Re: Network shares cannot connect

Hi Steve,

Thank you for your reply and the detailed additional feedback on how you
were successful in resolving this issue. Your solution will benefit many
other users, and we really value having you as a Microsoft customer.

I'd like to make a summary for this post here:

Issue:
========
After a reboot, domain users cannot access any shares on the SBS server,
but domain admins can.

Cause:
=======
On the server, HKLM\SYSTEM\CurrentControlSet\Control\Lsa\CrashOnAuditFail
had a value of 2 which means only members of the Administrators group can
log on.

Resolution:
=======
Changed the value to 0 and then reboot the server.

If you have any other questions or concerns, please do not hesitate to
contact us. It is always our pleasure to be of assistance.

Have a nice day!

Best regards,

Manfred Zhuang(MSFT)
Microsoft Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| From: "Steve Perrins" <support@xxxxxxxxxxxxxxxxxxx>
| References: <#SnwoMFAIHA.4656@xxxxxxxxxxxxxxxxxxxx>
<#5WA4UFAIHA.4568@xxxxxxxxxxxxxxxxxxxx>
<OaAAlvFAIHA.4584@xxxxxxxxxxxxxxxxxxxx>
<SFqfwYbAIHA.4200@xxxxxxxxxxxxxxxxxxxxxx>
<#SQupKcAIHA.4476@xxxxxxxxxxxxxxxxxxxx>
| Subject: Re: Network shares cannot connect
| Date: Fri, 28 Sep 2007 15:26:40 +0100
| Lines: 343
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.3138
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3138
| X-RFC2646: Format=Flowed; Response
| Message-ID: <OsT5XudAIHA.4612@xxxxxxxxxxxxxxxxxxxx>
| Newsgroups: microsoft.public.windows.server.sbs
| NNTP-Posting-Host: host86-145-28-8.range86-145.btcentralplus.com
86.145.28.8
| Path: TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP03.phx.gbl
| Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:66209
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| Quick update - Problem fixed by changing registry key and re-booting
|
| "Steve Perrins" <support@xxxxxxxxxxxxxxxxxxx> wrote in message
| news:%23SQupKcAIHA.4476@xxxxxxxxxxxxxxxxxxxxxxx
| > Hi Manfred,
| >
| > Thanks for your input. After looking at the client machines event log
id
| > found Event Id 1053. Did a search on the cause of this and got pointed
to
| > checking the value of
HKLM\CurrentControlSet\Control\Lsa\CrashOnAuditFail.
| >
| > Problem has now hopefully been fixed.
| >
| > Details:
| >
| > Registry Entry
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\CrashOnAuditFail
| > had a value of 2 which means only members of the Administrators group
can
| > log on.
| >
| > Changed value to 0 just waiting to re-boot the server and test logins.
| >
| > See
| >
http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/regentry
/46686.mspx?mfr=true
| >
| > Regards,
| >
| > Steve Perrins
| >
| > Keywords: Event ID 1053, Event ID 529, failed logon, domain users
| >
| >
| > "Manfred Zhuang [MSFT]" <v-mzhuan@xxxxxxxxxxxxxxxxxxxx> wrote in
message
| > news:SFqfwYbAIHA.4200@xxxxxxxxxxxxxxxxxxxxxxxxx
| >> Hello Steve,
| >>
| >> Thank you for posting here.
| >>
| >> From your post, I understand that after a reboot, domain users cannot
| >> access any shares on the SBS server and following error was found in
| >> event
| >> log:
| >>
| >> Logon Failure:
| >> Reason: An error occurred during logon
| >> User Name: SERVER$
| >> Domain: OCEANYACHTSYSTEMS.LOCAL
| >> Logon Type: 3
| >> Logon Process: Kerberos
| >> Authentication Package: Kerberos
| >> Workstation Name: -
| >> Status code: 0xC00000DC
| >> Substatus code: 0x0
| >> Caller User Name: -
| >> Caller Domain: -
| >> Caller Logon ID: -
| >> Caller Process ID: -
| >> Transited Services: -
| >> Source Network Address: 192.168.0.1
| >> Source Port: 31789
| >>
| >> These two problems may not be related. Based on my research, port
31789
| >> is
| >> generally used by Trojan or hack attacking. I would like to confirm if
| >> 192.168.0.1 is the IP address of your router. I suggest you use
antivirus
| >> software to scan the server for virus and Trojan.
| >>
| >> Regarding the shares accessing problem, I suggest you try following
steps
| >> to see if it helps:
| >>
| >> Firstly I suggest you reboot the server again and check if the issue
| >> perissts. If not, let's move on:
| >>
| >> Suggestion 1: Double confirm the permission settings:
| >> =================================
| >> I know all the shares cannot be accessed. However, in order to narrow
| >> down
| >> the cause, let's focus on the Users Shared Folder first.
| >>
| >> ## Folder Name: Users Shared Folders
| >>
| >> ## Share Name: Users (Make sure the share name is called Users, NOT
Users
| >> Shared Folders)
| >>
| >> ## Sharing Permissions:
| >> Domain Admins - Full Control
| >> Domain Users - Full Control
| >> SBS Folder Operators - Full Control
| >>
| >> ## NTFS Permissions:
| >> Domain Admins - Full Control (Apply To: This folder, subfolders and
| >> files)
| >> Domain Users - Special - Traverse Folder/Execute File, List Folder/Read
| >> Data, Read Attributes, Read Extended Attributes, Create Folders/Append
| >> Data, Read Permissions (Apply To: This folder and files)
| >> NOTE: To check this permission, please click the Advanced button,
select
| >> the Domain users entry in "Permission Entries" list, click Edit button.
| >>
| >> SBS Folder Operators - Full Control (Apply To: This folder, subfolders
| >> and
| >> files)
| >> System - Full Control (Apply To: This folder, subfolders and files)
| >>
| >> Double click the permission entries, ensure following option is
checked
| >> for
| >> Domain Users and is not checked for other entries:
| >> Apply these permissions to objects and/or containers within this
| >> container
| >> only.
| >>
| >> <For each individual users, the NTFS Permissions:>
| >> Domain Admins: Inheritable Permission
| >> SBS Folder Operators - Inheritable Permission
| >> System - Inheritable Permission
| >> <Individual User>: Full Control
| >>
| >> Please also check the permission settings of C drive:
| >>
| >> 1. Please ensure C drive is shared.
| >> 2. Ensure NTFS Permissions are set as following:
| >>
| >> Administrators - Full Control (Apply To: This folder, subfolders and
| >> files)
| >> Everyone - Special - Traverse Folder/Execute File, List Folder/Read
Data,
| >> Read Attributes, Read Extended Attributes, Read Permissions (Apply To:
| >> This
| >> folder only)
| >> NOTE: To check this permission, please click the Advanced button,
select
| >> the Domain users entry in "Permission Entries" list, click Edit button.
| >> CREATOR OWNER - Full Control (Apply to: Subfolders and files only)
| >> System - Full Control (Apply To: This folder, subfolders and files)
| >> Users - Create Files/Wirte Data (Apply to Subfolders only)
| >> Users - Create Folders/Append Data (Apply to This folder and
subfolders)
| >> Users - Read & Execute (Apply to This folder, subfolders and files)
| >>
| >> After that, please check if Users Shared Folder can be accessed from
the
| >> workstation.
| >>
| >> Suggestion 2: This issue can happen when "File and Printer Sharing for
| >> Microsoft Networks" is not enabled on SBS internal NIC. To correct
this:
| >>
============================================================================
| >> ==========
| >> 1. Open Network Connections.
| >> 2. Double click "Server Local Area Connection".
| >> 3. Click Properties.
| >> 4. Make sure that "File and Printer Sharing for Microsoft Networks"
box
| >> is
| >> checked.
| >>
| >> Please also check it for the external NIC.
| >>
| >> Suggestion 3: Please refer to following article to check SMB signing
| >> settings
| >> ==============================================
| >> You cannot open file shares or Group Policy snap-ins when you disable
SMB
| >> signing for the Workstation or Server service on a domain controller
| >> http://support.microsoft.com/?id=839499
| >>
| >> Suggeston 4: Force Kerberos to use TCP:
| >> =====================
| >> Please refer to following KB article to force Kerberos to use TCP:
| >>
| >> How to force Kerberos to use TCP instead of UDP in Windows Server
2003,
| >> in
| >> Windows XP, and in Windows 2000
| >> http://support.microsoft.com/kb/244474
| >>
| >> I hope the above information is helpful to you. However, if the issue
| >> persists, please help me gather following information:
| >>
| >> 1. If you try running \\IPAddressOfTheServer on the client workstation,
| >> what is the result?
| >> 2. Can the client workstation access the shares on other workstation?
| >> 3. Does the issue happen for all the workstations and all the users?
| >> 4. Try creating a new shared folder and check if it can be accessed by
| >> domain user. Try creating a new user account and check if it can
access
| >> the
| >> shares.
| >>
| >> 5. Please help me capture screenshots of all error messages you
| >> encountered
| >> on the server and the client workstations and send them to
| >> v-mzhuan@xxxxxxxxxxxxx
| >>
| >> To capture the image, we can perform the steps below:
| >>
| >> (a) When the error message appears, press the Print Screen key several
| >> times (this key is located to the right of the F12 key on the keyboard)
| >> (b) Open Paint ['start' => 'All Programs' => 'Accessories' => 'Paint'].
| >> (c) Click Edit (menu) -> Paste or press Ctrl + V.
| >> (d) Click File (menu) -> Save. Save it as a .jpg or .gif file and send
it
| >> to me as an attachment.
| >>
| >> 6. Please download the MPS Report tool from the following link and run
it
| >> on both the client workstations and the SBS server, then send the
| >> generated
| >> CAB file to my mailbox v-mzhuan@xxxxxxxxxxxxx for further
investigation
| >> so
| >> that we can find what the root cause is:
| >>
| >>
http://download.microsoft.com/download/b/b/1/bb139fcb-4aac-4fe5-a579-30b0bd9
| >> 15706/MPSRPT_SETUPPerf.EXE
| >>
| >> For your information:
| >>
http://www.microsoft.com/downloads/details.aspx?FamilyId=CEBF3C7C-7CA5-408F-
| >> 88B7-F9C79B7306C0&displaylang=en
| >>
| >> Please try the above steps at your earliest convenience. If you have
any
| >> concern, please feel free to let me know.
| >>
| >> Best regards,
| >>
| >> Manfred Zhuang(MSFT)
| >> Microsoft Online Newsgroup Support
| >>
| >> Get Secure! - www.microsoft.com/security
| >>
| >> =====================================================
| >> This newsgroup only focuses on SBS technical issues. If you have issues
| >> regarding other Microsoft products, you'd better post in the
| >> corresponding
| >> newsgroups so that they can be resolved in an efficient and timely
| >> manner.
| >> You can locate the newsgroup here:
| >> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| >>
| >> When opening a new thread via the web interface, we recommend you
check
| >> the
| >> "Notify me of replies" box to receive e-mail notifications when there
are
| >> any updates in your thread. When responding to posts via your
newsreader,
| >> please "Reply to Group" so that others may learn and benefit from your
| >> issue.
| >>
| >> Microsoft engineers can only focus on one issue per thread. Although we
| >> provide other information for your reference, we recommend you post
| >> different incidents in different threads to keep the thread clean. In
| >> doing
| >> so, it will ensure your issues are resolved in a timely manner.
| >>
| >> For urgent issues, you may want to contact Microsoft CSS directly.
Please
| >> check http://support.microsoft.com for regional support phone numbers.
| >>
| >> Any input or comments in this thread are highly appreciated.
| >> =====================================================
| >>
| >> This posting is provided "AS IS" with no warranties, and confers no
| >> rights.
| >> --------------------
| >> | From: "Steve Perrins" <support@xxxxxxxxxxxxxxxxxxx>
| >> | References: <#SnwoMFAIHA.4656@xxxxxxxxxxxxxxxxxxxx>
| >> <#5WA4UFAIHA.4568@xxxxxxxxxxxxxxxxxxxx>
| >> | Subject: Re: Network shares cannot connect
| >> | Date: Wed, 26 Sep 2007 17:40:04 +0100
| >> | Lines: 64
| >> | X-Priority: 3
| >> | X-MSMail-Priority: Normal
| >> | X-Newsreader: Microsoft Outlook Express 6.00.2900.3138
| >> | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3138
| >> | X-RFC2646: Format=Flowed; Response
| >> | Message-ID: <OaAAlvFAIHA.4584@xxxxxxxxxxxxxxxxxxxx>
| >> | Newsgroups: microsoft.public.windows.server.sbs
| >> | NNTP-Posting-Host: oce001-42114-rtr-adsl-15.altohiway.com
84.252.240.15
| >> | Path:
TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP03.phx.gbl
| >> | Xref: TK2MSFTNGHUB02.phx.gbl
microsoft.public.windows.server.sbs:65773
| >> | X-Tomcat-NG: microsoft.public.windows.server.sbs
| >> |
| >> | Thanks for such a quick response.
| >> |
| >> | I've been checking through the audit logs on the server and after the
| >> | re-boot I have loads of failure audit messages like :
| >> |
| >> | Logon Failure:
| >> | Reason: An error occurred during logon
| >> | User Name: SERVER$
| >> | Domain: OCEANYACHTSYSTEMS.LOCAL
| >> | Logon Type: 3
| >> | Logon Process: Kerberos
| >> | Authentication Package: Kerberos
| >> | Workstation Name: -
| >> | Status code: 0xC00000DC
| >> | Substatus code: 0x0
| >> | Caller User Name: -
| >> | Caller Domain: -
| >> | Caller Logon ID: -
| >> | Caller Process ID: -
| >> | Transited Services: -
| >> | Source Network Address: 192.168.0.1
| >> | Source Port: 31789
| >> |
| >> | On one of the workstations the user logged on to the domain and when
he
| >> | tried to access the shared folders he was prompted for his user name
| >> and
| >> | password. This was rejected. I then put him into Domain Admins and
got
| >> hime
| >> | to log off and back on and he could access everything fine.
| >> |
| >> | Some other users when they ried to access the shared folders they
| >> received a
| >> | message stating that they were unauthorised or prevented access by
| >> group
| >> | policy.
| >> |
| >> | Not much to go on I know.
| >> |
| >> | Thanks again,
| >> |
| >> | Steve
| >> |
| >> | "Lanwench [MVP - Exchange]"
| >> | <lanwench@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
| >> message
| >> | news:%235WA4UFAIHA.4568@xxxxxxxxxxxxxxxxxxxxxxx
| >> | > Steve Perrins <support@xxxxxxxxxxxxxxxxxxx> wrote:
| >> | >> Hi,
| >> | >>
| >> | >> After re-booting the sbs 2003 server domain users could not
access
| >> any
| >> | >> shares including the User's Shared Folder. As a work around I put
| >> | >> Domain Users security group into Domain Admins security group and
| >> the
| >> | >> domain users are able to access all the shares without problem.
| >> | >> Obvioulsy I do not want to keep this setting for very long.
| >> | >>
| >> | >> Cany anyone point me in the right direction as to why Domain
User's
| >> | >> group cannot access any of the shares. I have checked permissions
on
| >> | >> the shares and Domain User's does have full access.
| >> | >>
| >> | >> Thanks in advance,
| >> | >>
| >> | >> Steve Perrins
| >> | >
| >> | > What's the exact error message, and have you rebooted the
| >> workstations
| >> as
| >> | > well?
| >> | > Event log errors would be useful.....on both server & clients.
| >> | >
| >> |
| >> |
| >> |
| >>
| >
| >
|
|
|

.