?
Hi joelsplace,
Have you had a chance to look at the local firewall config on the pc you are having troubles with?
Have you had a chance to look at the local firewall config on the pc you are having troubles with?
ASKER
CharlWiehahn:
Yes, the firewall rules are pushed through AD. Firewall rules appear to be working.
Yes, the firewall rules are pushed through AD. Firewall rules appear to be working.
Hi TermEcho,
Just to refer to your previous question about how to remove cached credentials from a pc. This is done by setting Interactive Logons to 0 and is done via group policy. Here is the policy location.
Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options
Set Interactive logon to 0
On a seperate note, I was wondering if the shares you are connecting to are located on the same satellite site or if they are accessed over the WAN. Also are you using DFS in your setup?
Just to refer to your previous question about how to remove cached credentials from a pc. This is done by setting Interactive Logons to 0 and is done via group policy. Here is the policy location.
Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options
Set Interactive logon to 0
On a seperate note, I was wondering if the shares you are connecting to are located on the same satellite site or if they are accessed over the WAN. Also are you using DFS in your setup?
ASKER
CharlWiehahn:
No I am not using DFS, The shares are across the WAN being accessed via VPN. I have six computers at this one satellite location 5 with out problems (a mix of XP and Win7). I have modified the registry and set logons to 0, but that did not help.
No I am not using DFS, The shares are across the WAN being accessed via VPN. I have six computers at this one satellite location 5 with out problems (a mix of XP and Win7). I have modified the registry and set logons to 0, but that did not help.
Hi TermEcho,
This issue seems to be network related rather than your actual domain settings. I would suggest you have a look at your duplex settings and the negociated speed the pc picked up. Also if you have a managed switch, see if the port on the switch has not been statically set to for example 100 full duplex while the desktop is set to Auto. Perhaps try a different switch port and or network cable.
This issue seems to be network related rather than your actual domain settings. I would suggest you have a look at your duplex settings and the negociated speed the pc picked up. Also if you have a managed switch, see if the port on the switch has not been statically set to for example 100 full duplex while the desktop is set to Auto. Perhaps try a different switch port and or network cable.
ASKER
CharlWiehahn:
It is only this one pc at this site and the duplex/speed are set correctly. I have not seen any articles that have related network issues with the error:
The system detected a possible attempt to compromise security. Please ensure that you can contact the server that authenticated you.
The pc can access everything on the LAN, but at time is will not see the DC then other times it is working fine.
It is only this one pc at this site and the duplex/speed are set correctly. I have not seen any articles that have related network issues with the error:
The system detected a possible attempt to compromise security. Please ensure that you can contact the server that authenticated you.
The pc can access everything on the LAN, but at time is will not see the DC then other times it is working fine.
I've had problems with XP and manual setting of the speed/duplex. I have always used auto since and not had any problems.
I ran across a similar problem a few weeks ago at a client and it turned out that the network cable was bad. It never showed to be disconnected but it would have really slow logins and intermittant problems with connecting to their server. Luckily they had four cables run to that office so it was easy to switch.
I ran across a similar problem a few weeks ago at a client and it turned out that the network cable was bad. It never showed to be disconnected but it would have really slow logins and intermittant problems with connecting to their server. Luckily they had four cables run to that office so it was easy to switch.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Question Closed