Announcement

Collapse
No announcement yet.

Losing authentication/Cannot access shares

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Losing authentication/Cannot access shares

    Hello everyone, this is my first post so be gentle...

    I am having an issue that I have exhausted all my research efforts trying to find a solution for.

    We have a small network of about 15 people. 3 servers, 2 are Win2k and one is Win2k3. The DC is a Win2k machine and its the only DC. I just started here so I am inheriting their current issues. All workstations are WinXP Pro. Some SP2 and some SP3 for testing with our software. The Win2k3 is just a member server and its primarily used as a Backup server. The only thing on it is Backup Exec. It has no other shared resources. All the resources shared on the network are on the Win2k servers. No server is running DNS or DHCP. We have a small Router that is running those services. (Could potentially be an issue but I have never heard of this being a problem. It is my intention to change this and add it on the servers but not at this moment.)

    My problem is that ever so often, and this happens throughout the day, any one of our users cannot access the 2 servers by UNC. The error we are getting is:

    "The user name you typed is the same as the user name you logged in with. That use name has already been tried. A domain controller cannot be found to verify that user name."

    I have researched this issue and obtained a number of so called "solutions" of which I have tried all of them. One of the main ones I am seeing is that this is a Kerberos issue. There is a regedit to resolve this. I have tried this on all of our workstations and even installed it on the servers as well, and to no avail.

    For further information, I have all the rights in the world to access the network of any which way. I have been doing this for 10 years and have all my certs I am not a newb. This error happens no matter what user name you try. Now at times you can put a completely incorrect user name and it will fail authentication with a standard auth error, then retry the proper user name/ password and it works just fine. But we are continually not able to log in throughout the day every single day.

    Please ask any questions you may have... Any help would be appreciated. I am at a loss.

  • #2
    Re: Losing authentication/Cannot access shares

    You have AD with no DNS?

    Comment


    • #3
      Re: Losing authentication/Cannot access shares

      Hello,

      Yes of course we are most definitely running DNS, what I meant by that statement is that the servers aren't running DNS. DNS is being run through the router. I feel it is a poor design however, this is how it was when I got here and at this time requests to run our DNS server have not been answered.

      Thanks!

      Comment


      • #4
        Re: Losing authentication/Cannot access shares

        Hi,

        Please do the following for me.

        On client machine
        do ip config /all
        run this command too on command line
        set

        On server
        do ipconfig /all

        on server and client, save and clear application log/system and security
        try to access the share using unc path, note the exact error

        Try to access the share using ip address \\ip_address\share_location\...\...

        and just try to access the server with ip address \\ip_address and \\netbois_name and \\fqdn

        Get the application/system/security logs event on both client and server while you receive error


        Also mention what all Troubleshooting steps you have tried so far. It will help me

        Please provide me with all this information. So i can look into it
        Last edited by v-2nas; 17th November 2008, 22:12. Reason: suppling more info
        Thanks & Regards
        v-2nas

        MCTS 2008, MCTIP, MCSE 2003, MCSA+Messaging E2K3, MCP, E2K7
        Sr. Wintel Eng. (Investment Bank)
        Independent IT Consultant and Architect
        Blog: http://www.exchadtech.blogspot.com

        Show your appreciation for my help by giving reputation points

        Comment


        • #5
          Re: Losing authentication/Cannot access shares

          Originally posted by RussMCSE View Post
          Hello,

          Yes of course we are most definitely running DNS, what I meant by that statement is that the servers aren't running DNS. DNS is being run through the router. I feel it is a poor design however, this is how it was when I got here and at this time requests to run our DNS server have not been answered.

          Thanks!
          that might be your issue.
          AD requires few RFCs that the DNS must meet for it to work well.
          1) the DNS zone must allow dynamic updates (RFC 2136).
          2) the DNS server hosting that zone must support the SRV resource records (RFC 2782) to advertise the Active Directory directory service.
          3) the zone is configured to allow the dynamic updates.

          do your router's DNS support all those requirements?
          Last edited by Akila; 17th November 2008, 22:40.

          Comment


          • #6
            Re: Losing authentication/Cannot access shares

            Hey Akila


            RussMCSE write "The DC is a Win2k machine and its the only DC"
            and The DNS issue you have pointed out

            Probably he mean to say that external dns lookups,

            obviously ad won't work without dns

            But let him reply to make things more clear
            Thanks & Regards
            v-2nas

            MCTS 2008, MCTIP, MCSE 2003, MCSA+Messaging E2K3, MCP, E2K7
            Sr. Wintel Eng. (Investment Bank)
            Independent IT Consultant and Architect
            Blog: http://www.exchadtech.blogspot.com

            Show your appreciation for my help by giving reputation points

            Comment


            • #7
              Re: Losing authentication/Cannot access shares

              Hello V-2nas... I have tried many troubleshooting techniques on this and havent gotten very far. I do agree with Akila to a point that it is most likely going to be a DNS issue. I am also slightly wary about giving out logs of information on our network. I will say that there I have tried flushing the DNS and created new users on the network and get the same errors. It happens very randomly throughout the day.

              When I originally did my research, I found that most people thought this to be an authentication error and there was a regedit for it. However running that regedit did not seem to help at all.

              Akila... I agree that it could be a DNS issue. The router that we have is an ISP router who's DNS is forwarded to their DNS IP's. Do they support the RFC's? I dont know... I would imagine not though. The next thing I am going to try is setting up the server to host DNS locally and go from there.

              As an update, I did determine that DNS is installed on our servers it just isnt being utilized. My DNS is on the weaker side unfortunately. Can you please explain in more detail the RFC's? Thanks!

              Comment


              • #8
                Re: Losing authentication/Cannot access shares

                Here is some more information for DNS and IPCONFIG... See the attached pic. To point out some things, for the DNS server is set to 192.168.1.254, that is also our gateway... Now the .254 address is the address of our router as well. I can use IE or Mozilla to get to it through a web interface and within the router it shows that its forwarding to a different set of DNS servers. 205.x.x.x and something else.

                Thanks!
                Attached Files

                Comment


                • #9
                  Re: Losing authentication/Cannot access shares

                  Just how did you get your MCSE?

                  You need to setup an internal DNS server with forwarders to your ISP then point all clients to your internal DNS.

                  Comment


                  • #10
                    Re: Losing authentication/Cannot access shares

                    Hello Garin,
                    i got my MCSE through hard work and training... How did you get yours? Better yet, where did you learn how to read? If you read correctly, which you obviously didnt, the DNS is setup that way already...

                    Perhaps you should take an English class next time...

                    Comment


                    • #11
                      Re: Losing authentication/Cannot access shares

                      Originally posted by RussMCSE View Post
                      No server is running DNS or DHCP. We have a small Router that is running those services.
                      Yes of course we are most definitely running DNS, what I meant by that statement is that the servers aren't running DNS. DNS is being run through the router.
                      The router that we have is an ISP router who's DNS is forwarded to their DNS IP's.
                      the DNS server is set to 192.168.1.254, that is also our gateway... Now the .254 address is the address of our router as well.

                      Your AD is using an internal server you say but all your previous posts contradict that.

                      Here's a simple test; Pass your domain name into nslookup and post the results.

                      Comment


                      • #12
                        Re: Losing authentication/Cannot access shares

                        Originally posted by RussMCSE View Post
                        Hello Garin,
                        i got my MCSE through hard work and training... How did you get yours? Better yet, where did you learn how to read? If you read correctly, which you obviously didnt, the DNS is setup that way already...

                        Perhaps you should take an English class next time...
                        There's no need to get defensive, I'm sure Garen did not mean any offence. He (and everyone else who has posted) are trying to help you. What he stated was technically accurate - you should move away from using the router as your DNS server asap, regardless of whos idea it was to set the system up this way.
                        Gareth Howells

                        BSc (Hons), MBCS, MCP, MCDST, ICCE

                        Any advice is given in good faith and without warranty.

                        Please give reputation points if somebody has helped you.

                        "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

                        "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

                        Comment


                        • #13
                          Re: Losing authentication/Cannot access shares

                          AD and DNS do not have to be on the same server. Yes we are running an internal server, we have 3 however as previously stated, none of our internal servers are running DNS. I don't know how much more clearer I can make that for you... After doing more research I found that DNS was installed as a service however, it is not being run locally. All of our IPs are pointed to our router. The router is being pointed toward our ISP DNS servers.

                          If you read the previous postings I made you will see that as an update I determined more information that I did not know previously. So any information you quoted me on, Garen although may be statements I made previously are out of context. Some information was updated do my lack of knowledge until I found that information.

                          Also realize that I stated before that I do agree that DNS should be run internally and this could be part of the issue. Ive already stated that.

                          What I am trying to accomplish here are things that I do not know... I understand that running DNS locally could help the issue, but I have run many networks and set up many networks where DNS isnt run locally and this issue has never arisen. I furthermore agree that if I run DNS here it may resolve this issue. But I was looking for alternatives... We are going to be upgrading our servers to 2k3 very soon possibly 2k8 so I dont want to do twice the work.

                          I have already tried running nslookup and I get the same results and they are attached...
                          Attached Files

                          Comment


                          • #14
                            Re: Losing authentication/Cannot access shares

                            Russ, AD could run and use a 3rd party DNS server Service as long as it meets the prerequisites I posted previously.
                            Since you not sure if your DNS does meet those needs and there is a good chance it doesn't, the only alternative I can see is either using the MS DNS and do all your forwarding from that DNS or switch to a different 3rd party DNS that supports those RFCs that are needed by AD.
                            It's not a big deal to switch to the MS DNS , since you already have it installed , all you need is to configure the clients and servers to start using it.
                            I would not wait for your planned Upgrade for this task , since it is something you could cover in few hours
                            with hardly any down time.
                            Last edited by Akila; 18th November 2008, 15:30.

                            Comment


                            • #15
                              Re: Losing authentication/Cannot access shares

                              Hi Russ,

                              I got the IPconfig /all and found that it's DHCP assigned now you DC also runs on DHCP because the at times it's possible for IP address to get change is the lease expires unless the DC is never shutdown and the router is always on.

                              You haven't provided me the info what happens when you try to xs using IP address. The whole point is that it will by pass name resolution.

                              However you need to make changes to the ip addressing scheme currently in use.
                              You can disable the router's DHCP. Let me know the model no and make i will lookup for you.

                              We will get it going don't worry.

                              I remember that you can also use DFS once the whole this issue is fixed. Then you can have all the shares accessed thru one link
                              Thanks & Regards
                              v-2nas

                              MCTS 2008, MCTIP, MCSE 2003, MCSA+Messaging E2K3, MCP, E2K7
                              Sr. Wintel Eng. (Investment Bank)
                              Independent IT Consultant and Architect
                              Blog: http://www.exchadtech.blogspot.com

                              Show your appreciation for my help by giving reputation points

                              Comment

                              Working...
                              X