RE: Cached Password Issue???
- From: v-crinal@xxxxxxxxxxxxxxxxxxxx ("Crina Li")
- Date: Fri, 02 Dec 2005 06:08:42 GMT
Hi Gcamorli,
Thank you for posting in SBS newsgroup.
>From the description, I understand the issue to be: user got event 1006 and
1030 when they log on to SBS domain. They can log on to SBS domain,
however, they can not access shares on the server. If I have misunderstood
your concerns, please do not hesitate to let me know.
Based on my research, I suspect the event 1030/1006 problem is very likely
related to either of the following problems:
1. DNS name resolution.
2. Corrupt user profiles.
Let's check DNS settings first.
Check DNS name resolution:
----------------------------------
Windows 2000/2003 AD domains rely on DNS for name resolution. If there is
no internal DNS server, the DC cannot register their SRV, A records on the
DNS zone and therefore the other client machines and member servers will be
unable to locate the directory services.
Basically, we should ensure the following:
1. Please help me confirm if you have followed the steps to configure SBS:
1) Leave the Default Gateway of the internal NIC blank.
2) Configure both the internal NIC and the external NIC to use the internal
DNS Service as the DNS Server.
3) On the DNS Server, create the DNS Forwarder to forward the external DNS
resolution requests to the ISP's DNS server. See:
323380 How to configure DNS for Internet access in Windows Server 2003
http://support.microsoft.com/?id=323380
4) Strictly followed the instructions in the KB article below to run CEICW:
825763 How to configure Internet access in Windows Small Business Server
2003
http://support.microsoft.com/?id=825763
2. All client computers should be pointed to internal DNS servers for DNS
name resolution.
Therefore, we need to check the TCP/IP settings on all computers and point
them to the internal DNS server as the "Preferred DNS Server".
3. Check if the Forward Lookup Zone has Dynamic Updates set to None:
1) Click Start -> All Programs -> Administrative Tools -> DNS.
2) Expand Forward Lookup Zones, right-click the zone and select Properties.
3) On the General tab, set Dynamic updates to Nonsecure and secure.
4. After performing the above steps, we can run the following commands on
the DC to create SRV records:
net stop netlogon
net start netlogon
Then please open the DNS management snap-in and browse to
DNS\<ServerName>\Forward Lookup Zones\YourDomain.local\. There should be
new subfolders: _msdcs, _sites, _tcp, _udp, DomainDnsZones and
ForestDnsZones.
After performing the above steps, please restart the problematic machine
and check if the problem has been resolved.
If the problem still occurs, would you please help me collect the following
information?
1. On the SBS server, open Server Management, click Users, right-click the
user and click Change Password. Can you log on with the new password and
access shares?
2. Can you log on to the domain as a domain administrator from the Windows
XP computer and access shares?
3. On the SBS server, check if the user has sufficient NTFS permissions and
Share permissions to the "C:\WINDOWS\SYSVOL\sysvol" folder.
4. You said "I can manually connect to shares if I supply the same
credentials", can you describe how you access the shares manually?
Thanks for your time and I look forward to hearing from you.
Best regards,
Crina Li (MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| From: "gcamorli" <gcamorli@xxxxxxxxxxx>
| Newsgroups: microsoft.public.windows.server.sbs
| Subject: Cached Password Issue???
| Date: 1 Dec 2005 09:30:23 -0800
| Organization: http://groups.google.com
| |
| Same issue as
| 1. Roman B
| Apr 20 2004, 1:09 pm show options
|
| Newsgroups: microsoft.public.windows.server.sbs
| From: "Roman B" <rom...@xxxxxxxxxxx> - Find messages by this author
| Date: Tue, 20 Apr 2004 12:08:01 -0700
| Local: Tues, Apr 20 2004 1:08 pm
| Subject: Cached Password Issue???
| Reply to Author | Forward | Print | Individual Message | Show original
| | Report Abuse
|
| I have a notebook(XP PRO SP1)user who is unable to login
| to the domain. They are supplying the correct credentials
| at logon but are unable to connect to shares on the
| server. I have even gone as far as resetting the users
| password with a prompt for them to change it at next
| logon, which they get prompted to do, however they still
| cannot browse the server. I can manually connect to
| shares if I supply the same credentials however. I looked
| at the event viewer on the server and notice on the
| security log indicates an security fault indicating this
| user tried to authenticate with either an incorrect
| username or password. If I look at the users event log on
| their XP Notebook, I get the following entries:
|
|
| anyone know what is going on and how to fix this?
|
|
| Event Type: Error
| Event Source: Userenv
| Event Category: None
| Event ID: 1006
| Date: 4/16/2004
| Time: 7:19:33 PM
| User: TVPA\user1
| Computer: CPU1
| Description:
| Windows cannot bind to TVPA.local domain. (Invalid
| Credentials). Group Policy processing aborted.
|
|
| Event Type: Error
| Event Source: Userenv
| Event Category: None
| Event ID: 1030
| Date: 4/16/2004
| Time: 7:19:33 PM
| User: TVPA\user1
| Computer: CPU1
| Description:
| Windows cannot query for the list of Group Policy
| objects. A message that describes the reason for this was
| previously logged by the policy engine.
| ++++++++++++++++++++++++++++++++++
| Additional notes: This issue started after we implemented Active
| Directory in our environment.
| We are on Windows XP/SP2. and use Group Policies.
| It happenst intermitently and affects different accounts at different
| times. Usually after password is being changed, and to those who log
| into multiple computers. Sometimes in the middle of work, then if
| trying to browse a network drive I receive access denied.
| Please advise. This is a serious problem.
|
|
.
- References:
- Cached Password Issue???
- From: gcamorli
- Cached Password Issue???
- Prev by Date: Re: Fax server failing to route to email.
- Next by Date: RE: Moving from NT 4 Domain to SBS2003
- Previous by thread: Cached Password Issue???
- Next by thread: RE: DNS Replication: Added Server 2003 to my WLAN
- Index(es):
Relevant Pages
|
Loading
