Re: appears to loose authentication

For the original OP certainly check the permissions on the folder the user
can not access and make sure he is not a member of a group that has deny
permissions to the folder. The other think to keep in mind if using XP Pro
as the client computer is that often "stored credentials" can be a problem
accessing a share and the user does not even realize the are being used
which can be checked in Control Panel/user accounts/user - manage my network
passwords. Alternate persistent stored credentials for a mapped drive can be
another problem if the credentials are now invalid. Checking the server's
security log for failed logons at the time these events occur may be
helpful. DNS problems can be tricky but if the computer is a member of an
Active Directory domain make sure that ONLY domain controllers that are DNS
servers also for the domain are listed as preferred DNS servers. Problems
like you describe that can be cleared by a reboot could be related to the
fact that the wrong DNS server is being used, such as an ISP DNS server that
can not locate a domain controller [which is also Kerberos key server, etc]
and then the correct one is used after a reboot. -- Steve


"Roger Abell [MVP]" <mvpNoSpam@xxxxxxx> wrote in message
news:%23v98B4sUGHA.5808@xxxxxxxxxxxxxxxxxxxxxxx
I agree with your diags. But I am unsure of the precise nature of
some scenarios that have been put forward, so am unsure as to
the applicability of those analyses, and of the DNS possibility.

If it were sharename, then there is no explaination for successful
access where only (apparent) change is reboot - same machine,
same account. On the other hand, the comments that UserA
cannot but UserB can might have meant simultaneously but from
different machines, just as the test to c$ that worked may have
been at a time when access was working.
I am dubious of the DNS explaination, but I cannot rule anything
out based on the imprecise scenarios given.

"AllenM" <allen.miyake@xxxxxxxxx> wrote in message
news:uWr0mIoUGHA.1576@xxxxxxxxxxxxxxxxxxxxxxx
Not too sure about that Roger. I asked if he could as Administrator get
to \\servername\c$ and he said he could. However he cannot get to
\\servername\sharename which leads me to think that 1. It is an invalid
sharename. 2. Because he stated he "receive a message access denied"
leads me to think that there are security and permissions issues. 3. User
A can get to the share and UserB cannot is also suspect of NTFS
permissions not being applied correctly. Why he can get to the
administrative root and not to any shares below is baffling and also
suspectable to incorrect NTFS permissions. Only reason I can think it may
be is that his permissions are not set up properly. I'm thinking if he
can get to \\servername then DNS is not an issue. Your take?


"Roger Abell [MVP]" <mvpNoSpam@xxxxxxx> wrote in message
news:epR0ljnUGHA.5808@xxxxxxxxxxxxxxxxxxxxxxx

"Rob" <Rob@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:903FC3E3-3936-42F0-A5FC-55C19E648542@xxxxxxxxxxxxxxxx
That seems to work fine. Another strange part is that while userA canb
not
access the server, userB can.


Is that on the same client machine at the time, or just that userA on
machineA
cannot while at same time userB on machineB can ??

I find interest in your comment earlier that if userA is seeing this
problem
on computerA then a reboot of computerA allows userA to get access.
That to me indicates that you may have client machines configured with
an invalid DNS server in the Tcp/Ip settings.


That is where I am going nuts at.

Thank you;

Rob

"AllenM" wrote:

What happens when you try to from the run command line use
\\servername\c$
logged in as an Administrator?


"Rob" <Rob@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:B6916D7F-F917-40EC-934F-ADD4673D1E46@xxxxxxxxxxxxxxxx


"Malke" wrote:

Rob wrote:



"AllenM" wrote:

Is this a new share you created and are trying to use for the
first
time? How is "G:" getting mapped? Login script? Or map network
drive
and reconnect at logon? Are you postive this folder is "shared"
and
have you reviewed Share and NTFS Folder/File permissions?


"Rob" <Rob@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:BA55B150-1CD4-4AA1-8FF6-A49C5913CE04@xxxxxxxxxxxxxxxx
I have a server here that appears to be loosing authentication.
The
server
is windows 2000.

Here is what happens: The user will log onto their computer,
and
they try
to open a network app. The app will not open, and no error
appears. The user will then try to open the G:\ from My
computer,
and they receive a
message access denied. I may try typing into run: \\server
to view the shares, but I am prompted with a logon box which
the
domain admin can not even log onto.

The only way I have found to resolve it to have the user
reboot
their
computer. Any help is greatly appreciated.

Rob





here is an exact copy of the command in the logon script to map
the
network share:
net use g: \\icncrm\goldmine

I checked the share and ntfs permissions on the goldmine share,
and I
have
not found any problems. I temporally set one of the users who
needs
to
access this as local admin, FC on the share and ntfs. The
problem was
still persistant.

This is not a new share, it has been there since before I started
working
here (7 months). The problem first appeared a few months ago.

If this only happens when they try to access Goldmine, contact
Goldmine
tech support. This may be a known issue and/or they may have a
workaround.

Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User


I have contacted Goldmine, and they have said that it is a microsoft
problem. We are also recieving this problem on another share of
this
server.
It is quite strange. I really appreciate your help on this.

Rob











.

Relevant Pages

  • RE: Windows 2003 Server - Everyone Group
    ... this folder only accessable by the users in the "special" group. ... Configure User and Group Access on an Intranet in Windows Server ... NTFS files system permissions control ... group that you want to set permissions for, click Check Names to verify the ...
    (microsoft.public.win2000.networking)
  • Re: DNSDCPROMO FAILS
    ... I have a static IP assigned to my LAN and the DNS ... Add the PublishAddresses and RegisterDnsARecords registry values for the DNS ... In the DNS console, expand the server object, expand the Forward ... Lookup Zones folder, and then click the folder for the local domain. ...
    (microsoft.public.win2000.dns)
  • Re: Urgent Please
    ... The main problem is that the server becomes mulihomed. ... the use of dynamic registration in DNS means that you also have ... Disabling Netbios over TCP/IP on the "internal" RRAS interface can ... under msdcs.gc folder, ...
    (microsoft.public.win2000.ras_routing)
  • Re: Urgent Please
    ... The main problem is that the server becomes mulihomed. ... use of dynamic registration in DNS means that you also have similar problems ... Disabling Netbios over TCP/IP on the "internal" RRAS interface can have some ... under msdcs.gc folder, ...
    (microsoft.public.win2000.ras_routing)
  • Re: Browser cannot find any server anymore after 5 minutes of normal activity (" The page canno
    ... and/or the DNS host addresses got changed out from ... On the client yes, but on the server everything is ... Scan folder: 'F:\', recursive ... Average files per second is 50, ...
    (comp.security.firewalls)