Re: Unable to authenticate to untrusted domain NTLM v2 related issue

It surely is looking to me, at this point, like this conforms well
to your initial assessment, that the issue is in the member referring
to its domain controllers.

The free, limited version on NetMon from Microsoft, if installed
on the member server (or better, if you have the liberty of testing
with a different member that would not have much load but that
does show the same behaviors) would only trap network traffic
of that machine. So, one would be looking to see what traffic
takes place with the domain controller after the login traffic from
the XP is received. Remember, with this NTLM authentication
the XP is talking with the member and then the member with the
domain controller named in the domain user account used by the
XP. IOW it is not that the member tells the XP to talk with the
domain controller and then bring back something - the member
handles it, so tracing traffic on the member should show all except
whether the domain controller actually hears it (and one could
infer that from the packet sequence seen on the member).
"lwoody7110" <lwoody@xxxxxxxxxxxxx> wrote in message
news:1158221681.419667.200120@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hi Roger

Thanks for your assistance for far. We are on the same page with
regard this problem.

I did not remove any user ids from the eventlogs. I changed the
workstation name and masked the IP address.

The section for

Logon Process: NtLmSsp

might be important although I can't put my finger on it as my initial
research did occasionally mention
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0. I have not been
clear on what this section does so I have left it alone. My XP access
to the domain B DCs have led me to think all is ok here.

With regard sniffing the LAN. Our network is managed by a 3rd party
and we are not allowed to sniff which makes life tricky. I will sneak
a sniff in sometime today/tomorrow.

I assume the best place to run the sniff is on the domain B member
server? Could you advise what I am looking for as I have never run a
sniff before.



.

Relevant Pages

  • RE: "Send As" permission resetting on SBS
    ... permission of the user account that is a member of one of administrative ... groups will be reset to match the ACL of the AdminSDHolder thread. ... Directory domain controller that holds the primary domain controller ...
    (microsoft.public.windows.server.sbs)
  • RE: "Send As" permission resetting on SBS
    ... permission of the user account that is a member of one of administrative ... groups will be reset to match the ACL of the AdminSDHolder thread. ... Directory domain controller that holds the primary domain controller ...
    (microsoft.public.windows.server.sbs)
  • Re: What policy change did I (or my colleague) make and how do I fix i
    ... Maybe you are no longer a member of the groups that are allowed access. ... If no one can logon locally to a domain controller you will need to ... change the user right settings from a non domain controller domain computer to ...
    (microsoft.public.windows.group_policy)
  • Re: Administrator cant change security
    ... administrators group on the domain member can configure permissions on any ... computers can not reliably contact a domain controller. ... I'm signing on as Administrator on a second Windows 2003 server that is ...
    (microsoft.public.windows.server.security)
  • Re: Remove domain with no domain controller
    ... Is the account you are logging on with a member of Enterprise Admins? ... For example, even if you are an administrator in domain A, you don't have ... permission to delete a domain controller in domain B. ...
    (microsoft.public.windows.server.active_directory)