The very strange problem about Win XP and Win 2K server

[newsgroups.microsoft.com]

We have 2 win 2K server, If we run by "\\server01" or "\\10.0.0.1\d$"
command on a Win 2k PC.
There are all logged on OK, but if we run above command from a Win XP PC.
One can be logged on and another cannot.
who can tell me why?

Thanks.

 

[Steven L Umbach]

What happens - any error message or such?? Can you ping the server from the
computer that you can to logon from to the shares?? Try enabling auditing of
logon events in the Local Security Policy of the Windows 2000 server
[secpol.msc] and then see if a corresponding failure event is recorded in
the security log that correlates to the time of the failed logon which will
often have error codes as to why access was denied. Possible causes are host
firewall/ipsec policy blocking access, incompatible security options such as
digital signing or lan manager authentication level, or their is no user
account on the server that will allow access. Keep in mind that XP Pro can
use stored credentials which can block access after a password change. ---
Steve

 

[newsgroups.microsoft.com]

When I logged on to the server from my remote PC there are no errors report.
It remain the log on dialog box. Only the "Administrator" user cannot log
on.

I go to the server to see the security log and there also no error recorded.
It very strange!!

What happens - any error message or such?? Can you ping the server from
the computer that you can to logon from to the shares?? Try enabling
auditing of logon events in the Local Security Policy of the Windows 2000
server [secpol.msc] and then see if a corresponding failure event is
recorded in the security log that correlates to the time of the failed
logon which will often have error codes as to why access was denied.
Possible causes are host firewall/ipsec policy blocking access,
incompatible security options such as digital signing or lan manager
authentication level, or their is no user account on the server that will
allow access. Keep in mind that XP Pro can use stored credentials which
can block access after a password change. --- Steve

We have 2 win 2K server, If we run by "\\server01" or "\\10.0.0.1\d$"
command on a Win 2k PC.
There are all logged on OK, but if we run above command from a Win XP PC.
One can be logged on and another cannot.
who can tell me why?

Thanks.

 

[Roger Abell]

and . . .
when you go to that server you can log in with the Administrator
account and password exactly as what fails when remote ??
Check whether the account is allowed to log on over the network
in the Local Security Policy / User Rights and also that it is not
denied this right in the deny network logon right also found there.

--
Roger Abell
Microsoft MVP (Windows Security)
MCSE (W2k3,W2k,Nt4) MCDBA

When I logged on to the server from my remote PC there are no errors report.
It remain the log on dialog box. Only the "Administrator" user cannot log
on.

I go to the server to see the security log and there also no error recorded.
It very strange!!

"Steven L Umbach" <[email protected]> дÈëÏûÏ¢ÐÂÎÅ:[email protected]...

What happens - any error message or such?? Can you ping the server from
the computer that you can to logon from to the shares?? Try enabling
auditing of logon events in the Local Security Policy of the Windows 2000
server [secpol.msc] and then see if a corresponding failure event is
recorded in the security log that correlates to the time of the failed
logon which will often have error codes as to why access was denied.
Possible causes are host firewall/ipsec policy blocking access,
incompatible security options such as digital signing or lan manager
authentication level, or their is no user account on the server that will
allow access. Keep in mind that XP Pro can use stored credentials which
can block access after a password change. --- Steve

We have 2 win 2K server, If we run by "\\server01" or "\\10.0.0.1\d$"
command on a Win 2k PC.
There are all logged on OK, but if we run above command from a Win XP PC.
One can be logged on and another cannot.
who can tell me why?

Thanks.

 

[newsgroups.microsoft.com]

Yes, when I go to that server I can log in with the Administrator OK.
and I open the Local Security Policy / User Rights to see logon over network
the user list inlude the group "Administrators". The checkboxs are all
checked.

and . . .
when you go to that server you can log in with the Administrator
account and password exactly as what fails when remote ??
Check whether the account is allowed to log on over the network
in the Local Security Policy / User Rights and also that it is not
denied this right in the deny network logon right also found there.

--
Roger Abell
Microsoft MVP (Windows Security)
MCSE (W2k3,W2k,Nt4) MCDBA

When I logged on to the server from my remote PC there are no errors report.
It remain the log on dialog box. Only the "Administrator" user cannot log
on.

I go to the server to see the security log and there also no error recorded.
It very strange!!

"Steven L Umbach" <[email protected]> дÈëÏûÏ¢ÐÂÎÅ:[email protected]...

What happens - any error message or such?? Can you ping the server
from
the computer that you can to logon from to the shares?? Try enabling
auditing of logon events in the Local Security Policy of the Windows 2000
server [secpol.msc] and then see if a corresponding failure event is
recorded in the security log that correlates to the time of the failed
logon which will often have error codes as to why access was denied.
Possible causes are host firewall/ipsec policy blocking access,
incompatible security options such as digital signing or lan manager
authentication level, or their is no user account on the server that will
allow access. Keep in mind that XP Pro can use stored credentials which
can block access after a password change. --- Steve



We have 2 win 2K server, If we run by "\\server01" or "\\10.0.0.1\d$"
command on a Win 2k PC.
There are all logged on OK, but if we run above command from a Win XP PC.
One can be logged on and another cannot.
who can tell me why?

Thanks.

 

[Steven L Umbach]

You need to have auditing of account logon and /or logon events for success
and failure enabled before you will see anything in the security log of the
server which you can do in Local Security Policy. Did you check stored
credentials on the XP Pro computer for that user to make sure they have been
cleared? Try creating a new user account on the server and workstation that
have the same logon name/password to see if that account will work. ---
Steve

http://support.microsoft.com/default.aspx?scid=KB;en-us;q248260 --- how to
enable logging

When I logged on to the server from my remote PC there are no errors
report.
It remain the log on dialog box. Only the "Administrator" user cannot log
on.

I go to the server to see the security log and there also no error
recorded.
It very strange!!

What happens - any error message or such?? Can you ping the server from
the computer that you can to logon from to the shares?? Try enabling
auditing of logon events in the Local Security Policy of the Windows 2000
server [secpol.msc] and then see if a corresponding failure event is
recorded in the security log that correlates to the time of the failed
logon which will often have error codes as to why access was denied.
Possible causes are host firewall/ipsec policy blocking access,
incompatible security options such as digital signing or lan manager
authentication level, or their is no user account on the server that will
allow access. Keep in mind that XP Pro can use stored credentials which
can block access after a password change. --- Steve

We have 2 win 2K server, If we run by "\\server01" or "\\10.0.0.1\d$"
command on a Win 2k PC.
There are all logged on OK, but if we run above command from a Win XP
PC. One can be logged on and another cannot.
who can tell me why?

Thanks.

 

[Roger Abell]

Yes, when I go to that server I can log in with the Administrator OK.
and I open the Local Security Policy / User Rights to see logon over network
the user list inlude the group "Administrators". The checkboxs are all
checked.

OK. So all those ducks seem in order.
My guess is that for some reason the one machine is negotiating
use of a different security protocol, or its settings for such as
signing of communications, etc. are different and in disagreement
with the server.

When presented with the authentication prompt from server X
the behavior is the same whether you say to log in
X\Administrator or just Administrator ? If so, review the settings
in the Local Security Policy of the machine from which access fails
to verify that all the policies in the Computer section under Security
Options that have (always) and/or (when possible) agree with
settings on a machine from which access works. Also compare
the LAN Manager authentication level setting to make sure it has
something in common with the server from which access is failing.

--
Roger

"Roger Abell" <[email protected]> дÈëÏûÏ¢ÐÂÎÅ:[email protected]...

and . . .
when you go to that server you can log in with the Administrator
account and password exactly as what fails when remote ??
Check whether the account is allowed to log on over the network
in the Local Security Policy / User Rights and also that it is not
denied this right in the deny network logon right also found there.

--
Roger Abell
Microsoft MVP (Windows Security)
MCSE (W2k3,W2k,Nt4) MCDBA

When I logged on to the server from my remote PC there are no errors report.
It remain the log on dialog box. Only the "Administrator" user cannot log
on.

I go to the server to see the security log and there also no error recorded.
It very strange!!

"Steven L Umbach" <[email protected]> дÈëÏûÏ¢ÐÂÎÅ:[email protected]...
What happens - any error message or such?? Can you ping the server
from
the computer that you can to logon from to the shares?? Try enabling
auditing of logon events in the Local Security Policy of the Windows 2000
server [secpol.msc] and then see if a corresponding failure event is
recorded in the security log that correlates to the time of the failed
logon which will often have error codes as to why access was denied.
Possible causes are host firewall/ipsec policy blocking access,
incompatible security options such as digital signing or lan manager
authentication level, or their is no user account on the server that will
allow access. Keep in mind that XP Pro can use stored credentials which
can block access after a password change. --- Steve



We have 2 win 2K server, If we run by "\\server01" or "\\10.0.0.1\d$"
command on a Win 2k PC.
There are all logged on OK, but if we run above command from a Win

XP
PC.

One can be logged on and another cannot.
who can tell me why?

Thanks.

 

[newsgroups.microsoft.com]

Dear Roger,

I try the following C++ code can connect to the server OK.

{
NETRESOURCE ns;
memset(&ns,0,sizeof(ns));
ns.dwScope=RESOURCE_CONNECTED;
ns.dwType=RESOURCETYPE_DISK;
ns.dwDisplayType=RESOURCEDISPLAYTYPE_SHARE;
ns.lpLocalName="X:";
ns.lpRemoteName="\\\\10.0.0.2\\D$";
ns.lpComment=NULL;
ns.lpProvider=NULL;
char buf[MAX_PATH];
memset(&buf,0,sizeof(buf));
DWORD dw;
WNetUseConnection(NULL,&ns,"password","Administrator",CONNECT_REDIRECT,NULL,(DWORD*)&buf,&dw);
}

Why under to use Windows Shell cannot conncet only with "Administrator" or
"X\Administrator"
except "Administrator" any user can conncet OK.

--
MXC

Yes, when I go to that server I can log in with the Administrator OK.
and I open the Local Security Policy / User Rights to see logon over network
the user list inlude the group "Administrators". The checkboxs are all
checked.

OK. So all those ducks seem in order.
My guess is that for some reason the one machine is negotiating
use of a different security protocol, or its settings for such as
signing of communications, etc. are different and in disagreement
with the server.

When presented with the authentication prompt from server X
the behavior is the same whether you say to log in
X\Administrator or just Administrator ? If so, review the settings
in the Local Security Policy of the machine from which access fails
to verify that all the policies in the Computer section under Security
Options that have (always) and/or (when possible) agree with
settings on a machine from which access works. Also compare
the LAN Manager authentication level setting to make sure it has
something in common with the server from which access is failing.

--
Roger

"Roger Abell" <[email protected]> дÈëÏûÏ¢ÐÂÎÅ:[email protected]...

and . . .
when you go to that server you can log in with the Administrator
account and password exactly as what fails when remote ??
Check whether the account is allowed to log on over the network
in the Local Security Policy / User Rights and also that it is not
denied this right in the deny network logon right also found there.

--
Roger Abell
Microsoft MVP (Windows Security)
MCSE (W2k3,W2k,Nt4) MCDBA
When I logged on to the server from my remote PC there are no errors
report.
It remain the log on dialog box. Only the "Administrator" user cannot log
on.

I go to the server to see the security log and there also no error
recorded.
It very strange!!

"Steven L Umbach" <[email protected]>
дÈëÏûÏ¢ÐÂÎÅ:[email protected]...
What happens - any error message or such?? Can you ping the server
from
the computer that you can to logon from to the shares?? Try enabling
auditing of logon events in the Local Security Policy of the Windows
2000
server [secpol.msc] and then see if a corresponding failure event is
recorded in the security log that correlates to the time of the failed
logon which will often have error codes as to why access was denied.
Possible causes are host firewall/ipsec policy blocking access,
incompatible security options such as digital signing or lan manager
authentication level, or their is no user account on the server that
will
allow access. Keep in mind that XP Pro can use stored credentials which
can block access after a password change. --- Steve



We have 2 win 2K server, If we run by "\\server01" or "\\10.0.0.1\d$"
command on a Win 2k PC.
There are all logged on OK, but if we run above command from a Win XP
PC.
One can be logged on and another cannot.
who can tell me why?

Thanks.