General discussion

Locked

DC Authentication Problem

By emax131 ·
There have been a number of Users that I've seen encounter problems with their connection to the Windows 2000 Advanced Server (DC) running active directory in my office. For some reason these users lose their authentication privileges and were unable to access any resources on the server. When attempting to access the server there was a prompt to enter a user name, domain name and password, this also occurs when the user attempted to access Outlook or the Web. The only way I've been able to resolve this problem so far is by backing up all user documents and settings, deleting the local profiles, getting the user to log in and then copying all user files back. The trend so far is that it only happens on the Dell PC's with Windows XP Pro, apart from that I'm not sure if the problem is with the Win2000 Server or the local user profile. The other interesting thing to note is that any other user logging onto that PC has access to the servers resources and if the user with the problem logs onto another PC they have access to the resource.

This conversation is currently closed to new comments.

7 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by lyallaust In reply to DC Authentication Problem

I had a similar problem, but my problem proved to be terminal services related.

The only way I was able to track it down was systematically going through the registry keys for HK_Current_User and working importing keys from a user that worked into the registry of a user that did not work.

My problem worked out to be a common TEMP folder, where one user logged in prevented access for a different user. I suspect your problem will be something to do with LanMan settings, or local cache.

Have you tried NBTSTAT -RR and IPCONFIG /FLUSHDNS to flush the lookup tables for that user/pc?

Collapse -

by emax131 In reply to

Poster rated this answer.

Collapse -

by Issy_3 In reply to DC Authentication Problem

I looks like a connectivity issue with that Pc not the user, since they can login on another pc in the DC
Run NBTSTAt with the following extensions
RR, r, c and then netstat to see which connections established, also check the trust relation with the exchange for the outlook
Goodluck

Collapse -

by emax131 In reply to

Poster rated this answer.

Collapse -

by emax131 In reply to DC Authentication Problem

I've run ethereal on the PC with the problem and came across the following messages - "KRB5: KRB Error: KRB5KDC_ERR_CLIENT_REVOKED", "KRB5: KRB Error: KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN".

Collapse -

by emax131 In reply to DC Authentication Problem

I was finally able to find out what was causing this problem. It was a an account created in the "Stored usernames and passwords" sections of the user accounts. After deleting this the user is able to access the server okay.

Collapse -

by emax131 In reply to DC Authentication Problem

This question was closed by the author

Back to Networks Forum
7 total posts (Page 1 of 1)  

Related Discussions

Related Forums