Link to home
Create AccountLog in
Avatar of DanJourno
DanJournoFlag for United Kingdom of Great Britain and Northern Ireland

asked on

SBS 2003: Unknown user name or bad password

Hi,

I have a client using SBS 2003. They have a remote user who dials in via VPN to access files, and also has an Exchange account.

They are able to connect to the VPN and is able to log into her emails using Outlook Web Access.

However, when she tries to access the network shared folder on the SBS 2003 machine, she gets a Network Login prompt. The prompt is not accepting her login details. I've checked and all Authenticated Users have access to that folder.

Also, she's unable to connect her Outlook over HTTPS and her mobile is also not syncronising. She gets the same repeated login prompt. All other users are working fine.

The Event Log shows this when she tries to log in:-
Event Type:	Failure Audit
Event Source:	Security
Event Category:	Logon/Logoff 
Event ID:	529
Date:		09/07/2013
Time:		10:19:22
User:		NT AUTHORITY\SYSTEM
Computer:	SERVER
Description:
Logon Failure:
 	Reason:		Unknown user name or bad password
 	User Name:	vanessa
 	Domain:		company.local
 	Logon Type:	3
 	Logon Process:	NtLmSsp 
 	Authentication Package:	NTLM
 	Workstation Name:	PC12
 	Caller User Name:	-
 	Caller Domain:	-
 	Caller Logon ID:	-
 	Caller Process ID:	-
 	Transited Services:	-
 	Source Network Address:	2.x.x.217
 	Source Port:	49482


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Open in new window


I've tried resetting her password and her account is not locked. Since she can authenticate to the VPN and also to Outlook Web Access, I'm at a bit of a loss as to what could be wrong.

I've also tried creating a new user, and the new user also can't log in.

Also, I've tried the same login details from a different remote PC and could log in without any problems.

Any help would be appreciated.

Thanks
Dan
Avatar of Raj-GT
Raj-GT
Flag of United Kingdom of Great Britain and Northern Ireland image

As you were able to log in from a different PC with the same login details, I'd be tempted to say the problem is not the account.

Is the remote PC you tested from running a different OS to the problem PC?
Have you checked the DNS settings, VPN policies and keyboard mappings (in case the password uses special characters)?

Thanks.
Avatar of DanJourno

ASKER

Ive tested the keyboard mapping by typing the password details into notepad. No problems there.

I tested the login details using my PC which is on a different network and is Windows 7.

The problem PC is also Windows 7. Surely, once the VPN is established and I'm accessing the network share using its private IP address, DNS shouldn't be an issue.

I've not set any VPN policies as far as I'm aware. Also, the event logged seems to say that the password is simply incorrect (which its not).
Hi Dan,

There are a few things to check:

1. Check that she has directory permissions to the shared folder (right click the folder, Properties, Security), as well as sharing permissions to the share itself.

2. When entering the username and password, try copying and pasting them from Notepad so that you can eliminate keyboard or typing errors.

3. When entering the username, ensure that you use the full domain name e.g Company\vanessa

4. The real cause is most likely that she will not be classed as an Authenticated User, not being logged on to the domain. Add her user account separately to the Directory permissions as well as the Sharing permissions.
adriaanvw, all of your suggestions are incorrect.

As I explained, I've tried the login details on another PC and they work fine.

The user can authenticate to the VPN so the username and password are being entered correctly. And I've tried copying and pasting to ensure this, with no luck.
Have you checked for malware on her PC. The DNS suggestion was to check for any misconfigurations with split tunneling, I would also check the hosts file just in case. Also is the VPN using AD authentication?
Scanning for malware now.

The hosts file is empty.

DNS is set to automatically assign.

VPN is the one built into SBS so its using Active Directory for authentication.
I've found a KB article for the event log entry on the 2003 server. Looks like the reason she is unable to connect is not due to permissions after all.

http://support.microsoft.com/kb/811082

I would suggest you check the permissions at the share and NTFS levels and check the firewalls (SBS 2003 premium comes with ISA server).

Also if her machine was previously joined to this domain, remove test and re-add.
SBS is up to date with the latest service packs so that link is irrelevant.

Its a remote PC thats never been on the domain.

ISA is not installed and other remote users are working fine.
Can you try authenticating with domain\username instead of just the username for both Outlook over HTTP and network share access. Is she using the same username for both her domain account and the local account on that machine by any chance?
Same username for both. And same password.

I've tried using domain/username but no luck there.
ASKER CERTIFIED SOLUTION
Avatar of DanJourno
DanJourno
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
Do'h. Explains why HTTP auth worked (OWA and VPN website) but NTML and kerberos failed. We've been blind :-p
I spotted it when I went to do a System Restore and found that the Restore dates were all wrong.
Thanks for all your help.
Found the solution