Link to home
Start Free TrialLog in
Avatar of Tony Giangreco
Tony GiangrecoFlag for United States of America

asked on

Can't access shared resources on a Windows 2008 R2 server

We have a Winfows 2003 domain with three Win 2003 serevrs (all DC's) and just added a Windows 2008 member server to the domain. This 2008 server has three new network printers shared on it along with a few shared folders.

The member server is in the domain and is fully patched but no user can browse any of the shares or add a shared printer. The clients are Win7x64 bit and Win XPx32 bit. The shares are all setup for read access to authenticated users. All clients can access the shares on the 2003 servers.

I need help getting the shares and printers accessable to all users.
Avatar of Geodash
Geodash
Flag of United States of America image

How are you accessing the shares? Mapped drive or Start>run>UNC?
Are the members trying to access the shares in Administrative groups on the server?
Avatar of Tony Giangreco

ASKER

I have tried accessing the shares this way logged on as the domain user of that workstation:

1. Mapping from My computer on a Win 7 64 bit Pc in the domain, we see the Win 2008 server, click it and get the message - You don't have permisson to access this server.

2. On a Win XP pc 32 bit in the domain, open My Computer, click Map Drive and we see two workgroups. OurDomain and Unknown. The new server appears in Unknown.

On the 2008 server, when I check system properties, it says it's in OurDomain. Why would it be listed as unknown on the XP box?
 
The users are all authenticated users of the domain.

If I login to a pc as domain admin, I can access the 2008 server.
Sorry, I meant I see two groups: Our Domain and Unknown, not workgroups.
Have you added the appropriate AD groups containing users to the shares on the 2008 Server?
Since this is a domain, I added the following groups

domain\administrators
authenticated users
So you added authenticated users on the share from AD? What are the share permissions on the folder?

Try making the shared permissions - Everyone Full Control
NTFS Permissions - add one user (for a test, not best practice) give them full control. Have them logoff and back on, just to make sure, and try again. I generally steer away from adding authenticated users by removing the group and adding exclusive AD groups for that share, it is more secure. What NTFS permisssions does the authenticated users group have on the share?

If that does not work, look at the Event Log for any access errors and post the errors.
I added a domain user with read access and tried mapping the share on her Pc. It shows the server, but won't expand out as if there were no shares.

When I run \\servername it says Login Failure: The user has not beedn granted the requested login type for this computer.

On the server, here is the log:

Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          3/21/2012 4:07:03 PM
Event ID:      4625
Task Category: Logon
Level:         Information
Keywords:      Audit Failure
User:          N/A
Computer:      server.mydomain
Description:
An account failed to log on.

Subject:
      Security ID:            NULL SID
      Account Name:            -
      Account Domain:            -
      Logon ID:            0x0

Logon Type:                  3

Account For Which Logon Failed:
      Security ID:            NULL SID
      Account Name:            gayle
      Account Domain:            mydomain

Failure Information:
      Failure Reason:            The user has not been granted the requested logon type at this machine.
      Status:                  0xc000015b
      Sub Status:            0x0

Process Information:
      Caller Process ID:      0x0
      Caller Process Name:      -

Network Information:
      Workstation Name:      -
      Source Network Address:      192.168.1.112
      Source Port:            2159

Detailed Authentication Information:
      Logon Process:            Kerberos
      Authentication Package:      Kerberos
      Transited Services:      -
      Package Name (NTLM only):      -
      Key Length:            0

This event is generated when a logon request fails. It is generated on the computer where access was attempted.

The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).

The Process Information fields indicate which account and process on the system requested the logon.

The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
      - Transited services indicate which intermediate services have participated in this logon request.
      - Package name indicates which sub-protocol was used among the NTLM protocols.
      - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
ASKER CERTIFIED SOLUTION
Avatar of CarlosDominguez
CarlosDominguez
Flag of Spain image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial