RE: Trend, IIS, Permissions, Exhaustion and close to very bad language :-) Heelp!

Hi Andrew,


Thank you for posting here.

According to your description, I understand when you logon on Company web
or http://192.168.17.2:8059/smb from TSWAS01, you get the error id 527 on
your SBS Server's security log.
First of all, please help me to collect the following information for
further research:
I would like to confirm that the Source Network Address in this event.
Does the IP address point your Windows XP clients or SBS Server?
Is the IP address of the Windows XP client or server that in your network?
If you logon on company web using another workstation, does this event
error appear?

Please perform the following steps to narrow down this issue
1. Logon on the source computer (please check the source network address)
Scenario 1 SBS Server
,Locate Start---Settings---Control Panel, open Stored user names and
passwords console highlight your logon information and click remove.

Scenario 2 Windows XP client
Locate Start---Control Panel, open User accounts console, go to advanced
tab, click manage passwords, highlight your logon information and click
remove.
Then Open your IE on your client, locate tools---Internet Options---go to
Content tab, click AutoComplete, then click Clear Passwords. Click OK to
exit.

After that reboot the computer, please verify this issue.


In addition because the Windows XP computer tries to use Kerberos
authentication before using NTLM authentication, the computer tries to
contact the Windows 2003 domain controller by using Kerberos. information,
I suspect that the client is failing to authenticate to the domain
controller because there is a time difference (greater than 5 minutes)
between the two computers. Thus, the Kerberos authentication fails as it is
unable to pass the time verification.

So, please log into Windows XP client and double check to make sure that
the time, data, and year are the same to that on Windows 2003 domain
controller. Please notice that they may be in different time zone.
Otherwise, you can configure time service on the XP Professional to
synchronize time from the server. By default, the DC is the time server and
it has this service enabled. Refer to the following article.

314054 How to Configure an Authoritative Time Server in Windows XP
http://support.microsoft.com/?id=314054


I also suggest you to check if the Time service on SBS 2k3 server is
disabled. If it is disabled, please also refer to the following information:

1. Go to the SBS 2003 server, check the time zone setting. Make sure the
time zone setting is correct.

2. Open ''Services'' console in ''Administrative Tools''. In the services
console, double-click ''Windows Time''. If the startup type is
''Disabled'', please change it to ''Automatic'' and then click ''Start''
button to start this service.

3. Start-->Run-->Type ''regedit'' (without the quotation marks) and press
Enter. In the Registry Editor, navigate to the following key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters

In the right panel, double-click ''Type''. If the value data is ''NoSync'',
change it to ''Nt5DS''. Go to services console, restart the Windows Time
service.

4. After doing the above steps, reboot the client workstations and then try
to logon the domain.


Hope this helps. If you have other concerns or need more help, just post
back to let me know. I look forward to your update.

Have a nice day!



Best Regards,

Chace Zhang (MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.

=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

.