How to remove cached credentials in Windows 2003 Server

[Guest]

Hi all

I have 2 Windows 2003 Servers, each in a different domain with no trust
between them. I am trying to map a drive on domainA\server1 to a share on
DomainB\server1 using a user account from DomainB.

I get error 1219 complaining about conflicting credentials. I understand
what this means, and a connection has been made in the past using another set
of credentials. The system has not been rebooted since this happened.

My problem is that there in no existing connection I can remove, and the
previous credentials have been cached somewhere. How can I delete them to
allow a new connection using different credentials?

Thanks in advance for any help.

 

[Roger Abell [MVP]]

And we can assume you have used "net session" ??
At a cmd prompt enter
net help session

 

[Guest]

The answer is "Kinda" but not completely.

I have, however, just given net session a thrashing. Starting off, domainB
server lists no session from the domainA server. I then map network drive on
domainA server to the share on domainb/server and the connection is made
without any prompt for credentials.

Domainb server now lists a session with the user account previously used
(not the one I want).

When I disconnect the network drive on domainA server the drive mapping
disappears, but the session stays open on domainB server. I can delete this
session successfully, so that there are no sessions open from domainA server.

Remapping the drive on domainA server then still happens successfully with
no credential prompts. This server is somehow remembering some credentials
to use

HTH

 

[Roger Abell [MVP]]

When the mapping happens is it with the credentials of the account
you have logged in with, ok, no trust so I should phrase this as a
matching account in the other domain (i.e. same name and password)?
If you map and specifiy the credentials to use, different from the one
automatically selected, it does work, provided that there is no session
between the machines at the time, right?
Are these servers members or DCs?

 

[Roger Abell [MVP]]

As I do not use that capability I tend to forget about it, but you certainly
should check the Stored User names and pwds, see control panel in W2k3

 

[Guest]

Thanks for your help so far Roger

First off, I did try the stored credentials list - it was empty.

DomainA server is a W2K3 DC and DomainB server is a W2K3 member server.
Even with no session listed on DomainB server the mapping happens with no
prompting, and a session is then created using the credentials I don't want.
If I remove that session and disconnect the mapping, net session reports no
existing connection from domainA. If I then try mapping with the credentials
I actually want (an account with a non-expiring password) I get "Error 1219
Blah Blah . . go boil your head"

There is no account in domainA that matches the one used on domain B.
However, the account that is erroneously used by domainA server is already
logged on to domainB from other domainB machines

Thanks for your help and advice Roger

 

[Roger Abell [MVP]]

Well, if I have the scenario correct, then at this point my head is boiled
also.

As I understand things you have
DomainA\DCserver (W2k3)
DomainB\MemberServer (W2k3)
Not trusts exist between DomainA and DomainB (which are in separate
forests).

You log into DCserver as DomainAUser, and attempt to map a share from
MemberServer
1.
If this is a fresh login on DCserver as DomainAUser and you do not try to
use
the "use these credentials" capability, then the mapping happens
transparently
as some DomainBUser, and DomainBUser is not the same name as DomainAUser.
2.
If this is a fresh login on DCserver as DomainAUser and you do use
explicitly provided
credentials for DomainB\SomeDomainBAccount when doing a mapping then this
works
and the session shows that it is in context of that explicitly provided
account.
3.
If during a login on DCserver as DomainAUsers you have first done 1 above,
and then
try to extinguish all sessions between DomainA\DCserver and
DomainB\MemberServer,
apparently successfully, and then finally attempt 2 above you are told there
is a conflict
with existing creds 1219 blah blah

So, we might explain 3 by there being an authenticated connection between
these
that is not showing as a session and that does conflict. How to find and
extinguish
it is then the question.
However, I do not understand how one explains 1 given that
a) there are no credentials on the client for the target domain or server
b) there is no correspondance in name between the originating account and
the one used for the authentication on the sharing MemberServer
c) the session is not showing as in the Guest context

 

[Guest]

Roger

In response to your last post, number 2 does not happen at all, only 1 and 3.

It gets worse however. Yesterday the Domain B account password rolled over
and was dutifully changed. Now mapping to the share without supplying
credentials prompts for a password. I thought "Progress!".

But get this, the new password is not accepted for the domainB account that
was mapping transparently!!! It also will not accept alternative domain B
credentials. We get error 1219 . . . for BOTH cases.

We're going to try a reboot, which is the only thing left at this stage. If
that doesn't work, I'll start getting frustrated :/

I do appreciate your help. Will post the result.

Nigel