Win 2000 clients failure to access NT Server shares (long ..

[Guest]

Archived from groups: microsoft.public.windowsnt.domain (More info?)

/deep breath

Currently running a 100% NT4(sp6a) domain
Upgrading Clients to Win2k Pro (sp4) (full flatten and
fresh install)
Everything (suprisingly) fine , with 1 notable exception

intermittantly upon logon the 2k Workstation cannot
connect to any shares on the fileserver , any attempt to
connect to a share causes the "username/password" prompt
to occur

a few other details...

-we have 7 other NT4 servers that we can map/connect to
(therefore imo ruling out any domain authentication issues)
-the server can be pinged (therefore imo ruling out any
DNS issues)

any help apprecaitted as this problem means

no userprofiles (mapped as profiles on fileserver)
no home "drives" (mapped as user home folder on fileserver)
no shared "drives" (mapped as shared area on fileserver)

thanks a million for any help/suggestions

 

[Guest]

Archived from groups: microsoft.public.windowsnt.domain (More info?)

Hi Ali,

As you've already mentioned the problem looks
to be the file server itself but you will have to give
more details. What is the computer role of the file
server? Not sure? open a dos prompt and run
net accounts and verify the value of the computer
role field. Most likely it's a member server in which
case the computer role should be "server". When
a client attempts a connection to a member server
the member will look at the domain field and verify
the domain is trusted than pass the credentials to
a DC for authentication. I believe the member
server may have a broken secure channel. Have
a look at the following for details:

When a machine joins the domain there is a secure
channel created along with a secure channel password kept
by the domain and the domain member. By default this password
changes every 7 days in NT and every 30 days in W2k or higher.

Use netdom.exe or nltest.exe to reset the secure channel.

Resetting Domain Member Secure Channel
http://support.microsoft.com/default.aspx?scid=kb;en-us;175024

Netdom can be found below:

NETDOM 1.7 Reports Access Denied with Windows NT 4.0 SP4
http://support.microsoft.com/support/kb/articles/q197/1/60.asp

Nltest can be found below:

Windows NT Service Pack 4.0 Tools Not Included on CD-ROM
http://support.microsoft.com/support/kb/articles/Q206/8/48.ASP

If the problem persists you can disable the hidden machine account
password but of course there are security issues:

How to Disable Automatic Machine Account Password Changes
http://support.microsoft.com/support/kb/articles/q154/5/01.asp

"Ali Curran" <ali_curran@hotmail.com> wrote in message news:
> /deep breath
>
> Currently running a 100% NT4(sp6a) domain
> Upgrading Clients to Win2k Pro (sp4) (full flatten and
> fresh install)
> Everything (suprisingly) fine , with 1 notable exception
>
> intermittantly upon logon the 2k Workstation cannot
> connect to any shares on the fileserver , any attempt to
> connect to a share causes the "username/password" prompt
> to occur
>
> a few other details...
>
> -we have 7 other NT4 servers that we can map/connect to
> (therefore imo ruling out any domain authentication issues)
> -the server can be pinged (therefore imo ruling out any
> DNS issues)
>
> any help apprecaitted as this problem means
>
> no userprofiles (mapped as profiles on fileserver)
> no home "drives" (mapped as user home folder on fileserver)
> no shared "drives" (mapped as shared area on fileserver)
>
> thanks a million for any help/suggestions

 

[Guest]

Archived from groups: microsoft.public.windowsnt.domain (More info?)

Michael,

a thousand thank you's for the suggestion(s)and my apologies for not being
in touch sooner (a (rare) weeks holiday!)

though nltest (appeared) to show no problems, i nonetheless reset the
fileserver secure channel and it *thus* far seems to have worked.

Due to the faults intermittant nature i can't be 100% sure yet! ,we've had
the problem dissappear for days on end,only to rear it's ugly head again, but
here's hoping (or should that be hopping?)

just a quick question if you please?

wouldn't a problem with the "secure channel" have affected all my NT4 users?
(who are running 100% problem free) ? or does Win2k's interaction differ?

thanks again

Ali

 

[Guest]

Archived from groups: microsoft.public.windowsnt.domain (More info?)

Michael,

a thousand thank you's for the suggestion(s)and my apologies for not being
in touch sooner (a (rare) weeks holiday!)

though nltest (appeared) to show no problems, i nonetheless reset the
fileserver secure channel and it *thus* far seems to have worked.

Due to the faults intermittant nature i can't be 100% sure yet! ,we've had
the problem dissappear for days on end,only to rear it's ugly head again, but
here's hoping (or should that be hopping?)

just a quick question if you please?

wouldn't a problem with the "secure channel" have affected all my NT4 users?
(who are running 100% problem free) ? or does Win2k's interaction differ?

thanks again

Ali

 

[Guest]

Archived from groups: microsoft.public.windowsnt.domain (More info?)

Hi Ali,
Answers inline:

"Ali Curran" <AliCurran@discussions.microsoft.com> wrote in message
news:

> a thousand thank you's for the suggestion(s)and my apologies for not
being
> in touch sooner (a (rare) weeks holiday!)

Your welcome and thank you for the update.

>
> though nltest (appeared) to show no problems, i nonetheless reset the
> fileserver secure channel and it *thus* far seems to have worked.

We'll cross our fingers.

>
> Due to the faults intermittant nature i can't be 100% sure yet! ,we've
had
> the problem dissappear for days on end,only to rear it's ugly head
again, but

The hidden machine account password by default changes
every 7 days by request from the domain members to the
PDC. If the domain member cannot find the PDC during
the change interval they fall out of synch. Also because all
changes occur on the PDC and replicate out to the BDCs
the problem could be domain synchronization. It was nice
to see MS's response to this in W2k the password change
is now 30 days instead of 7 and computer accounts are now
just like user accounts where the DCs will contact other DCs
to see if a change occurred before denying access.

> here's hoping (or should that be hopping?)

It's hoping.. If you were hopping you would
jumping around your office.. <g>

>
> just a quick question if you please?

Absolutely.

>
> wouldn't a problem with the "secure channel" have affected all my NT4
users?
> (who are running 100% problem free) ? or does Win2k's interaction
differ?

No because each member/workstation/BDC holds a secure channel with the
domain.

 

[Guest]

Archived from groups: microsoft.public.windowsnt.domain (More info?)

first apologies for the newb style double post,

unfortunatly reseting the secure channel didn't cure the problem

a few more details etc if it helps

(1) we now have upwards of 20 PC's all showing this same sympthon
(2)It's only ever this 1 fileserver (unfortunatly of course the one with
profiles/shared data/personal data areas...)
(3)The fault is truly intermittant (ie can happen for 2 hours straight ,
then not again for a few days)

bearing this in mind, should i plough ahead with the "Disable Automatic
Machine Account Password Changes" fix? i assume i need run this on the
fileserver? will this have an repercussions bar preventing changing the local
PC password? it won't in any way affect the PDC/BDC's or my users?

thanks again Michael for your swift and knowledgeable response

 

[Guest]

Archived from groups: microsoft.public.windowsnt.domain (More info?)

first apologies for the newb style double post,

unfortunatly reseting the secure channel didn't cure the problem

a few more details etc if it helps

(1) we now have upwards of 20 PC's all showing this same sympthon
(2)It's only ever this 1 fileserver (unfortunatly of course the one with
profiles/shared data/personal data areas...)
(3)The fault is truly intermittant (ie can happen for 2 hours straight ,
then not again for a few days)

bearing this in mind, should i plough ahead with the "Disable Automatic
Machine Account Password Changes" fix? i assume i need run this on the
fileserver? will this have an repercussions bar preventing changing the local
PC password? it won't in any way affect the PDC/BDC's or my users?

thanks again Michael for your swift and knowledgeable response

 

[Guest]

Archived from groups: microsoft.public.windowsnt.domain (More info?)

first apologies for the newb style double post,

unfortunatly reseting the secure channel didn't cure the problem

a few more details etc if it helps

(1) we now have upwards of 20 PC's all showing this same sympthon
(2)It's only ever this 1 fileserver (unfortunatly of course the one with
profiles/shared data/personal data areas...) the other 7 work flawlessly
with either NT or 2k
(3)The fault is truly intermittant (ie can happen for 2 hours straight ,
then not again for a few days)

bearing this in mind, should i plough ahead with the "Disable Automatic
Machine Account Password Changes" fix?

i assume i need run this on the fileserver? will this have an repercussions
bar preventing changing the
local PC password? it won't in any way affect the PDC/BDC's or my users?

thanks again Michael for your swift and knowledgeable response

 

[Guest]

Archived from groups: microsoft.public.windowsnt.domain (More info?)

first apologies for the newb style double post,

unfortunatly reseting the secure channel didn't cure the problem

a few more details etc if it helps

(1) we now have upwards of 20 PC's all showing this same sympthon
(2)It's only ever this 1 fileserver (unfortunatly of course the one
with
profiles/shared data/personal data areas...) the other 7 work
flawlessly with either NT or 2k
(3)The fault is truly intermittant (ie can happen for 2 hours straight
,
then not again for a few days)

bearing this in mind, should i plough ahead with the "Disable
Automatic
Machine Account Password Changes" fix?

i assume i need run this on the fileserver? will this have an
repercussions bar preventing changing the
local PC password? it won't in any way affect the PDC/BDC's or my
users?

thanks again Michael for your swift and knowledgeable response

Ali

 

[Guest]

Archived from groups: microsoft.public.windowsnt.domain (More info?)

No I wouldn't disable the password change. Sounds
like an NTLM compability issue or a restrictanonymous
setting. Have a look:

How to Use the RestrictAnonymous Registry Value in Windows 2000
http://support.microsoft.com/default.aspx?scid=kb;en-us;246261

How to Enable NTLM 2 Authentication

http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/Q239/8/69.ASP&NoWebContent=1




"Ali Curran" <AliCurran@discussions.microsoft.com> wrote in message
news:
> first apologies for the newb style double post,
>
> unfortunatly reseting the secure channel didn't cure the problem
>
> a few more details etc if it helps
>
> (1) we now have upwards of 20 PC's all showing this same sympthon
> (2)It's only ever this 1 fileserver (unfortunatly of course the one
with
> profiles/shared data/personal data areas...)
> (3)The fault is truly intermittant (ie can happen for 2 hours straight
,
> then not again for a few days)
>
> bearing this in mind, should i plough ahead with the "Disable
Automatic
> Machine Account Password Changes" fix? i assume i need run this on the
> fileserver? will this have an repercussions bar preventing changing
the local
> PC password? it won't in any way affect the PDC/BDC's or my users?
>
> thanks again Michael for your swift and knowledgeable response