Solved

Server 2008 R2 cannot access over netwrok

Posted on 2014-10-06
24
59 Views
Last Modified: 2015-06-27
I have a Windows Server 2008 R2 machine that is not connected to the domain for security reasons, but we did setup a shared folder to be accessed by the two lead technicians on site.

All the basic stuff has been done. We are not using a blank password, file sharing with passwords has been turned on (i do not want to enable blank passwords for security purposes), it doesn't work if I use IP address. I am 1000% sure the password I am entering is accurate. I have even entered the password as both: username and as "servername\username"

I created a new local user on that machine with a new password. Same result. If I actually enter a bad username or password, I get a different error code than below. I believe it said 6d instead of 6e....

I feel like I have checked and recheck NTLM settings in GPedit over and over again. It is set to accept NTLM but also v2 if negotiated. No matter what I do
SERVER is not accessible, You might not have permission to use this network resource. Contact the administrator of this server to find out if you have access permissions.

Logon failure: user account restriction. Possible reasons are blank passwords not allowed, logon hour restrictions, or a policy restriction has been enforced.


On the server where I am trying to access, the security log has this:
An account failed to log on.

Subject:
	Security ID:		NULL SID
	Account Name:		-
	Account Domain:		-
	Logon ID:		0x0

Logon Type:			3

Account For Which Logon Failed:
	Security ID:		NULL SID
	Account Name:		administrator
	Account Domain:		bethanyhv

Failure Information:
	Failure Reason:		Unknown user name or bad password.
	Status:			0xc000006e
	Sub Status:		0xc000006e

Process Information:
	Caller Process ID:	0x0
	Caller Process Name:	-

Network Information:
	Workstation Name:	SERVERNAME
	Source Network Address:	192.168.1.4
	Source Port:		64586

Detailed Authentication Information:
	Logon Process:		NtLmSsp 
	Authentication Package:	NTLM
	Transited Services:	-
	Package Name (NTLM only):	-
	Key Length:		0

This event is generated when a logon request fails. It is generated on the computer where access was attempted.

The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).

The Process Information fields indicate which account and process on the system requested the logon.

The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
	- Transited services indicate which intermediate services have participated in this logon request.
	- Package name indicates which sub-protocol was used among the NTLM protocols.
	- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.

Open in new window


If someone can help identify what I should check to get permissions to browse shared resources on this machine I would be very grateful. I've been beating my head against a virtual wall for days now.
0
Comment
Question by:fecklessness
  • 9
  • 4
  • 3
  • +4
24 Comments
 
LVL 27

Expert Comment

by:Steve
Comment Utility
can you access any other resources with these user credentials or is it just this particular one that is inaccessible?

eg browse to '\\servername\c$' to see if you can see the admin share
or
'\\servername' for access to all shares & printers etc.
0
 

Author Comment

by:fecklessness
Comment Utility
no, it is the same results when accessing specific shares. no matter what you try to access on that server, you get the same result as described above.
0
 
LVL 42

Expert Comment

by:Davis McCarn
Comment Utility
Since it is not joined to the domain, the age old trick is to make its workgroup name match the domain name.
0
 
LVL 3

Expert Comment

by:TropicalBound
Comment Utility
What about the other way around?  Can this server access shares on the domain, with the appropriate credentials?

The firewall isn't getting in the way, is it?
0
 

Author Comment

by:fecklessness
Comment Utility
No, I have tried turning off firewall. And yes we can access shares on the domain.
0
 
LVL 3

Expert Comment

by:TropicalBound
Comment Utility
Under 'Network and Sharing Center', what type of network did you select?  If it's set to 'Public', change it to 'Work'.
0
 

Author Comment

by:fecklessness
Comment Utility
It is currently set for 'Work'.
0
 
LVL 27

Expert Comment

by:Steve
Comment Utility
the error does appear to be specific to credentials. have you tried creating a new user and seeing if that works?
Reset the password to see if it helps?
Check the password isn't 'expired'?
0
 

Author Comment

by:fecklessness
Comment Utility
I tried that  -  "I created a new local user on that machine with a new password. Same result. If I actually enter a bad username or password, I get a different error code than below. I believe it said 6d instead of 6e...."
0
 
LVL 42

Expert Comment

by:Davis McCarn
Comment Utility
Did you change the workgroup name to match the domain?
0
 

Author Comment

by:fecklessness
Comment Utility
Yes. This had no positive effect.

Here's where I am at so far. I have access but I had to enable the guest account...

Go to gpedit.msc, Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options

Set Guest Account Status: Enabled

Set Network access: Sharing and security model for local accounts to Classic (already was this but I checked to confirm)

Check Access remotely, it works using "servername\username" and password

Set Guest Account Status to disabled and access is denied again. So it only works if I enable guest, even though I am apparently using the classic form of authentication which requires username/password.
0
Do email signature updates give you a headache?

Do you feel like you are constantly making changes to email signatures? Are the images not formatting how you want them to? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today.

 
LVL 15

Expert Comment

by:joharder
Comment Utility
Are you attempting to RDP into the server?  If so, is Remote Desktop enabled (it is disabled by default)?  Set Remote Desktop to allow connections for computers running any version of RDP.
0
 

Author Comment

by:fecklessness
Comment Utility
no RDP, just trying to access shares
0
 
LVL 42

Expert Comment

by:Davis McCarn
Comment Utility
Hmmmmm.......
What happens if you create an AD user account that exactly matches one on this server and try using it from a workstation?
0
 

Author Comment

by:fecklessness
Comment Utility
Steps taken:
- GPEDIT, disabled Guest Account
- create matching user in AD
- try using credentials again to access non-domain fileserver

NOPE
0
 
LVL 15

Expert Comment

by:joharder
Comment Utility
Are you attempting to access the share via IP or server name?  If the latter, is there a DNS entry?

Try remapping the shares and give everyone access.  If that works, just enable the specific users and then delete the everyone access.

Double check your anti-virus and firewall.  Maybe they are doing some overtime protecting you?
0
 
LVL 42

Expert Comment

by:Davis McCarn
Comment Utility
"Steps taken:
 - GPEDIT, disabled Guest Account
 - create matching user in AD
 - try using credentials again to access non-domain fileserver"

You left out #3, login to workstation with same credentials before " - try using credentials again to access non-domain fileserver"
0
 
LVL 15

Expert Comment

by:joharder
Comment Utility
One more thing: on the NIC, is file and printer sharing enabled?
0
 
LVL 27

Expert Comment

by:Steve
Comment Utility
is there any chance that you or anyone else has amended local group policy on this server in the past? should work by default, but there are many settings in local group policy that could cause this.

try running gpresult /h result.html and looking at the results for any security/access settings.
0
 

Author Comment

by:fecklessness
Comment Utility
Good idea. We had amended some network access settings regarding NTLM previously but we did reset those settings. Running GPRESULT doesn't indicate any of those settings being applied now though. The only real rule I see being applied is allowing RDP which has nothing to do with my problem....

Yes File & Printer sharing is enabled.

@DavidMcCarn completed steps as described, logging in with same credentials and accessing the non-domain server. No positive effect.
0
 
LVL 11

Expert Comment

by:hecgomrec
Comment Utility
I will start my recommendation saying that you should bring the machine to basic installation (re-install).  Then create the accounts of the Tech people on the machine (notice I said machine) as administrators.  Create the share either using "Share an Storage Management" or properties using the file explorer.  Once you have finished and tested that users can access the shares then you can start playing around with the Group Policy.

Now, if the machine is out of the domain and only local users are going to have access to it, I find it redundant to play with GP if only administrators have access to it... unless you don't trust them!!!! ;)
0
 

Accepted Solution

by:
fecklessness earned 0 total points
Comment Utility
None of this worked, we have resorted to enabling the Guest user, even though we are using a username and password to access the shared folders this is the only way it works. I have renamed the Guest user so at least it is much harder for someone to hack that I hope!. Thanks for all the suggestions, I wish one of them worked out.
0
 
LVL 34

Expert Comment

by:Seth Simmons
Comment Utility
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Failed 2008r2 6 80
Script is not working 3 25
PCI scan - CIFS NULL Session Permitted 10 28
ACTIVE DIRECTORY 4 23
If you migrate a Terminal Server licenses server inside the 2008 server family, you can takte advantage of the build-in migration tool. If you like to migrate an older 2003 Server (and the installed client CALs) to a 2008 R2 server for example, you …
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now