Re: Network shares cannot connect

Hi Manfred,

Thanks for your input. After looking at the client machines event log id
found Event Id 1053. Did a search on the cause of this and got pointed to
checking the value of HKLM\CurrentControlSet\Control\Lsa\CrashOnAuditFail.

Problem has now hopefully been fixed.

Details:

Registry Entry HKLM\SYSTEM\CurrentControlSet\Control\Lsa\CrashOnAuditFail
had a value of 2 which means only members of the Administrators group can
log on.

Changed value to 0 just waiting to re-boot the server and test logins.

See
http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/regentry/46686.mspx?mfr=true

Regards,

Steve Perrins

Keywords: Event ID 1053, Event ID 529, failed logon, domain users


"Manfred Zhuang [MSFT]" <v-mzhuan@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:SFqfwYbAIHA.4200@xxxxxxxxxxxxxxxxxxxxxxxxx
Hello Steve,

Thank you for posting here.

From your post, I understand that after a reboot, domain users cannot
access any shares on the SBS server and following error was found in event
log:

Logon Failure:
Reason: An error occurred during logon
User Name: SERVER$
Domain: OCEANYACHTSYSTEMS.LOCAL
Logon Type: 3
Logon Process: Kerberos
Authentication Package: Kerberos
Workstation Name: -
Status code: 0xC00000DC
Substatus code: 0x0
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: 192.168.0.1
Source Port: 31789

These two problems may not be related. Based on my research, port 31789 is
generally used by Trojan or hack attacking. I would like to confirm if
192.168.0.1 is the IP address of your router. I suggest you use antivirus
software to scan the server for virus and Trojan.

Regarding the shares accessing problem, I suggest you try following steps
to see if it helps:

Firstly I suggest you reboot the server again and check if the issue
perissts. If not, let's move on:

Suggestion 1: Double confirm the permission settings:
=================================
I know all the shares cannot be accessed. However, in order to narrow down
the cause, let's focus on the Users Shared Folder first.

## Folder Name: Users Shared Folders

## Share Name: Users (Make sure the share name is called Users, NOT Users
Shared Folders)

## Sharing Permissions:
Domain Admins - Full Control
Domain Users - Full Control
SBS Folder Operators - Full Control

## NTFS Permissions:
Domain Admins - Full Control (Apply To: This folder, subfolders and files)
Domain Users - Special - Traverse Folder/Execute File, List Folder/Read
Data, Read Attributes, Read Extended Attributes, Create Folders/Append
Data, Read Permissions (Apply To: This folder and files)
NOTE: To check this permission, please click the Advanced button, select
the Domain users entry in "Permission Entries" list, click Edit button.

SBS Folder Operators - Full Control (Apply To: This folder, subfolders and
files)
System - Full Control (Apply To: This folder, subfolders and files)

Double click the permission entries, ensure following option is checked
for
Domain Users and is not checked for other entries:
Apply these permissions to objects and/or containers within this container
only.

<For each individual users, the NTFS Permissions:>
Domain Admins: Inheritable Permission
SBS Folder Operators - Inheritable Permission
System - Inheritable Permission
<Individual User>: Full Control

Please also check the permission settings of C drive:

1. Please ensure C drive is shared.
2. Ensure NTFS Permissions are set as following:

Administrators - Full Control (Apply To: This folder, subfolders and
files)
Everyone - Special - Traverse Folder/Execute File, List Folder/Read Data,
Read Attributes, Read Extended Attributes, Read Permissions (Apply To:
This
folder only)
NOTE: To check this permission, please click the Advanced button, select
the Domain users entry in "Permission Entries" list, click Edit button.
CREATOR OWNER - Full Control (Apply to: Subfolders and files only)
System - Full Control (Apply To: This folder, subfolders and files)
Users - Create Files/Wirte Data (Apply to Subfolders only)
Users - Create Folders/Append Data (Apply to This folder and subfolders)
Users - Read & Execute (Apply to This folder, subfolders and files)

After that, please check if Users Shared Folder can be accessed from the
workstation.

Suggestion 2: This issue can happen when "File and Printer Sharing for
Microsoft Networks" is not enabled on SBS internal NIC. To correct this:
============================================================================
==========
1. Open Network Connections.
2. Double click "Server Local Area Connection".
3. Click Properties.
4. Make sure that "File and Printer Sharing for Microsoft Networks" box is
checked.

Please also check it for the external NIC.

Suggestion 3: Please refer to following article to check SMB signing
settings
==============================================
You cannot open file shares or Group Policy snap-ins when you disable SMB
signing for the Workstation or Server service on a domain controller
http://support.microsoft.com/?id=839499

Suggeston 4: Force Kerberos to use TCP:
=====================
Please refer to following KB article to force Kerberos to use TCP:

How to force Kerberos to use TCP instead of UDP in Windows Server 2003, in
Windows XP, and in Windows 2000
http://support.microsoft.com/kb/244474

I hope the above information is helpful to you. However, if the issue
persists, please help me gather following information:

1. If you try running \\IPAddressOfTheServer on the client workstation,
what is the result?
2. Can the client workstation access the shares on other workstation?
3. Does the issue happen for all the workstations and all the users?
4. Try creating a new shared folder and check if it can be accessed by
domain user. Try creating a new user account and check if it can access
the
shares.

5. Please help me capture screenshots of all error messages you
encountered
on the server and the client workstations and send them to
v-mzhuan@xxxxxxxxxxxxx

To capture the image, we can perform the steps below:

(a) When the error message appears, press the Print Screen key several
times (this key is located to the right of the F12 key on the keyboard)
(b) Open Paint ['start' => 'All Programs' => 'Accessories' => 'Paint'].
(c) Click Edit (menu) -> Paste or press Ctrl + V.
(d) Click File (menu) -> Save. Save it as a .jpg or .gif file and send it
to me as an attachment.

6. Please download the MPS Report tool from the following link and run it
on both the client workstations and the SBS server, then send the
generated
CAB file to my mailbox v-mzhuan@xxxxxxxxxxxxx for further investigation so
that we can find what the root cause is:

http://download.microsoft.com/download/b/b/1/bb139fcb-4aac-4fe5-a579-30b0bd9
15706/MPSRPT_SETUPPerf.EXE

For your information:
http://www.microsoft.com/downloads/details.aspx?FamilyId=CEBF3C7C-7CA5-408F-
88B7-F9C79B7306C0&displaylang=en

Please try the above steps at your earliest convenience. If you have any
concern, please feel free to let me know.

Best regards,

Manfred Zhuang(MSFT)
Microsoft Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check
the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In
doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
=====================================================

This posting is provided "AS IS" with no warranties, and confers no
rights.
--------------------
| From: "Steve Perrins" <support@xxxxxxxxxxxxxxxxxxx>
| References: <#SnwoMFAIHA.4656@xxxxxxxxxxxxxxxxxxxx>
<#5WA4UFAIHA.4568@xxxxxxxxxxxxxxxxxxxx>
| Subject: Re: Network shares cannot connect
| Date: Wed, 26 Sep 2007 17:40:04 +0100
| Lines: 64
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.3138
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3138
| X-RFC2646: Format=Flowed; Response
| Message-ID: <OaAAlvFAIHA.4584@xxxxxxxxxxxxxxxxxxxx>
| Newsgroups: microsoft.public.windows.server.sbs
| NNTP-Posting-Host: oce001-42114-rtr-adsl-15.altohiway.com 84.252.240.15
| Path: TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP03.phx.gbl
| Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:65773
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| Thanks for such a quick response.
|
| I've been checking through the audit logs on the server and after the
| re-boot I have loads of failure audit messages like :
|
| Logon Failure:
| Reason: An error occurred during logon
| User Name: SERVER$
| Domain: OCEANYACHTSYSTEMS.LOCAL
| Logon Type: 3
| Logon Process: Kerberos
| Authentication Package: Kerberos
| Workstation Name: -
| Status code: 0xC00000DC
| Substatus code: 0x0
| Caller User Name: -
| Caller Domain: -
| Caller Logon ID: -
| Caller Process ID: -
| Transited Services: -
| Source Network Address: 192.168.0.1
| Source Port: 31789
|
| On one of the workstations the user logged on to the domain and when he
| tried to access the shared folders he was prompted for his user name and
| password. This was rejected. I then put him into Domain Admins and got
hime
| to log off and back on and he could access everything fine.
|
| Some other users when they ried to access the shared folders they
received a
| message stating that they were unauthorised or prevented access by group
| policy.
|
| Not much to go on I know.
|
| Thanks again,
|
| Steve
|
| "Lanwench [MVP - Exchange]"
| <lanwench@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message
| news:%235WA4UFAIHA.4568@xxxxxxxxxxxxxxxxxxxxxxx
| > Steve Perrins <support@xxxxxxxxxxxxxxxxxxx> wrote:
| >> Hi,
| >>
| >> After re-booting the sbs 2003 server domain users could not access
any
| >> shares including the User's Shared Folder. As a work around I put
| >> Domain Users security group into Domain Admins security group and the
| >> domain users are able to access all the shares without problem.
| >> Obvioulsy I do not want to keep this setting for very long.
| >>
| >> Cany anyone point me in the right direction as to why Domain User's
| >> group cannot access any of the shares. I have checked permissions on
| >> the shares and Domain User's does have full access.
| >>
| >> Thanks in advance,
| >>
| >> Steve Perrins
| >
| > What's the exact error message, and have you rebooted the workstations
as
| > well?
| > Event log errors would be useful.....on both server & clients.
| >
|
|
|



.