Access Denied

[Bruce.]

I'm wondering if anyone has any suggestions for this. I have two computers
networked together. One can access the resources of the other, but not the
reverse. Basically this:

USER1 on PC1 does a "net view \\PC2" and it works.
USER2 on PC2 does a "net view \\PC1" and gets:

System error 5 has occurred.
Access is denied.

PC2 can "net view" 2 other computers, just not PC1.

Both PC1 and PC2 are is XP Pro SP3

Both have Simple File Sharing enabled.

PC1 has both USER1 and USER2 configured and declared as Administrators.

Any ideas?

Bruce.

 

[John John (MVP)]

Are the USER2 using the the same password on both computers? Is USER2
logged on to PC1? Does the "net use \\PC1 /user:USER2" command work?

John

 

[Bruce.]

Are the USER2 using the the same password on both computers?

John

Yes, USER2 on PC1 and PC2 have identical passwords. Just to make sure, I
deleted USER2 on PC1 and recreated it. They are identical.

Is USER2 logged on to PC1?
Yes.

Does the "net use \\PC1 /user:USER2" command work?

No, that yields:

System error 2221 has occurred.
The user name could not be found.

Yet, if I do a "net users" on PC1, USER2 is definitely one of the ones
listed.

Very odd.

Bruce.

 

[Bruce.]

Are the USER2 using the the same password on both computers? Is USER2
logged on to PC1? Does the "net use \\PC1 /user:USER2" command work?

John

FYI, I did a "net user USER2" on PC1 and got this:

=======================

C:>net user USER2
User name USER2
Full Name
Comment
User's comment
Country code 000 (System Default)
Account active Yes
Account expires Never

Password last set 8/14/2008 12:33 PM
Password expires Never
Password changeable 8/14/2008 12:33 PM
Password required Yes
User may change password Yes

Workstations allowed All
Logon script
User profile
Home directory
Last logon Never

Logon hours allowed All

Local Group Memberships *Administrators *Users
Global Group memberships *None
The command completed successfully.

=======================

USER2 is definitely on PC1 but for some reason, PC2 can't see it. Very odd.

Bruce.

 

[Bruce.]

Yes.

Sorry John. I got my pcs mixed up. No, USER2 is NOT logged on to PC1.
USER1 is logged in to PC1 and USER2 is logged in to PC2.

Bruce.

 

[Bruce.]

John, here's an interesting development. I found something on the web which
steered me in this direction.

I performed these commands on PC2:

C:\>ping PC1

Pinging PC1 [192.168.1.71] with 32 bytes of data:

Reply from 192.168.1.71: bytes=32 time<1ms TTL=128

C:\>net use \\PC1
System error 2221 has occurred.

The user name could not be found.

C:\>net use \\192.168.1.71
The command completed successfully.

What gives? Why would \\192.168.1.71 work and not \\PC1?

A ping of PC1 shows them to be the same box as shown above.

Bruce.

 

[John John (MVP)]

Sounds like a NetBIOS problem, check that NetBIOS over TCP/IP is enabled.

John

 

[Bruce.]

Sounds like a NetBIOS problem, check that NetBIOS over TCP/IP is enabled.

John

On both PC1 and PC2, NetBIOS was set to get the default of the DHCP server,
so I manually enabled NetBIOS over TCP/IP on both.

No joy. Still getting Access Denied.

Thanks John. This one has me stumped.

Bruce.

 

[John John (MVP)]

On both PC1 and PC2, NetBIOS was set to get the default of the DHCP server,
so I manually enabled NetBIOS over TCP/IP on both.

No joy. Still getting Access Denied.

Thanks John. This one has me stumped.

Is the TCP/IP NetBIOS (NetBT) Helper Service running? Are the computers
in the same Workgroup?

John

 

[Bruce.]

This is getting more complicated. The net view \\PC1 from PC2 has started
and stopped working several times since last night as I played with settings
trying to narrow it down. However, I can find no pattern. It will work one
minute and then stop for no apparent reason minutes later. It's failing
again now.

Is the TCP/IP NetBIOS (NetBT) Helper Service running?

Yes, on both PC1 and PC2.

Are the computers in the same Workgroup?

No. PC1 is part of my home workgroup called HOME, which also includes PC3
and PC4.

PC2 is my work laptop which is part of a work domain, estabilshed over a VPN
over the internet. So that raises some possibilities.

Note that if I do these commands on my work PC2:

net view \\PC1
Error 5, access denied.

net view \\PC3
alway works

net view \\PC4
always works

Only net view of PC1 from PC2 fails with an access error. Doing the same
net view using the IP always works.

Note that PC1 and PC2 are XP Pro while PC3 and PC4 are XP Home.

Also note that if I do these commands on PC1:

net view \\PC2
always works

net view \\PC3
always works

net view \\PC4
always works

Only net view \\PC1 from PC2 fails.

Bruce.

 

[John John (MVP)]

Hmm. When using the Computername it works sometimes and at other times
it doesn't? And it always works when you use the IP address? Now it's
starting to sound like a "browser war" or Master Browser issue... Look
in the Event Log to see if any errors are recorded.

John

 

[Bruce.]

Hmm. When using the Computername it works sometimes and at other times it
doesn't? And it always works when you use the IP address? Now it's
starting to sound like a "browser war" or Master Browser issue... Look in
the Event Log to see if any errors are recorded.

Ah, that was very interesting. The event logger on PC2 was logging two
events, 40960 and 49601. The key was one of those log message said it was
trying to log on to PC2 using USERXYZ, which is wrong because I was logged
on as USER2. So I started researching those events and ran across some
configuration information I didn't know existed and I don't remember ever
entering it. But it was entered on PC2, so I assume I must have done it,
perhaps long ago.

I found it using this place:

Start -> Settings -> Control Panel -> User Accounts -> Advanced -> Manage
Passwords -> Stored User Names and Password.

In that dialog you can enter user ids / passwords to use when accessing the
resources of other systems. As I said, I have no memory of entering it, but
there was one entry there that said to use USERXYZ when connecting to PC1.
So the entry said to use USERXYZ even though I was logged on as USER2.

Well, I believe that since that entry was made, the password for USERXYZ on
PC1 had changed, but that dialog on PC2 was never updated, and so the
USERXYZ password was being rejected by PC1. Sometimes it connected with
USER2 and that worked, and some times with USERXYZ that did not work.
Whether my net view \\PC2 worked or not depended on which one it had tried
most recently.

The thing is, USER2 has a valid account on PC1, so there was no point in
there being an entry on that dialog at all. So I deleted the entry for
USERXYZ and now it's using USER2 again so everything is now working
properly.

I didn't know there was a single place where you could configure userids and
passwords to be used for the resources of another system. I assumed your
current login was the only one it would ever try.

Thank you very much John! Your questions and information led me right to
the source of the problem

Bruce.

 

[John John (MVP)]

Ah, that was very interesting. The event logger on PC2 was logging two
events, 40960 and 49601. The key was one of those log message said it was
trying to log on to PC2 using USERXYZ, which is wrong because I was logged
on as USER2. So I started researching those events and ran across some
configuration information I didn't know existed and I don't remember ever
entering it. But it was entered on PC2, so I assume I must have done it,
perhaps long ago.

I found it using this place:

Start -> Settings -> Control Panel -> User Accounts -> Advanced -> Manage
Passwords -> Stored User Names and Password.

In that dialog you can enter user ids / passwords to use when accessing the
resources of other systems. As I said, I have no memory of entering it, but
there was one entry there that said to use USERXYZ when connecting to PC1.
So the entry said to use USERXYZ even though I was logged on as USER2.

Well, I believe that since that entry was made, the password for USERXYZ on
PC1 had changed, but that dialog on PC2 was never updated, and so the
USERXYZ password was being rejected by PC1. Sometimes it connected with
USER2 and that worked, and some times with USERXYZ that did not work.
Whether my net view \\PC2 worked or not depended on which one it had tried
most recently.

The thing is, USER2 has a valid account on PC1, so there was no point in
there being an entry on that dialog at all. So I deleted the entry for
USERXYZ and now it's using USER2 again so everything is now working
properly.

I didn't know there was a single place where you could configure userids and
passwords to be used for the resources of another system. I assumed your
current login was the only one it would ever try.

Thank you very much John! Your questions and information led me right to
the source of the problem

Thank you for the update and for telling us how you fixed it! The
Cached Credentials explains quite a few things about the odd behaviour
that sometimes happen with user accounts. This was an interesting
problem to work on, your excellent technical skills and great follow up
will sure be appreciated by others who run into this problem.

John

 

[Bruce.]

Thank you for the update and for telling us how you fixed it! The Cached
Credentials explains quite a few things about the odd behaviour that
sometimes happen with user accounts. This was an interesting problem to
work on, your excellent technical skills and great follow up will sure be
appreciated by others who run into this problem.

Thanks for the help John. For the Googlers out there, I should note here
that I had a typo in the above description. It was actually Event errors
40960 and 40961, not 49601.

Bruce.