clarkcomp091501
asked on
The system detected a possible attempt to compromise security
I receive the following error message on the computers that are connected to the SBS Server about once a day. Any ideas what this might be?
"S:\ is not accessible.
The system detected a possible attempt to compromise security. Please ensure that you can contact the server that authenticated you."
This will disconnect all of the network drives and printers. Then if I wait about 4-5 minutes everything will come back and work fine. All of the client computers are using MSE for AV.
"S:\ is not accessible.
The system detected a possible attempt to compromise security. Please ensure that you can contact the server that authenticated you."
This will disconnect all of the network drives and printers. Then if I wait about 4-5 minutes everything will come back and work fine. All of the client computers are using MSE for AV.
ASKER
We have a network program that runs off of the s:\ drive.
I've looked in both msconfig as well as task manager. Nothing I could see out of the ordinary.
I've looked in both msconfig as well as task manager. Nothing I could see out of the ordinary.
sounds like your network is dropping. is this a big network? If you are getting this on multiple pc's that are connected to multiple switches then I would look at the server, otherwise have a look at your switches to diagnose.
The error on the s drive is just stating that the connection has been lost as it probably failed the keep alive check
The error on the s drive is just stating that the connection has been lost as it probably failed the keep alive check
ASKER
It's is a smaller network. 1 server, 2 network printers and 5 workstations.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
What program do you have running on the S: drive? is there a workstation running without enough admin rights to access?
A program that comes to mind is TimeSlips, which needs access to the server from all workstations via the same drive letter, if not it causes problems like this. Are you certain all the drives mapped to the server for the program mentioned above are using the letter S to connect to the data? You could have a workstation connecting to the folder using a different drive letter that me be causing the issues you're seeing.
If this is the case make a logon script to make sure if mapped drives get disconnected they are not joined again using a different letter, for example the Z: drive. Make the logon script delete / disconnect any incorrect drives and remap using S drive letter.
A program that comes to mind is TimeSlips, which needs access to the server from all workstations via the same drive letter, if not it causes problems like this. Are you certain all the drives mapped to the server for the program mentioned above are using the letter S to connect to the data? You could have a workstation connecting to the folder using a different drive letter that me be causing the issues you're seeing.
If this is the case make a logon script to make sure if mapped drives get disconnected they are not joined again using a different letter, for example the Z: drive. Make the logon script delete / disconnect any incorrect drives and remap using S drive letter.
Another program that can cause problems if using a shared database from workstations to the server is QuickBooks, are you using this software? If so check the drive mappings and installation / configuration on each workstation running the program.
This problem occurs because the network firewall filters Kerberos traffic.
Here is alink describing the situation and resolution
http://support.microsoft.com/kb/938457
Have you made any progress?
I've requested that this question be deleted for the following reason:
Not enough information to confirm an answer.
Not enough information to confirm an answer.
Worth looking in msconfig maybe or looking for anything odd in task manager.