Solved

The system detected a possible attempt to compromise security

Posted on 2012-12-22
11
1,738 Views
Last Modified: 2013-01-23
I receive the following error message on the computers that are connected to the SBS Server about once a day.  Any ideas what this might be?

"S:\ is not accessible.

The system detected a possible attempt to compromise security.  Please ensure that you can contact the server that authenticated you."

This will disconnect all of the network drives and printers.  Then if I wait about 4-5 minutes everything will come back and work fine.  All of the client computers are using MSE for AV.
0
Comment
Question by:clarkcomp091501
  • 3
  • 2
  • 2
  • +2
11 Comments
 
LVL 6

Expert Comment

by:Darren Sharples
ID: 38716102
Looks like something is trying to look at an S drive.  Do you have anything running that is pointing to an S drive?

Worth looking in msconfig maybe or looking for anything odd in task manager.
0
 

Author Comment

by:clarkcomp091501
ID: 38716108
We have a network program that runs off of the s:\ drive.

I've looked in both msconfig as well as task manager. Nothing I could see out of the ordinary.
0
 
LVL 6

Expert Comment

by:Darren Sharples
ID: 38716120
sounds like your network is dropping.  is this a big network? If you are getting this on multiple pc's that are connected to multiple switches then I would look at the server, otherwise have a look at your switches to diagnose.

The error on the s drive is just stating that the connection has been lost as it probably failed the keep alive check
0
 

Author Comment

by:clarkcomp091501
ID: 38716130
It's is a smaller network. 1 server, 2 network printers and 5 workstations.
0
 
LVL 6

Accepted Solution

by:
Darren Sharples earned 500 total points
ID: 38716142
You are losing your printers, so if your printers are connecting directly into your switch and not managed by the server then I am guessing your switch is dropping the connection so start there.  If it is happening at the same time each day then do a continious ping from one client to another to prove and console to the switch to see what is happening also.

If it turns out not to be switch related, have a look on the server.  eventvwr.msc at the time its dropping to see what is happening
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 17

Expert Comment

by:WORKS2011
ID: 38716279
What program do you have running on the S: drive? is there a workstation running without enough admin rights to access?

A program that comes to mind is TimeSlips, which needs access to the server from all workstations via the same drive letter, if not it causes problems like this. Are you certain all the drives mapped to the server for the program mentioned above are using the letter S to connect to the data? You could have a workstation connecting to the folder using a different drive letter that me be causing the issues you're seeing.

If this is the case make a logon script to make sure if mapped drives get disconnected they are not joined again using a different letter, for example the Z: drive. Make the logon script delete / disconnect any incorrect drives and remap using S drive letter.
0
 
LVL 17

Expert Comment

by:WORKS2011
ID: 38716282
Another program that can cause problems if using a shared database from workstations to the server is QuickBooks, are you using this software? If so check the drive mappings and installation / configuration on each workstation running the program.
0
 
LVL 25

Expert Comment

by:Tony Giangreco
ID: 38719392
This problem occurs because the network firewall filters Kerberos traffic.

Here is alink describing the situation and resolution
http://support.microsoft.com/kb/938457
0
 
LVL 25

Expert Comment

by:Tony Giangreco
ID: 38734498
Have you made any progress?
0
 
LVL 59

Expert Comment

by:LeeTutor
ID: 38810058
I've requested that this question be deleted for the following reason:

Not enough information to confirm an answer.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Internet explorer setting not present in Gpedit.msc or regedit 17 38
KMS and XenDesktop 7.5 15 39
aws pricing 2 23
CPU at 100% usage, why? 27 74
When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup" or a blinking cursor with black screen. A loop for Auto repair will start but fix nothing.  You will be panic as there are no back…
You may have a outside contractor who comes in once a week or seasonal to do some work in your office but you only want to give him access to the programs and files he needs and keep privet all other documents and programs, can you do this on a loca…
This Micro Tutorial will go in depth within Systems and Security in Windows 7 and will go into detail regarding Action Center, Windows Firewall, System, etc. This will be demonstrated using Windows 7 operating system.
This Micro Tutorial will give you a introduction in two parts how to utilize Windows Live Movie Maker to its maximum capability. This will be demonstrated using Windows Live Movie Maker on Windows 7 operating system.

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now