Re: Cached Credentials causing problems with shares?

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

Also note, cached credentials only log you in locally, they don't extend
beyond so you will always have to enter a user Id and password once you
attempt to gain access to any object beyond your local machine.

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.

"Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
news:ff16fb6627d9b8cbbdfc982102e1@xxxxxxxxxxxxxxxxxxxxxxx
Hello AJ,

Please post an unedited ipconfig /all from the DC/DNS and the problem
machine, so we can exclude DNS as an issue. Also run netdiag /test:dns and
dcdiag /v /c /e

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

I've never had issues with cached credentials connecting to shares in
the past. Recently something has changed and I'm getting some weird
messages. This is the error i'm getting in event viewer when trying to
connect to shares.

The Security System detected an attempted downgrade attack for server
cifs/gss-dc3. The failure code from authentication protocol Kerberos
was
"There are currently no logon servers available to service the logon
request.
(0xc000005e)".
The main problem is with the cached credentials when trying to connect
to a share it will error out with this error:

"Logon Unsuccessful: The user name you typed is the same as the user
name you logged in with. That user name has already been tried. A
domain controller cannot be found to verify that user name."

If I try to map the drive with another domain user it works fine so it
does have a connection with the DC. It is almost as if there is some
kerberos problem.





.

Relevant Pages

  • Re: access granted after lock out
    ... Interactive logon: Number of previous logons to cache ... You cannot log on to a computer that is using cached credentials after you change your password by using a domain controller ... her account was locked out on all three. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Cached Credentials causing problems with shares?
    ... The failure code from authentication protocol Kerberos ... "There are currently no logon servers available to service the logon ... domain controller cannot be found to verify that user name." ...
    (microsoft.public.windows.server.active_directory)
  • Re: profile logon problem
    ... I'd imagine that if the user has also been using a local account, ... > the time of the last logon. ... > cached credentials are used instead of the updated credentials from the ... > communicate with a domain controller will not be allowed to enter into the ...
    (microsoft.public.win2000.security)
  • Re: User logon with domain not available
    ... >> Is it possible to logon on a Windows XP pro worstation if ... >> I can't access the domain controller. ... wording in the documentation for cached credentials, ... Microsoft MVP Scripting and WMI, ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Mandatory assignments, "Logon" switch
    ... client until user logs on the client (without cached credentials). ... requesting policy. ... > It is not a problem if users logon using cached credentials but you should ...
    (microsoft.public.sms.swdist)