Vista on NT Network

[RichITL]

I have 2 Vista machines just recently installed onto our NT network.
Everything appeared to work fine. After about a week or so, the Vista's
weren't able to access the shared drives on the network. This seems to be
related to a "authentication" issue on the NT or Vista. It doesn't happen on
a daily basis, just once in a while - usually when someone needs something.
Is there a fix i'm over looking? This is starting to become a problem.
Sometimes i can fix the problem by shutting down the vista machine or the
machine it happens to authenticate too - some times the vista doesn't
authenticate to the NT - I have had it go to the backup server(s) and even an
XP machine. Any help would be appreciated!!
Thanks

 

[Robert L. \(MS-MVP\)]

This could be computer browser issue. Check any errors in the event viewer
no both NT and Vista. Please post back with the result.

--
Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on
http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on
http://www.HowToNetworking.com

 

[RichITL]

On NT get security log event id 644
User Account Locked Out
Target Account Name eastwood
Target Account ID:
S-1-5-21-573327010-255949319-1675519318-1513
Caller Machine Name: VISTA-OPT-KBMDG
Caller User Name: SYSTEM
Caller Domain: NT AUTHORITY
Caller Logon ID: (0x0, 0x3E7)

NT application log - clean
NT System Log - clean

NT - Under User Manger - User account keeps getting locked out.


On Vista Machine get


Log Name: System
Source: NETLOGON
Date: 6/3/2008 7:32:35 AM
Event ID: 5719
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: vista-opt-kbmdg
Description:
This computer was not able to set up a secure session with a domain
controller in domain ITLCORP.COM due to the following:
There are currently no logon servers available to service the logon request.

This may lead to authentication problems. Make sure that this computer is
connected to the network. If the problem persists, please contact your domain
administrator.

ADDITIONAL INFO
If this computer is a domain controller for the specified domain, it sets up
the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain
controller in the specified domain.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="NETLOGON" />
<EventID Qualifiers="0">5719</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2008-06-03T11:32:35.000Z" />
<EventRecordID>15435</EventRecordID>
<Channel>System</Channel>
<Computer>vista-opt-kbmdg</Computer>
<Security />
</System>
<EventData>
<Data>ITLCORP.COM</Data>
<Data>%%1311</Data>
<Binary>5E0000C0</Binary>
</EventData>
</Event>


Need anything else, please let me know.

Rich

 

[Robert L. \(MS-MVP\)]

Are you using ISP DNS? Posting the result of ipconfig /all may help.

--
Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on
http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on
http://www.HowToNetworking.com

 

[RichITL]

No, we have an internal DNS. These machines are setup as DHCP which can be
seen. The 12.127.16.68 is AT&T's DNS if all else fails. Not sure where
the 10.0.0.25 is coming from but the 10.0.0.10 and the 10.0.0.250 are valid.

C:\Users\eastwood>ipconfig/all

Windows IP Configuration

Host Name . . . . . . . . . . . . : vista-opt-kbmdg
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit
Controlle r
Physical Address. . . . . . . . . : 00-1D-09-28-38-6C
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . :
fe80::24ed:be45:7068:e27f%9(Preferred)
IPv4 Address. . . . . . . . . . . : 10.0.0.208(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, June 03, 2008 9:21:52 AM
Lease Expires . . . . . . . . . . : Wednesday, June 04, 2008 9:21:51 AM
Default Gateway . . . . . . . . . : 10.0.0.71
DHCP Server . . . . . . . . . . . : 10.0.0.71
DHCPv6 IAID . . . . . . . . . . . : 201334025
DNS Servers . . . . . . . . . . . : 10.0.0.10
10.0.0.25
10.0.0.250
12.127.16.68
Primary WINS Server . . . . . . . : 10.0.0.1
Secondary WINS Server . . . . . . : 10.0.0.22
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . :
2001:0:4137:9e50:188c:1619:f5ff:ff2f(Pref
erred)
Link-local IPv6 Address . . . . . :
fe80::188c:1619:f5ff:ff2f%8(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 9:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . :
isatap.{C8A0BB15-3455-40FD-80D8-8570076FA
77D}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::5efe:10.0.0.208%10(Preferred)
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 10.0.0.10
10.0.0.25
10.0.0.250
12.127.16.68
NetBIOS over Tcpip. . . . . . . . : Disabled

 

[RichITL]

Is this just a case of removing the vista from the domain and rejoining
domain? Have not done that yet, but users are getting restless and if that
does solve the problem, how do i prevent it from happening in the future?

Rich

 

[Jordus]

Sounds like authentication failure due to the Vista box not resolving the domain controllers properly

Might want to run a netbios resolver cache flush on the vista box when this occurs to see if it will pick back up on it

You can also try using Netbios over TCP/IP


Post Originated from http://www.VistaForums.com Vista Support Forums

 

[RichITL]

Good idea, did not work. I've even gone to the step of static addresses and
still get the same results. The way i see this happening is the vista trys
to go to the share, the share verifies approval with the NT but someone along
the way says "no this isn't happening". The NT then Account Locks the user
profile, makeing additional attempts useless until i unlock the account.
I'm stumped. Is it a security issue within vista that needs to be changed?
These Vistas have worked fine for a few months and now they don't. Was there
an update to Vista which is causing this issue? All my XP's work fine so why
doesn't the Vistas? Sorry, getting frustrated.
Just would like to have an answer and be able to fix this problem.

Rich

 

[Jordus]

Did you try different user accounts?

I know i had an issue in vista where a mapped drive would show up disconnected but when id try to open it up, it opened perfectly fine. So i didnt have to "fix" that but it sounds like a similar issue that perhaps there is a issue with keeping the connection alive to the mapping.


Post Originated from http://www.VistaForums.com Vista Support Forums

 

[RichITL]

Yep, tried different user accounts - didn't work, even administrator didn't
work. Have noticed that with the XP's - explorer says disconnected network
drive. But once you select one it reconnects and life is great. Not so
with the Vistas. I have had in the past where the Vistas had a red X on the
mapped drive, but by selecting that drive it would open up. As of now, that
is not the case - won't let me get to the mapped/shared drives, thus my main
problem. To make this more interesting, 1 of the Vistas is an administrator
of the network like me and he can't get to the shares either. How do i
keep this connection alive or re-establish it when needed? Is it a security
issue? Appears to me authentication is being denied, but why? Like i said
before, it worked just fine for a while.

Rich

 

[RichITL]

Well with your help of the "correct wording" i found a document in Microsot
TechNet "Problem of mapping network drive from Vista Business to a Windows NT
4.0" which peeked my interest. It said to go to Admin Tools, Local Security
Policy, Local Policies, Security Options. Then find policy key name Network
Security : LAN Manager Authentication Level --- Set the value to Send LM and
NTLM responses. My Vistas had Send NTLMv2 Responses Only. Figured i've got
nothing to lose - they are currently talking to the shares now - hurray!!
Not sure how these Vistas worked in the first place or if an update changed
this security setting, but for now they are working. Of course, tomorrow is
another day of suprises. If you could shed some light on the above i would
appreciate - not sure what all of that means.

Rich

 

[Jordus]

Glad its working for you

LM = Lan Manager and NTLM is of course NT Lan Manager

The versions have changed and morphed with each new version of windows

Basically...Vista was not replying to the Server using the protocol that the server accepts.


Post Originated from http://www.VistaForums.com Vista Support Forums