Network or security

[rick]

I have two computers. One running XP Pro and the other is running W2K
Server. I can ping both ways and can view files on the server but
cannot copy or open files efficiently (takes forever or times out). I
try to access files on the XP Pro box and get prompted for user name
and password. Every combo I can think of denies access and states the
"the credentials supplied conflict with an existing set of
credentials." Appreciate the help.

 

[Roger Abell [MVP]]

The credentials conflict message is saying that there is already
a connection to that machine using a different username.
At a command prompt issue
net help session
After any sessions to the machine are cleared can you log in?

As for the XP to W2k, this sounds like a network issue, since you
can authenticate and you are allowed access (albeit failingly slow).
Have you posted to a networking newsgroup ?

 

[rick]

There was a session. I deleted it. Still get prompted for username and
password immediately. Still cannot connect. Still get the same
credentials error. Both computers are connected via a router. The W2K
server runs DNS. If the server is down, I cannot see the web on the XP
Pro. When the server is running, I can see the web from the Pro and the
server. That leads me to believe that there is a network. I guess it
could be the router. This problem looks like security. I use to be able
to connect. Now after many automatic Microsoft updates, now I cannot.
What is a good network group? I searched the names and didn't see a
name that fit the ticket. Thanks again for the help!

 

[Roger Abell [MVP]]

Slow up Rick. That post is a little jumbled issue on issue.
When you attempt to authenticate, say to machine named BoxX
are you using BoxX\username or just username? Use the first.
Are you logging failed login in the audit policy of BoxX?
If so, what is being recorded.

With the server down, of course DNS will not resolve (assuming
XP is using only DNS on the server) and so browse to web would
not work except if the name to IP resolution had gotten cached on
the XP. Can you browse using http:\\ip-of-the-machine (this assumes
you did not configure use of host headers in the IIS config)

The networking related newsgroups begin like
microsoft.public.windows.net*
microsoft.public.windows.net*
microsoft.public.win2000.net*
microsoft.public.windows.server.net*
microsoft.public.windowsxp.net*
microsoft.public.windows.vista.net*
You may need to use a newreader client; I cannot advise as to
how these are surfaced in your google newsgroup interface.

 

[rick]

When you attempt to authenticate, say to machine named BoxX

are you using BoxX\username or just username? Use the first.
Are you logging failed login in the audit policy of BoxX?
If so, what is being recorded.

The XP box name is "win4". From the server (dell), I tried
"win4\administrator" and "administrator" and both returned the
"credential" error. The last security event on the win4 box was on
Christmas day. A policy change. Hmmm.... I was playing around with the
policy on the server. I am such a hack!

Audit Policy Change:
New Policy:
Success Failure
- - Logon/Logoff
- - Object Access
- - Privilege Use
- - Account Management
- - Policy Change
- - System
- - Detailed Tracking
- - Directory Service Access
- - Account Logon

Changed By:
User Name: WIN4$
Domain Name: RICKEL
Logon ID: (0x0,0x3E7)

The networking related newsgroups begin like
microsoft.public.windows.net*
microsoft.public.windows.net*
microsoft.public.win2000.net*
microsoft.public.windows.server.net*
microsoft.public.windowsxp.net*
microsoft.public.windows.vista.net*

Thanks!

 

[Roger Abell [MVP]]

Sounds like you need to get events logged and retry so you
can get some info. If you can log into win4 with that account
(at keyboard) if may be it is not allowed network login (which
is default if there is no password on the account). Anyway,
event log entries may guide you.

 

[rick]

If you can log into win4 with that account

Okay, I login into the win4 box as local administrator? And then I do
what?

 

[Roger Abell [MVP]]

Okay, I login into the win4 box as local administrator? And then I do
what?

Admin tools, Local Security Policy
do not get wild in there !!!
just drill to the Audit Policies and enable audit for logon fail

Does the Administrator account have a password?

 

[Roger Abell [MVP]]

By the way, have you taken the XP Pro out from simple sharing mode?
If not, then only Guest access is allowed over the network.
(in Explorer, not IE, go to View tab in Folder options under Tools,
and scroll to bottom of list)

 

[rick]

By the way, have you taken the XP Pro out from simple sharing mode?
If not, then only Guest access is allowed over the network.
(in Explorer, not IE, go to View tab in Folder options under Tools,
and scroll to bottom of list)

 

[rick]

By the way, have you taken the XP Pro out from simple sharing mode?

Yep, it was checked. I unchecked it.

Ah, you are taking all the fun out of it.

Everything is set Success, Failure now.

Does the Administrator account have a password?

Yes. I can login in locally.

 

[Roger Abell [MVP]]

Taking it out of simple sharing probably solved things.
I tend to forget about that one as I work with domains,
and simple mode does not exist in domains.

PS
One can log in locally if there is no password.

 

[rick]

I forgot to mention that I still cannot access the XP Pro from the
server. I still get prompted for username and password and still get
the credentials error. I do have a domain (W2K server and active
directory).

Happy New Years!

 

[Roger Abell [MVP]]

I forgot to mention that I still cannot access the XP Pro from the
server. I still get prompted for username and password and still get
the credentials error. I do have a domain (W2K server and active
directory).

and the event log shows ??

 

[rick]

and the event log shows ??

Nothing that shows the credential error under the Security log but the
Application log has this error.

The Group Policy client-side extension Security failed to execute.
Please look for any errors reported earlier by that extension.

The only failure I see in the Security log is this:

The Windows Firewall has detected an application listening for incoming
traffic.

Name: -
Path: C:\WINDOWS\system32\svchost.exe
Process identifier: 1348
User account: SYSTEM
User domain: NT AUTHORITY
Service: Yes
RPC server: No
IP version: IPv4
IP protocol: UDP
Port number: 68
Allowed: No
User notified: No

 

[Roger Abell [MVP]]

Nothing that shows the credential error under the Security log but the
Application log has this error.

The Group Policy client-side extension Security failed to execute.
Please look for any errors reported earlier by that extension.

The only failure I see in the Security log is this:

The Windows Firewall has detected an application listening for incoming
traffic.

Name: -
Path: C:\WINDOWS\system32\svchost.exe
Process identifier: 1348
User account: SYSTEM
User domain: NT AUTHORITY
Service: Yes
RPC server: No
IP version: IPv4
IP protocol: UDP
Port number: 68
Allowed: No
User notified: No

So what exemptions are defined in the firewall ?
What are the permissions on the share you are attempting
to access both the share level (permission button on the
sharing tab) and the NTFS? You are sure these do allow
for the account being attempted?
What is the account the keeps showing up as having a
connection active (getting in the way of specifying the
other credentials)? How does that connection originate?

 

[rick]

So what exemptions are defined in the firewall ?

File and Printer Sharing is checked and some other stuff. Notification
when a program is blocked is checked also.

What are the permissions on the share you are attempting
to access both the share level (permission button on the
sharing tab) and the NTFS?

I created another share on the XP Pro d drive and named it "D".
Everyone has full rights. I can access the "D" share from the server.
While on the server, I can copy files from the XP to the server with no
problem. If I try to copy a file from XP box to the server however, it
is very slow and I get strange errors like "the path is too deep" if it
is a large file. While on the XP box, if I try to view and copy files
from the server, it is very slow and I get errors. If I am on the XP
box and I browse to the server, it is very slow to list files and I
cannot copy files.

What is the account the keeps showing up as having a
connection active (getting in the way of specifying the
other credentials)?

While on the server, Start -> Run -> type \\win4\d and then I can see
the XP box d drive.

I am log on as the domain administrator on the server and the domain
administrator has full NTFS rights on the win4\d$ admin share.
Nevertheless, I am still prompted for username and password. Neither
"win4\administrator" or "<domain>\administrator" or "administrator"
grants me access.

The only error I see in the security log is :

The Windows Firewall has detected an application listening for incoming
traffic.

Name: -
Path: C:\WINDOWS\system32\svchost.exe
Process identifier: 1344
User account: SYSTEM
User domain: NT AUTHORITY
Service: Yes
RPC server: No
IP version: IPv4
IP protocol: UDP
Port number: 68
Allowed: No
User notified: No

And the Application log:

The Group Policy client-side extension Security failed to execute.
Please look for any errors reported earlier by that extension.

 

[Roger Abell [MVP]]

It really sounds to me like you need help from a networking
config expert. If I understood you correctly, when the existing
connection is as domain\adminX and you get prompted for
access to new share from same machine it refuses use of
domain\adminX

Otherwise it sounds like, with newly defined share, you are
able to do most accesses except with extremely bad performance
and some possibly related failures (too deep, too large, ...)

We have hit on most security issues for server to XP auth
to work, but you have not tested whether all is fine or not
if you have for a test the firewall shut off.

 

[rick]

It really sounds to me like you need help from a networking

config expert.

Thanks for all the feedback Roger. You taught me a couple things. Wish
me luck.

http://groups.google.com/group/micr...2f38c/87ff4bd0fd279a25?hl=en#87ff4bd0fd279a25

 

[Roger Abell [MVP]]

No problem Rick (well, unsolved problem actually) for the
attempts. Hopefully someone finds something I did not see.

Roger