Sign in with
Sign up | Sign in
Your question

The very strange problem about Win XP and Win 2K server

Tags:
  • Servers
  • Command Prompt
  • Windows XP
  • Windows
Last response: in Windows 2000/NT
Share
Anonymous
May 18, 2005 12:59:46 AM

Archived from groups: microsoft.public.win2000.security (More info?)

We have 2 win 2K server, If we run by "\\server01" or "\\10.0.0.1\d$"
command on a Win 2k PC.
There are all logged on OK, but if we run above command from a Win XP PC.
One can be logged on and another cannot.
who can tell me why?

Thanks.

More about : strange problem win win server

Anonymous
May 18, 2005 12:59:47 AM

Archived from groups: microsoft.public.win2000.security (More info?)

What happens - any error message or such?? Can you ping the server from the
computer that you can to logon from to the shares?? Try enabling auditing of
logon events in the Local Security Policy of the Windows 2000 server
[secpol.msc] and then see if a corresponding failure event is recorded in
the security log that correlates to the time of the failed logon which will
often have error codes as to why access was denied. Possible causes are host
firewall/ipsec policy blocking access, incompatible security options such as
digital signing or lan manager authentication level, or their is no user
account on the server that will allow access. Keep in mind that XP Pro can
use stored credentials which can block access after a password change. ---
Steve



"newsgroups.microsoft.com" <mxc2000@hotmail.com> wrote in message
news:urwDPBuWFHA.1796@TK2MSFTNGP15.phx.gbl...
> We have 2 win 2K server, If we run by "\\server01" or "\\10.0.0.1\d$"
> command on a Win 2k PC.
> There are all logged on OK, but if we run above command from a Win XP PC.
> One can be logged on and another cannot.
> who can tell me why?
>
> Thanks.
>
>
>
Anonymous
May 18, 2005 4:18:24 PM

Archived from groups: microsoft.public.win2000.security (More info?)

When I logged on to the server from my remote PC there are no errors report.
It remain the log on dialog box. Only the "Administrator" user cannot log
on.

I go to the server to see the security log and there also no error recorded.
It very strange!!

"Steven L Umbach" <n9rou@nospam-comcast.net> дÈëÏûÏ¢ÐÂÎÅ:eNFYPTxWFHA.2540@tk2msftngp13.phx.gbl...
> What happens - any error message or such?? Can you ping the server from
> the computer that you can to logon from to the shares?? Try enabling
> auditing of logon events in the Local Security Policy of the Windows 2000
> server [secpol.msc] and then see if a corresponding failure event is
> recorded in the security log that correlates to the time of the failed
> logon which will often have error codes as to why access was denied.
> Possible causes are host firewall/ipsec policy blocking access,
> incompatible security options such as digital signing or lan manager
> authentication level, or their is no user account on the server that will
> allow access. Keep in mind that XP Pro can use stored credentials which
> can block access after a password change. --- Steve
>
>
>
> "newsgroups.microsoft.com" <mxc2000@hotmail.com> wrote in message
> news:urwDPBuWFHA.1796@TK2MSFTNGP15.phx.gbl...
>> We have 2 win 2K server, If we run by "\\server01" or "\\10.0.0.1\d$"
>> command on a Win 2k PC.
>> There are all logged on OK, but if we run above command from a Win XP PC.
>> One can be logged on and another cannot.
>> who can tell me why?
>>
>> Thanks.
>>
>>
>>
>
>
Related resources
Anonymous
May 18, 2005 4:18:25 PM

Archived from groups: microsoft.public.win2000.security (More info?)

and . . .
when you go to that server you can log in with the Administrator
account and password exactly as what fails when remote ??
Check whether the account is allowed to log on over the network
in the Local Security Policy / User Rights and also that it is not
denied this right in the deny network logon right also found there.

--
Roger Abell
Microsoft MVP (Windows Security)
MCSE (W2k3,W2k,Nt4) MCDBA
"newsgroups.microsoft.com" <mxc2000@hotmail.com> wrote in message
news:o m3DmC2WFHA.3876@tk2msftngp13.phx.gbl...
> When I logged on to the server from my remote PC there are no errors
report.
> It remain the log on dialog box. Only the "Administrator" user cannot log
> on.
>
> I go to the server to see the security log and there also no error
recorded.
> It very strange!!
>
> "Steven L Umbach" <n9rou@nospam-comcast.net>
дÈëÏûÏ¢ÐÂÎÅ:eNFYPTxWFHA.2540@tk2msftngp13.phx.gbl...
> > What happens - any error message or such?? Can you ping the server from
> > the computer that you can to logon from to the shares?? Try enabling
> > auditing of logon events in the Local Security Policy of the Windows
2000
> > server [secpol.msc] and then see if a corresponding failure event is
> > recorded in the security log that correlates to the time of the failed
> > logon which will often have error codes as to why access was denied.
> > Possible causes are host firewall/ipsec policy blocking access,
> > incompatible security options such as digital signing or lan manager
> > authentication level, or their is no user account on the server that
will
> > allow access. Keep in mind that XP Pro can use stored credentials which
> > can block access after a password change. --- Steve
> >
> >
> >
> > "newsgroups.microsoft.com" <mxc2000@hotmail.com> wrote in message
> > news:urwDPBuWFHA.1796@TK2MSFTNGP15.phx.gbl...
> >> We have 2 win 2K server, If we run by "\\server01" or "\\10.0.0.1\d$"
> >> command on a Win 2k PC.
> >> There are all logged on OK, but if we run above command from a Win XP
PC.
> >> One can be logged on and another cannot.
> >> who can tell me why?
> >>
> >> Thanks.
> >>
> >>
> >>
> >
> >
>
>
Anonymous
May 18, 2005 5:17:36 PM

Archived from groups: microsoft.public.win2000.security (More info?)

You need to have auditing of account logon and /or logon events for success
and failure enabled before you will see anything in the security log of the
server which you can do in Local Security Policy. Did you check stored
credentials on the XP Pro computer for that user to make sure they have been
cleared? Try creating a new user account on the server and workstation that
have the same logon name/password to see if that account will work. ---
Steve

http://support.microsoft.com/default.aspx?scid=KB;en-us;q248260 --- how to
enable logging

"newsgroups.microsoft.com" <mxc2000@hotmail.com> wrote in message
news:o m3DmC2WFHA.3876@tk2msftngp13.phx.gbl...
> When I logged on to the server from my remote PC there are no errors
> report.
> It remain the log on dialog box. Only the "Administrator" user cannot log
> on.
>
> I go to the server to see the security log and there also no error
> recorded.
> It very strange!!
>
> "Steven L Umbach" <n9rou@nospam-comcast.net>
> дÈëÏûÏ¢ÐÂÎÅ:eNFYPTxWFHA.2540@tk2msftngp13.phx.gbl...
>> What happens - any error message or such?? Can you ping the server from
>> the computer that you can to logon from to the shares?? Try enabling
>> auditing of logon events in the Local Security Policy of the Windows 2000
>> server [secpol.msc] and then see if a corresponding failure event is
>> recorded in the security log that correlates to the time of the failed
>> logon which will often have error codes as to why access was denied.
>> Possible causes are host firewall/ipsec policy blocking access,
>> incompatible security options such as digital signing or lan manager
>> authentication level, or their is no user account on the server that will
>> allow access. Keep in mind that XP Pro can use stored credentials which
>> can block access after a password change. --- Steve
>>
>>
>>
>> "newsgroups.microsoft.com" <mxc2000@hotmail.com> wrote in message
>> news:urwDPBuWFHA.1796@TK2MSFTNGP15.phx.gbl...
>>> We have 2 win 2K server, If we run by "\\server01" or "\\10.0.0.1\d$"
>>> command on a Win 2k PC.
>>> There are all logged on OK, but if we run above command from a Win XP
>>> PC. One can be logged on and another cannot.
>>> who can tell me why?
>>>
>>> Thanks.
>>>
>>>
>>>
>>
>>
>
>
Anonymous
May 18, 2005 7:35:28 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Yes, when I go to that server I can log in with the Administrator OK.
and I open the Local Security Policy / User Rights to see logon over network
the user list inlude the group "Administrators". The checkboxs are all
checked.


"Roger Abell" <mvpNOSpam@asu.edu> дÈëÏûÏ¢ÐÂÎÅ:e6xGYp3WFHA.3348@TK2MSFTNGP14.phx.gbl...
> and . . .
> when you go to that server you can log in with the Administrator
> account and password exactly as what fails when remote ??
> Check whether the account is allowed to log on over the network
> in the Local Security Policy / User Rights and also that it is not
> denied this right in the deny network logon right also found there.
>
> --
> Roger Abell
> Microsoft MVP (Windows Security)
> MCSE (W2k3,W2k,Nt4) MCDBA
> "newsgroups.microsoft.com" <mxc2000@hotmail.com> wrote in message
> news:o m3DmC2WFHA.3876@tk2msftngp13.phx.gbl...
>> When I logged on to the server from my remote PC there are no errors
> report.
>> It remain the log on dialog box. Only the "Administrator" user cannot log
>> on.
>>
>> I go to the server to see the security log and there also no error
> recorded.
>> It very strange!!
>>
>> "Steven L Umbach" <n9rou@nospam-comcast.net>
> дÈëÏûÏ¢ÐÂÎÅ:eNFYPTxWFHA.2540@tk2msftngp13.phx.gbl...
>> > What happens - any error message or such?? Can you ping the server
>> > from
>> > the computer that you can to logon from to the shares?? Try enabling
>> > auditing of logon events in the Local Security Policy of the Windows
> 2000
>> > server [secpol.msc] and then see if a corresponding failure event is
>> > recorded in the security log that correlates to the time of the failed
>> > logon which will often have error codes as to why access was denied.
>> > Possible causes are host firewall/ipsec policy blocking access,
>> > incompatible security options such as digital signing or lan manager
>> > authentication level, or their is no user account on the server that
> will
>> > allow access. Keep in mind that XP Pro can use stored credentials which
>> > can block access after a password change. --- Steve
>> >
>> >
>> >
>> > "newsgroups.microsoft.com" <mxc2000@hotmail.com> wrote in message
>> > news:urwDPBuWFHA.1796@TK2MSFTNGP15.phx.gbl...
>> >> We have 2 win 2K server, If we run by "\\server01" or "\\10.0.0.1\d$"
>> >> command on a Win 2k PC.
>> >> There are all logged on OK, but if we run above command from a Win XP
> PC.
>> >> One can be logged on and another cannot.
>> >> who can tell me why?
>> >>
>> >> Thanks.
>> >>
>> >>
>> >>
>> >
>> >
>>
>>
>
>
Anonymous
May 19, 2005 4:02:01 AM

Archived from groups: microsoft.public.win2000.security (More info?)

"newsgroups.microsoft.com" <mxc2000@hotmail.com> wrote in message
news:uydlww3WFHA.2768@tk2msftngp13.phx.gbl...
> Yes, when I go to that server I can log in with the Administrator OK.
> and I open the Local Security Policy / User Rights to see logon over
network
> the user list inlude the group "Administrators". The checkboxs are all
> checked.
>

OK. So all those ducks seem in order.
My guess is that for some reason the one machine is negotiating
use of a different security protocol, or its settings for such as
signing of communications, etc. are different and in disagreement
with the server.

When presented with the authentication prompt from server X
the behavior is the same whether you say to log in
X\Administrator or just Administrator ? If so, review the settings
in the Local Security Policy of the machine from which access fails
to verify that all the policies in the Computer section under Security
Options that have (always) and/or (when possible) agree with
settings on a machine from which access works. Also compare
the LAN Manager authentication level setting to make sure it has
something in common with the server from which access is failing.

--
Roger

>
> "Roger Abell" <mvpNOSpam@asu.edu>
дÈëÏûÏ¢ÐÂÎÅ:e6xGYp3WFHA.3348@TK2MSFTNGP14.phx.gbl...
> > and . . .
> > when you go to that server you can log in with the Administrator
> > account and password exactly as what fails when remote ??
> > Check whether the account is allowed to log on over the network
> > in the Local Security Policy / User Rights and also that it is not
> > denied this right in the deny network logon right also found there.
> >
> > --
> > Roger Abell
> > Microsoft MVP (Windows Security)
> > MCSE (W2k3,W2k,Nt4) MCDBA
> > "newsgroups.microsoft.com" <mxc2000@hotmail.com> wrote in message
> > news:o m3DmC2WFHA.3876@tk2msftngp13.phx.gbl...
> >> When I logged on to the server from my remote PC there are no errors
> > report.
> >> It remain the log on dialog box. Only the "Administrator" user cannot
log
> >> on.
> >>
> >> I go to the server to see the security log and there also no error
> > recorded.
> >> It very strange!!
> >>
> >> "Steven L Umbach" <n9rou@nospam-comcast.net>
> > дÈëÏûÏ¢ÐÂÎÅ:eNFYPTxWFHA.2540@tk2msftngp13.phx.gbl...
> >> > What happens - any error message or such?? Can you ping the server
> >> > from
> >> > the computer that you can to logon from to the shares?? Try enabling
> >> > auditing of logon events in the Local Security Policy of the Windows
> > 2000
> >> > server [secpol.msc] and then see if a corresponding failure event is
> >> > recorded in the security log that correlates to the time of the
failed
> >> > logon which will often have error codes as to why access was denied.
> >> > Possible causes are host firewall/ipsec policy blocking access,
> >> > incompatible security options such as digital signing or lan manager
> >> > authentication level, or their is no user account on the server that
> > will
> >> > allow access. Keep in mind that XP Pro can use stored credentials
which
> >> > can block access after a password change. --- Steve
> >> >
> >> >
> >> >
> >> > "newsgroups.microsoft.com" <mxc2000@hotmail.com> wrote in message
> >> > news:urwDPBuWFHA.1796@TK2MSFTNGP15.phx.gbl...
> >> >> We have 2 win 2K server, If we run by "\\server01" or
"\\10.0.0.1\d$"
> >> >> command on a Win 2k PC.
> >> >> There are all logged on OK, but if we run above command from a Win
XP
> > PC.
> >> >> One can be logged on and another cannot.
> >> >> who can tell me why?
> >> >>
> >> >> Thanks.
> >> >>
> >> >>
> >> >>
> >> >
> >> >
> >>
> >>
> >
> >
>
>
Anonymous
May 19, 2005 11:57:04 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Dear Roger,

I try the following C++ code can connect to the server OK.

{
NETRESOURCE ns;
memset(&ns,0,sizeof(ns));
ns.dwScope=RESOURCE_CONNECTED;
ns.dwType=RESOURCETYPE_DISK;
ns.dwDisplayType=RESOURCEDISPLAYTYPE_SHARE;
ns.lpLocalName="X:";
ns.lpRemoteName="\\\\10.0.0.2\\D$";
ns.lpComment=NULL;
ns.lpProvider=NULL;
char buf[MAX_PATH];
memset(&buf,0,sizeof(buf));
DWORD dw;
WNetUseConnection(NULL,&ns,"password","Administrator",CONNECT_REDIRECT,NULL,(DWORD*)&buf,&dw);
}

Why under to use Windows Shell cannot conncet only with "Administrator" or
"X\Administrator"
except "Administrator" any user can conncet OK.

--
MXC


"Roger Abell" <mvpNOSpam@asu.edu> wrote in message
news:u1r$qAEXFHA.2996@TK2MSFTNGP10.phx.gbl...
> "newsgroups.microsoft.com" <mxc2000@hotmail.com> wrote in message
> news:uydlww3WFHA.2768@tk2msftngp13.phx.gbl...
>> Yes, when I go to that server I can log in with the Administrator OK.
>> and I open the Local Security Policy / User Rights to see logon over
> network
>> the user list inlude the group "Administrators". The checkboxs are all
>> checked.
>>
>
> OK. So all those ducks seem in order.
> My guess is that for some reason the one machine is negotiating
> use of a different security protocol, or its settings for such as
> signing of communications, etc. are different and in disagreement
> with the server.
>
> When presented with the authentication prompt from server X
> the behavior is the same whether you say to log in
> X\Administrator or just Administrator ? If so, review the settings
> in the Local Security Policy of the machine from which access fails
> to verify that all the policies in the Computer section under Security
> Options that have (always) and/or (when possible) agree with
> settings on a machine from which access works. Also compare
> the LAN Manager authentication level setting to make sure it has
> something in common with the server from which access is failing.
>
> --
> Roger
>
>>
>> "Roger Abell" <mvpNOSpam@asu.edu>
> дÈëÏûÏ¢ÐÂÎÅ:e6xGYp3WFHA.3348@TK2MSFTNGP14.phx.gbl...
>> > and . . .
>> > when you go to that server you can log in with the Administrator
>> > account and password exactly as what fails when remote ??
>> > Check whether the account is allowed to log on over the network
>> > in the Local Security Policy / User Rights and also that it is not
>> > denied this right in the deny network logon right also found there.
>> >
>> > --
>> > Roger Abell
>> > Microsoft MVP (Windows Security)
>> > MCSE (W2k3,W2k,Nt4) MCDBA
>> > "newsgroups.microsoft.com" <mxc2000@hotmail.com> wrote in message
>> > news:o m3DmC2WFHA.3876@tk2msftngp13.phx.gbl...
>> >> When I logged on to the server from my remote PC there are no errors
>> > report.
>> >> It remain the log on dialog box. Only the "Administrator" user cannot
> log
>> >> on.
>> >>
>> >> I go to the server to see the security log and there also no error
>> > recorded.
>> >> It very strange!!
>> >>
>> >> "Steven L Umbach" <n9rou@nospam-comcast.net>
>> > дÈëÏûÏ¢ÐÂÎÅ:eNFYPTxWFHA.2540@tk2msftngp13.phx.gbl...
>> >> > What happens - any error message or such?? Can you ping the server
>> >> > from
>> >> > the computer that you can to logon from to the shares?? Try enabling
>> >> > auditing of logon events in the Local Security Policy of the Windows
>> > 2000
>> >> > server [secpol.msc] and then see if a corresponding failure event is
>> >> > recorded in the security log that correlates to the time of the
> failed
>> >> > logon which will often have error codes as to why access was denied.
>> >> > Possible causes are host firewall/ipsec policy blocking access,
>> >> > incompatible security options such as digital signing or lan manager
>> >> > authentication level, or their is no user account on the server that
>> > will
>> >> > allow access. Keep in mind that XP Pro can use stored credentials
> which
>> >> > can block access after a password change. --- Steve
>> >> >
>> >> >
>> >> >
>> >> > "newsgroups.microsoft.com" <mxc2000@hotmail.com> wrote in message
>> >> > news:urwDPBuWFHA.1796@TK2MSFTNGP15.phx.gbl...
>> >> >> We have 2 win 2K server, If we run by "\\server01" or
> "\\10.0.0.1\d$"
>> >> >> command on a Win 2k PC.
>> >> >> There are all logged on OK, but if we run above command from a Win
> XP
>> > PC.
>> >> >> One can be logged on and another cannot.
>> >> >> who can tell me why?
>> >> >>
>> >> >> Thanks.
>> >> >>
>> >> >>
>> >> >>
>> >> >
>> >> >
>> >>
>> >>
>> >
>> >
>>
>>
>
>
!