Question

Locked

why does my workstations lose connection to server?

By ajcraley ·
We have 7 workstations running Windows XP connected to a server running Windows Server 2003.

We use Sage Business Works to run the business. Near the end of the day (roughly 4pm to 5pm) Business works will often error and become unusable. The main errors received are

"Cannot Locate DB directory (SMSystemTasks)"

and when attempting to print to the printer on the network:

"SMError Messages; RPC Server is unavailable."

All of our data backup and virus scans have been moved to after midnight to rule them out as a cause. We have replaced our switch to rule that out as a problem as well.

The odd part is, if a workstation is restarted at any point during the day that pc does not run into these errors. Also the earlier a workstation is turned on in the morning, the earlier the errors occur in the afternoon.

I thought it might have been an IP leasing issue so i dedicated the address for my pc but the problem still occurs. A friend told me it could be a time sync issue but i am not sure how to monitor that.

Also, we have no issues surfing the internet when these problems occur. But saving a document to a shared folder is also affected during the errors.

If you have any input or questions please let me know. Any help you might provide would be greatly appreciated.

This conversation is currently closed to new comments.

6 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Collapse -

Time limit for cache of logon credentials?

by TobiF In reply to why does my workstations ...

This sounds like situations where the client needs to be cleared for access to said service.

Do you have any kind of time out, either from the server side (like cleaning records that are more than 8 hours old) or from the client side (time limit for cache of logon credentials)?

Collapse -

bread crumbs

by ajcraley In reply to Time limit for cache of l ...

you've lead me to a kerberos question, as i cannot find any time out settings with our software. the default settings are still in place i.e. a ten hour ticket expiration.

would this cause my problems? how does a ticket get renewed?

would a older (slower) server exacerbate the problem?

Collapse -

Guessing...

by TobiF In reply to bread crumbs

If you've got a typical 10 hrs ticket life, then I guess easiest thing to try is to prolong the ticket life to, say, 14 hrs.

Being just an experienced end user, I don't have any 2K3 system handy to try.

But Google pointed me to
http://technet.microsoft.com/en-us/library/cc738673(WS.10).aspx

Where I found this:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters\FarKdcTimeout

Edit: The topic next to the one above seems also useful. http://technet.microsoft.com/en-us/library/cc737724(WS.10).aspx
Seems there are some problems with the ticket renewal. So a longer validity should solve your immediate problem. Then you can set a shorter ticket life for some test accounts and indulge in event logs...

Collapse -

light in the tunnel

by ajcraley In reply to Guessing...

I think we may be on to something...

I have contacted our company's techno-dork to obtain permission to manipulate the kerberos policies.

I checked my login time to the server yesterday and at exactly ten hours my business software, and server connection in general, started to error. Checking the event logs for my workstation i found the following error:

ID: 40960
Source: LSASRV
Version: 5.2
Symbolic Name: Negotiate_downgrade_detected
Message: The Security System detected an authentication error for the server %1. The failure code from authentication protocol %2 was %3.

Can you decifer this, its a bit greek to me.

Thanks.

Collapse -

Google is your friend...

by TobiF In reply to light in the tunnel

Of course I have no idea. But Google led me to another situation, where this message occurs:
http://support.microsoft.com/kb/824217

From this page we learn that we may get more information about the problem if we (enable and then) check the Kerberos logs. I'm takling about this paragraph:
<i>Event 40960 only logs the error returned by Kerberos. It does not log the name of the principal or the name of the client. In order to obtain this information, auditing for User Logon Failures must be enabled. By looking at the logon failure audit event logged at the same time as the SPNEGO event, more information about the logon failure can be obtained.</i>

By the way, interesting that the error message includes unexpanded parameters (%1 etc.). Soo helpful.

Anyway, this message shows we guessed correctly, the authentication ticket expires without renewal. Again, activating and reading Kerberos logs may give next set of clues.

And (temporary) workaround would be to set longer validity of the tickets.

Back to Networks Forum
6 total posts (Page 1 of 1)  

Hardware Forums