stolenpants Posted August 28, 2007 Share Posted August 28, 2007 I really need help on this, I've been trying to fix this for 3 days and I'm not getting anywhere, I can't find anything wrong, and I can't find anything through google.This is a production server, it's been working fine for almost a year.This is a windows 2003 x64 R2 primary domain controllerSaturday, I applied some critical updates and rebooted it, and now (for file sharing) it won't authenticate me from any machine that is NOT a member of the domain.Example: I log in from a computer on the domain and open \\server\share\ and it works fine.I try to log in from a laptop or home computer that is not a member of the domain, and it won't accept the username \ password.However, I know the password is good and there is IP connectivity because from the laptop I can ping the server, RDP into it, and access exchange server. It just rejects the username / password without any explanation or error if I try to access a share.This problem affects multiple accounts.I already know what some of the responses are going to be, so I'll go ahead and clear these up:1. Firewalls are not an issue, I've tried disabling them.2. I have all the syntax right, I've tried username username@domain and domain\username, nothing works.3. I am definitely 100% using the right password.4. IP connectivity to the server is fine.5. This was working fine, it quit working Saturday, apparently.I'm afraid one of the updates changed some security setting but I have no idea which one. Link to comment Share on other sites More sharing options...
gosh Posted August 28, 2007 Share Posted August 28, 2007 what's the event viewer say? Would that be a policy? I'm not sure.-gosh Link to comment Share on other sites More sharing options...
yamum Posted August 28, 2007 Share Posted August 28, 2007 (edited) Do you use a username and password to log on to the non-domain pc. If not then set a password for the lcoal account you are using to log into windows and then try accessing some shares on your domain. It works in our network. Try diabling simple file sharing on the non-domain pc aswell if the first suggestion doesn't work. To disbale simple file sharing In windows explorer click on TOOLS>FOLDER OPTIONS>VIEW and uncheck the very last checkbox. Edited August 28, 2007 by yamum Link to comment Share on other sites More sharing options...
stolenpants Posted August 28, 2007 Author Share Posted August 28, 2007 Tried that. I don't think it's a client problem as our macs are experiencing it. I think windows update screwed something up on the server. Link to comment Share on other sites More sharing options...
nmX.Memnoch Posted August 28, 2007 Share Posted August 28, 2007 Someone didn't by chance change the LM Level of the domain did they? If the domain is set to 'Send NTLMv2 response only\refuse LM & NTLM' then you can have these types of problems. Run the Resultant Set of Policies MMC (Start > Run > rsop.msc) on the domain controller and navigate to the following location:Console Root>username on computername>Computer Configuration>Windows Settings>Security Settings>Local Polices>Security OptionsOne you get there look for the 'Network security: LAN Manager authentication level' policy and see what the effective setting is. Link to comment Share on other sites More sharing options...
stolenpants Posted August 29, 2007 Author Share Posted August 29, 2007 The event viewer doesn't say anything about it, it's really aggravating.It may be a policy, or a registry setting.I remember years back, XP came out with this auto update that broke something to do with roaming profiles and a samba server. It turned out to be some policy thing, but it was a nightmare to figure out. Link to comment Share on other sites More sharing options...
stolenpants Posted August 29, 2007 Author Share Posted August 29, 2007 I looked at the NTLM setting, and it's not set to NTLM2 Link to comment Share on other sites More sharing options...
cluberti Posted August 29, 2007 Share Posted August 29, 2007 What about a network trace from a client of this happening, to see what kind of auth the client is sending, and the 403 response from the server should tell us what level of auth the server is requiring (they'll likely not match). Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now