Solved

Can't access shared resources on a Windows 2008 R2 server

Posted on 2012-03-21
9
846 Views
Last Modified: 2012-03-25
We have a Winfows 2003 domain with three Win 2003 serevrs (all DC's) and just added a Windows 2008 member server to the domain. This 2008 server has three new network printers shared on it along with a few shared folders.

The member server is in the domain and is fully patched but no user can browse any of the shares or add a shared printer. The clients are Win7x64 bit and Win XPx32 bit. The shares are all setup for read access to authenticated users. All clients can access the shares on the 2003 servers.

I need help getting the shares and printers accessable to all users.
0
Comment
Question by:Tony Giangreco
  • 4
  • 4
9 Comments
 
LVL 9

Expert Comment

by:Geodash
ID: 37749534
How are you accessing the shares? Mapped drive or Start>run>UNC?
0
 
LVL 9

Expert Comment

by:Geodash
ID: 37749536
Are the members trying to access the shares in Administrative groups on the server?
0
 
LVL 25

Author Comment

by:Tony Giangreco
ID: 37749762
I have tried accessing the shares this way logged on as the domain user of that workstation:

1. Mapping from My computer on a Win 7 64 bit Pc in the domain, we see the Win 2008 server, click it and get the message - You don't have permisson to access this server.

2. On a Win XP pc 32 bit in the domain, open My Computer, click Map Drive and we see two workgroups. OurDomain and Unknown. The new server appears in Unknown.

On the 2008 server, when I check system properties, it says it's in OurDomain. Why would it be listed as unknown on the XP box?
 
The users are all authenticated users of the domain.

If I login to a pc as domain admin, I can access the 2008 server.
0
 
LVL 25

Author Comment

by:Tony Giangreco
ID: 37749765
Sorry, I meant I see two groups: Our Domain and Unknown, not workgroups.
0
Do email signature updates give you a headache?

Do you feel like you are constantly making changes to email signatures? Are the images not formatting how you want them to? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today.

 
LVL 9

Expert Comment

by:Geodash
ID: 37749794
Have you added the appropriate AD groups containing users to the shares on the 2008 Server?
0
 
LVL 25

Author Comment

by:Tony Giangreco
ID: 37749904
Since this is a domain, I added the following groups

domain\administrators
authenticated users
0
 
LVL 9

Expert Comment

by:Geodash
ID: 37749925
So you added authenticated users on the share from AD? What are the share permissions on the folder?

Try making the shared permissions - Everyone Full Control
NTFS Permissions - add one user (for a test, not best practice) give them full control. Have them logoff and back on, just to make sure, and try again. I generally steer away from adding authenticated users by removing the group and adding exclusive AD groups for that share, it is more secure. What NTFS permisssions does the authenticated users group have on the share?

If that does not work, look at the Event Log for any access errors and post the errors.
0
 
LVL 25

Author Comment

by:Tony Giangreco
ID: 37749990
I added a domain user with read access and tried mapping the share on her Pc. It shows the server, but won't expand out as if there were no shares.

When I run \\servername it says Login Failure: The user has not beedn granted the requested login type for this computer.

On the server, here is the log:

Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          3/21/2012 4:07:03 PM
Event ID:      4625
Task Category: Logon
Level:         Information
Keywords:      Audit Failure
User:          N/A
Computer:      server.mydomain
Description:
An account failed to log on.

Subject:
      Security ID:            NULL SID
      Account Name:            -
      Account Domain:            -
      Logon ID:            0x0

Logon Type:                  3

Account For Which Logon Failed:
      Security ID:            NULL SID
      Account Name:            gayle
      Account Domain:            mydomain

Failure Information:
      Failure Reason:            The user has not been granted the requested logon type at this machine.
      Status:                  0xc000015b
      Sub Status:            0x0

Process Information:
      Caller Process ID:      0x0
      Caller Process Name:      -

Network Information:
      Workstation Name:      -
      Source Network Address:      192.168.1.112
      Source Port:            2159

Detailed Authentication Information:
      Logon Process:            Kerberos
      Authentication Package:      Kerberos
      Transited Services:      -
      Package Name (NTLM only):      -
      Key Length:            0

This event is generated when a logon request fails. It is generated on the computer where access was attempted.

The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).

The Process Information fields indicate which account and process on the system requested the logon.

The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
      - Transited services indicate which intermediate services have participated in this logon request.
      - Package name indicates which sub-protocol was used among the NTLM protocols.
      - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
0
 
LVL 5

Accepted Solution

by:
CarlosDominguez earned 500 total points
ID: 37752893
Have you tried accessing \\IP_address (instead of name)?

Do you have all the automatic services running?

Do you have the firewall active and configured in the 2008 server? Maybe you can try turning the firewall off for the private network.

Maybe you could have an AV product installed and resident in the server. Could you try turning it off temporarily?

In 2008 there are roles and features: go to server manager and check if you have enabled the role "File services".

If no success in any way... I would suggest re-join the 2008 server to the domain.
0

Featured Post

Want to promote your upcoming event?

Are you going to an event? Are you going to be exhibiting at a tradeshow? Talking at a conference? Using a promotional banner in your email signature ensures that your organization’s most important contacts stay in the know and can potentially spread the word about the event.

Join & Write a Comment

New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now