Re: Share access error
- From: nilsoberg@xxxxxxxxx
- Date: 22 Jan 2007 12:28:41 -0800
Hi Mike,
Looking into this problem a little more in depth, it appears that the
primary users username and password are sent three times in succession
upon share access, all with invalid username or password. Then,
according to domain policies, the account is locked out. When the
account is unlocked, if a different user tries to access the share,
even with putting in their username and password, the original username
and password are sent.
The first time the computer is accessed from the given computer, the
security event log on the server has:
==============================================================
Event Type: Success Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 540
Date: 1/22/2007
Time: 2:22:12 PM
User: NT AUTHORITY\ANONYMOUS LOGON
Computer: ...
Description:
Successful Network Logon:
User Name:
Domain:
Logon ID: (0x0,0x7FC75)
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: JOSH
Logon GUID: -
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: ...
Source Port: 0
==============================================================
Immediately afterwards there is either a locked out or invalid password
entry:
==============================================================
Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 529
Date: 1/22/2007
Time: 2:18:20 PM
User: NT AUTHORITY\SYSTEM
Computer: ...
Description:
Logon Failure:
Reason: Unknown user name or bad password
User Name: cantone2
Domain: ...
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: JOSH
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: ...
Source Port: 0
==============================================================
or
==============================================================
Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 539
Date: 1/22/2007
Time: 2:22:12 PM
User: NT AUTHORITY\SYSTEM
Computer: ...
Description:
Logon Failure:
Reason: Account locked out
User Name: cantone2
Domain: ...
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: JOSH
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: ...
Source Port: 0
==============================================================
Any thoughts?
Thanks for your help!
Nils
Miha Pihler [MVP] wrote:
Hi,
Can you check the event logs on this laptop, specially Application and
System logs. Are there any errors there?
--
Mike
Microsoft MVP - Windows Security
<nilsoberg@xxxxxxxxx> wrote in message
news:1165340851.142193.227090@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hi,
I have an issue with a certain laptop accessing shares on a Windows
2003 Standard server. The server is joined to a large Active
Directory. I have two networks set up. One is for wireless access, so
a laptop user can walk up and connect to the network via wireless;
machines in this network are outside of the AD. The second is a more
restrictive network for workstations; the server is on this network.
When this certain laptop (Windows XP Pro) attempts to connect to the
server, it prompts for a username and password. However, putting in
the correct username/password combination (with the domain preceding
the username of course, i.e. AD\username) for any valid user is
rejected. (Doing this a few times results in the account being locked
out.) When I follow the same procedure with any other laptop
connecting through the wireless network to the server, the connection
succeeds. This error began occurring when the user on the laptop
changed their AD password.
Does anyone have any ideas what is occurring here?
Thanks!
Nils
.
- Prev by Date: Re: Mulitple Web Sites (IIS and Apache) and SSL
- Next by Date: Re: Services listening on all ports?
- Previous by thread: Config Windows Time Service in 2000 AD
- Next by thread: IIS default install giving authentication error
- Index(es):
Relevant Pages
|
