Win 2000 clients failure to access NT Server shares (long ..

Archived from groups: microsoft.public.windowsnt.domain (More info?)

/deep breath

Currently running a 100% NT4(sp6a) domain
Upgrading Clients to Win2k Pro (sp4) (full flatten and
fresh install)
Everything (suprisingly) fine , with 1 notable exception

intermittantly upon logon the 2k Workstation cannot
connect to any shares on the fileserver , any attempt to
connect to a share causes the "username/password" prompt
to occur

a few other details...

-we have 7 other NT4 servers that we can map/connect to
(therefore imo ruling out any domain authentication issues)
-the server can be pinged (therefore imo ruling out any
DNS issues)

any help apprecaitted as this problem means

no userprofiles (mapped as profiles on fileserver)
no home "drives" (mapped as user home folder on fileserver)
no shared "drives" (mapped as shared area on fileserver)

thanks a million for any help/suggestions
9 answers Last reply
More about 2000 clients failure access server shares long
  1. Archived from groups: microsoft.public.windowsnt.domain (More info?)

    Hi Ali,

    As you've already mentioned the problem looks
    to be the file server itself but you will have to give
    more details. What is the computer role of the file
    server? Not sure? open a dos prompt and run
    net accounts and verify the value of the computer
    role field. Most likely it's a member server in which
    case the computer role should be "server". When
    a client attempts a connection to a member server
    the member will look at the domain field and verify
    the domain is trusted than pass the credentials to
    a DC for authentication. I believe the member
    server may have a broken secure channel. Have
    a look at the following for details:

    When a machine joins the domain there is a secure
    channel created along with a secure channel password kept
    by the domain and the domain member. By default this password
    changes every 7 days in NT and every 30 days in W2k or higher.

    Use netdom.exe or nltest.exe to reset the secure channel.

    Resetting Domain Member Secure Channel
    http://support.microsoft.com/default.aspx?scid=kb;en-us;175024

    Netdom can be found below:

    NETDOM 1.7 Reports Access Denied with Windows NT 4.0 SP4
    http://support.microsoft.com/support/kb/articles/q197/1/60.asp

    Nltest can be found below:

    Windows NT Service Pack 4.0 Tools Not Included on CD-ROM
    http://support.microsoft.com/support/kb/articles/Q206/8/48.ASP

    If the problem persists you can disable the hidden machine account
    password but of course there are security issues:

    How to Disable Automatic Machine Account Password Changes
    http://support.microsoft.com/support/kb/articles/q154/5/01.asp

    "Ali Curran" <ali_curran@hotmail.com> wrote in message news:
    > /deep breath
    >
    > Currently running a 100% NT4(sp6a) domain
    > Upgrading Clients to Win2k Pro (sp4) (full flatten and
    > fresh install)
    > Everything (suprisingly) fine , with 1 notable exception
    >
    > intermittantly upon logon the 2k Workstation cannot
    > connect to any shares on the fileserver , any attempt to
    > connect to a share causes the "username/password" prompt
    > to occur
    >
    > a few other details...
    >
    > -we have 7 other NT4 servers that we can map/connect to
    > (therefore imo ruling out any domain authentication issues)
    > -the server can be pinged (therefore imo ruling out any
    > DNS issues)
    >
    > any help apprecaitted as this problem means
    >
    > no userprofiles (mapped as profiles on fileserver)
    > no home "drives" (mapped as user home folder on fileserver)
    > no shared "drives" (mapped as shared area on fileserver)
    >
    > thanks a million for any help/suggestions
  2. Archived from groups: microsoft.public.windowsnt.domain (More info?)

    Michael,

    a thousand thank you's for the suggestion(s)and my apologies for not being
    in touch sooner (a (rare) weeks holiday!)

    though nltest (appeared) to show no problems, i nonetheless reset the
    fileserver secure channel and it *thus* far seems to have worked.

    Due to the faults intermittant nature i can't be 100% sure yet! ,we've had
    the problem dissappear for days on end,only to rear it's ugly head again, but
    here's hoping (or should that be hopping?)

    just a quick question if you please?

    wouldn't a problem with the "secure channel" have affected all my NT4 users?
    (who are running 100% problem free) ? or does Win2k's interaction differ?

    thanks again

    Ali
  3. Archived from groups: microsoft.public.windowsnt.domain (More info?)

    Michael,

    a thousand thank you's for the suggestion(s)and my apologies for not being
    in touch sooner (a (rare) weeks holiday!)

    though nltest (appeared) to show no problems, i nonetheless reset the
    fileserver secure channel and it *thus* far seems to have worked.

    Due to the faults intermittant nature i can't be 100% sure yet! ,we've had
    the problem dissappear for days on end,only to rear it's ugly head again, but
    here's hoping (or should that be hopping?)

    just a quick question if you please?

    wouldn't a problem with the "secure channel" have affected all my NT4 users?
    (who are running 100% problem free) ? or does Win2k's interaction differ?

    thanks again

    Ali
  4. Archived from groups: microsoft.public.windowsnt.domain (More info?)

    Hi Ali,
    Answers inline:

    "Ali Curran" <AliCurran@discussions.microsoft.com> wrote in message
    news:

    > a thousand thank you's for the suggestion(s)and my apologies for not
    being
    > in touch sooner (a (rare) weeks holiday!)

    Your welcome and thank you for the update.

    >
    > though nltest (appeared) to show no problems, i nonetheless reset the
    > fileserver secure channel and it *thus* far seems to have worked.

    We'll cross our fingers. :-)

    >
    > Due to the faults intermittant nature i can't be 100% sure yet! ,we've
    had
    > the problem dissappear for days on end,only to rear it's ugly head
    again, but

    The hidden machine account password by default changes
    every 7 days by request from the domain members to the
    PDC. If the domain member cannot find the PDC during
    the change interval they fall out of synch. Also because all
    changes occur on the PDC and replicate out to the BDCs
    the problem could be domain synchronization. It was nice
    to see MS's response to this in W2k the password change
    is now 30 days instead of 7 and computer accounts are now
    just like user accounts where the DCs will contact other DCs
    to see if a change occurred before denying access.

    > here's hoping (or should that be hopping?)

    It's hoping.. If you were hopping you would
    jumping around your office.. <g>

    >
    > just a quick question if you please?

    Absolutely.

    >
    > wouldn't a problem with the "secure channel" have affected all my NT4
    users?
    > (who are running 100% problem free) ? or does Win2k's interaction
    differ?

    No because each member/workstation/BDC holds a secure channel with the
    domain.
  5. Archived from groups: microsoft.public.windowsnt.domain (More info?)

    first apologies for the newb style double post,

    unfortunatly reseting the secure channel didn't cure the problem

    a few more details etc if it helps

    (1) we now have upwards of 20 PC's all showing this same sympthon
    (2)It's only ever this 1 fileserver (unfortunatly of course the one with
    profiles/shared data/personal data areas...)
    (3)The fault is truly intermittant (ie can happen for 2 hours straight ,
    then not again for a few days)

    bearing this in mind, should i plough ahead with the "Disable Automatic
    Machine Account Password Changes" fix? i assume i need run this on the
    fileserver? will this have an repercussions bar preventing changing the local
    PC password? it won't in any way affect the PDC/BDC's or my users?

    thanks again Michael for your swift and knowledgeable response
  6. Archived from groups: microsoft.public.windowsnt.domain (More info?)

    first apologies for the newb style double post,

    unfortunatly reseting the secure channel didn't cure the problem

    a few more details etc if it helps

    (1) we now have upwards of 20 PC's all showing this same sympthon
    (2)It's only ever this 1 fileserver (unfortunatly of course the one with
    profiles/shared data/personal data areas...)
    (3)The fault is truly intermittant (ie can happen for 2 hours straight ,
    then not again for a few days)

    bearing this in mind, should i plough ahead with the "Disable Automatic
    Machine Account Password Changes" fix? i assume i need run this on the
    fileserver? will this have an repercussions bar preventing changing the local
    PC password? it won't in any way affect the PDC/BDC's or my users?

    thanks again Michael for your swift and knowledgeable response
  7. Archived from groups: microsoft.public.windowsnt.domain (More info?)

    first apologies for the newb style double post,

    unfortunatly reseting the secure channel didn't cure the problem

    a few more details etc if it helps

    (1) we now have upwards of 20 PC's all showing this same sympthon
    (2)It's only ever this 1 fileserver (unfortunatly of course the one with
    profiles/shared data/personal data areas...) the other 7 work flawlessly
    with either NT or 2k
    (3)The fault is truly intermittant (ie can happen for 2 hours straight ,
    then not again for a few days)

    bearing this in mind, should i plough ahead with the "Disable Automatic
    Machine Account Password Changes" fix?

    i assume i need run this on the fileserver? will this have an repercussions
    bar preventing changing the
    local PC password? it won't in any way affect the PDC/BDC's or my users?

    thanks again Michael for your swift and knowledgeable response
  8. Archived from groups: microsoft.public.windowsnt.domain (More info?)

    first apologies for the newb style double post,

    unfortunatly reseting the secure channel didn't cure the problem

    a few more details etc if it helps

    (1) we now have upwards of 20 PC's all showing this same sympthon
    (2)It's only ever this 1 fileserver (unfortunatly of course the one
    with
    profiles/shared data/personal data areas...) the other 7 work
    flawlessly with either NT or 2k
    (3)The fault is truly intermittant (ie can happen for 2 hours straight
    ,
    then not again for a few days)

    bearing this in mind, should i plough ahead with the "Disable
    Automatic
    Machine Account Password Changes" fix?

    i assume i need run this on the fileserver? will this have an
    repercussions bar preventing changing the
    local PC password? it won't in any way affect the PDC/BDC's or my
    users?

    thanks again Michael for your swift and knowledgeable response

    Ali
  9. Archived from groups: microsoft.public.windowsnt.domain (More info?)

    No I wouldn't disable the password change. Sounds
    like an NTLM compability issue or a restrictanonymous
    setting. Have a look:

    How to Use the RestrictAnonymous Registry Value in Windows 2000
    http://support.microsoft.com/default.aspx?scid=kb;en-us;246261

    How to Enable NTLM 2 Authentication

    http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/Q239/8/69.ASP&NoWebContent=1


    "Ali Curran" <AliCurran@discussions.microsoft.com> wrote in message
    news:
    > first apologies for the newb style double post,
    >
    > unfortunatly reseting the secure channel didn't cure the problem
    >
    > a few more details etc if it helps
    >
    > (1) we now have upwards of 20 PC's all showing this same sympthon
    > (2)It's only ever this 1 fileserver (unfortunatly of course the one
    with
    > profiles/shared data/personal data areas...)
    > (3)The fault is truly intermittant (ie can happen for 2 hours straight
    ,
    > then not again for a few days)
    >
    > bearing this in mind, should i plough ahead with the "Disable
    Automatic
    > Machine Account Password Changes" fix? i assume i need run this on the
    > fileserver? will this have an repercussions bar preventing changing
    the local
    > PC password? it won't in any way affect the PDC/BDC's or my users?
    >
    > thanks again Michael for your swift and knowledgeable response
Ask a new question

Read More

Connection Domain Servers Windows