Re: Windows domain user is sometimes denied access to server share
- From: "Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 2 Oct 2006 20:18:44 -0500
Since a reboot clears it I would think it is possibly networking related
such as improper DNS configuration on the computer he is using assuming this
happens on just his computer. Verify that his computer is using ONLY domain
controllers as the primary/secondary DNS servers as shown in tcp/ip
properties. I would also run the support tool netdiag on that computer
looking for any related errors and check the application log for any userenv
errors/warnings that can also indicate a problem finding or contacting a
domain controller. I would also check the server with the share security log
for logon failures that occur when he is denied access to see they can
provide any clues.
Steve
http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B291382 ---
Active Directory DNS FAQ
"Henrik Sjöström" <henrik_the_boss@xxxxxxxxxxx> wrote in message
news:uaAerIg5GHA.1200@xxxxxxxxxxxxxxxxxxxxxxx
Hello all.
We have a user that is randomly denied access to the company's file
server's shares.
He can access the shares that do not have security on them OK, but not the
ones that have security on them (security that his accounts is part of /
qualifies for)
He just get a "access denied". (He is running Win XP w SP 2 and full HFs,
and the server is a Win 2K3 w SP1 and full HFs)
This is the case when he tries to access his private share in the form of
USER$, as well as a couple of shares where access is restricted either
with windows user and or windows group accounts.
He does have at least modify permissions on the shares (in the case of his
private file area, he has full control). The permissions are set OK both
on the shares themselves as well as folder security.
When this occurs, we do not see anything wrong either on his computer or
on the server.
It does not help to disconnect the share, or accessing it by
\\FILESRV\USER$.
A reboot generally clears away the error, and he once again has access.
Since shares that allow everyone access works OK, my hunch is that his
profile is somehow broken, and that the hash that windows sends to the
server when asked to authenticate in order to access the folder is not
correct.
This is not a case of Windows fast logon, where Windows XP logs on before
all group policies have been downloaded, as the domain is small (about 20
accounts, with no active policy changes in the last 6 months)
Logging onto his computer and deleting his profile so that he has to start
over in the hopes of fixing the problem does not appeal to either him or
me.
Note that Norton Internet Security 2006 is installed on the system, and
that this error occurs even though all of Norton's subsystems are
disabled.
No one else have had any problems, so we can probably rule out the server,
right?
Any thoughts?
// Henrik
.
- Follow-Ups:
- Re: Windows domain user is sometimes denied access to server share
- From: Henrik Sjöström
- Re: Windows domain user is sometimes denied access to server share
- References:
- Windows domain user is sometimes denied access to server share
- From: Henrik Sjöström
- Windows domain user is sometimes denied access to server share
- Prev by Date: Re: Limtied users installing USB Thumbdrives
- Next by Date: Re: CA configuration to publish certs in AD
- Previous by thread: Windows domain user is sometimes denied access to server share
- Next by thread: Re: Windows domain user is sometimes denied access to server share
- Index(es):
Relevant Pages
|
|
