Solved

Can't access shared resources on a Windows 2008 R2 server

Posted on 2012-03-21
9
855 Views
Last Modified: 2012-03-25
We have a Winfows 2003 domain with three Win 2003 serevrs (all DC's) and just added a Windows 2008 member server to the domain. This 2008 server has three new network printers shared on it along with a few shared folders.

The member server is in the domain and is fully patched but no user can browse any of the shares or add a shared printer. The clients are Win7x64 bit and Win XPx32 bit. The shares are all setup for read access to authenticated users. All clients can access the shares on the 2003 servers.

I need help getting the shares and printers accessable to all users.
0
Comment
Question by:Tony Giangreco
  • 4
  • 4
9 Comments
 
LVL 9

Expert Comment

by:Geodash
ID: 37749534
How are you accessing the shares? Mapped drive or Start>run>UNC?
0
 
LVL 9

Expert Comment

by:Geodash
ID: 37749536
Are the members trying to access the shares in Administrative groups on the server?
0
 
LVL 25

Author Comment

by:Tony Giangreco
ID: 37749762
I have tried accessing the shares this way logged on as the domain user of that workstation:

1. Mapping from My computer on a Win 7 64 bit Pc in the domain, we see the Win 2008 server, click it and get the message - You don't have permisson to access this server.

2. On a Win XP pc 32 bit in the domain, open My Computer, click Map Drive and we see two workgroups. OurDomain and Unknown. The new server appears in Unknown.

On the 2008 server, when I check system properties, it says it's in OurDomain. Why would it be listed as unknown on the XP box?
 
The users are all authenticated users of the domain.

If I login to a pc as domain admin, I can access the 2008 server.
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 
LVL 25

Author Comment

by:Tony Giangreco
ID: 37749765
Sorry, I meant I see two groups: Our Domain and Unknown, not workgroups.
0
 
LVL 9

Expert Comment

by:Geodash
ID: 37749794
Have you added the appropriate AD groups containing users to the shares on the 2008 Server?
0
 
LVL 25

Author Comment

by:Tony Giangreco
ID: 37749904
Since this is a domain, I added the following groups

domain\administrators
authenticated users
0
 
LVL 9

Expert Comment

by:Geodash
ID: 37749925
So you added authenticated users on the share from AD? What are the share permissions on the folder?

Try making the shared permissions - Everyone Full Control
NTFS Permissions - add one user (for a test, not best practice) give them full control. Have them logoff and back on, just to make sure, and try again. I generally steer away from adding authenticated users by removing the group and adding exclusive AD groups for that share, it is more secure. What NTFS permisssions does the authenticated users group have on the share?

If that does not work, look at the Event Log for any access errors and post the errors.
0
 
LVL 25

Author Comment

by:Tony Giangreco
ID: 37749990
I added a domain user with read access and tried mapping the share on her Pc. It shows the server, but won't expand out as if there were no shares.

When I run \\servername it says Login Failure: The user has not beedn granted the requested login type for this computer.

On the server, here is the log:

Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          3/21/2012 4:07:03 PM
Event ID:      4625
Task Category: Logon
Level:         Information
Keywords:      Audit Failure
User:          N/A
Computer:      server.mydomain
Description:
An account failed to log on.

Subject:
      Security ID:            NULL SID
      Account Name:            -
      Account Domain:            -
      Logon ID:            0x0

Logon Type:                  3

Account For Which Logon Failed:
      Security ID:            NULL SID
      Account Name:            gayle
      Account Domain:            mydomain

Failure Information:
      Failure Reason:            The user has not been granted the requested logon type at this machine.
      Status:                  0xc000015b
      Sub Status:            0x0

Process Information:
      Caller Process ID:      0x0
      Caller Process Name:      -

Network Information:
      Workstation Name:      -
      Source Network Address:      192.168.1.112
      Source Port:            2159

Detailed Authentication Information:
      Logon Process:            Kerberos
      Authentication Package:      Kerberos
      Transited Services:      -
      Package Name (NTLM only):      -
      Key Length:            0

This event is generated when a logon request fails. It is generated on the computer where access was attempted.

The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).

The Process Information fields indicate which account and process on the system requested the logon.

The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
      - Transited services indicate which intermediate services have participated in this logon request.
      - Package name indicates which sub-protocol was used among the NTLM protocols.
      - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
0
 
LVL 5

Accepted Solution

by:
CarlosDominguez earned 500 total points
ID: 37752893
Have you tried accessing \\IP_address (instead of name)?

Do you have all the automatic services running?

Do you have the firewall active and configured in the 2008 server? Maybe you can try turning the firewall off for the private network.

Maybe you could have an AV product installed and resident in the server. Could you try turning it off temporarily?

In 2008 there are roles and features: go to server manager and check if you have enabled the role "File services".

If no success in any way... I would suggest re-join the 2008 server to the domain.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
You may have a outside contractor who comes in once a week or seasonal to do some work in your office but you only want to give him access to the programs and files he needs and keep privet all other documents and programs, can you do this on a loca…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This Micro Tutorial will give you a basic overview of Windows Live Photo Gallery and show you various editing filters and touches to photos you can apply. This will be demonstrated using Windows Live Photo Gallery on Windows 7 operating system.

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question