|
Posted by Phil McNeill on May 31, 2006, 3:13 pm
Please log in for more thread options This WAS the problem after all. I must have been logged in with the wrong
account when I checked for it the first time (didn't realize it would be a
profile-specific setting, which was pretty dumb of me). Anyway, found the
entry, removed it, and I think they are back in business. Thanks to both
Steven and Roger!!
Phil
> Well that was my best shot as usually stored credentials or persistent
> credentials in a mapped drive are the problem. Offhand I can't think of a
> reason either why that would happen. What I would try to see what happens
> is use the net use command to connect to the share as in net use *
> \pluto\c$ /u:AccountB at which time you should be prompted for a password
> or maybe you will get some error message that could be a clue. Another
> thing to try is to temporarily disable accountA on Mars and try again to
> see what happens. Also check the logs on Mars to see if anything helpful
> is reported particularly at or around the time you try those connection
> attempts. I can't think of ant Local Security Policy setting that would
> cause such behavior. --- Steve
>
>
>> Thanks for the suggestion. Nothing there at all. This is completely
>> bizarre.
>>
>> The account that doesn't work (because the remote machine seems to refuse
>> to use it and instead uses another local account) is being used to run
>> scheduled jobs on Mars, which are now unsuccessful - the app person says
>> it was working for a couple months) which of course results in the
>> opposite account on the "connected to" server to get locked out due to
>> this weirdness.
>>
>> Anything in the local security policy on either machine for either of
>> these accounts that could account for this?
>>
>> I can't imagine what would cause that. I think I'll suggest they create
>> a new account and try it to see what the results are. Either that or use
>> a domain account for this stuff. Very strange.
>>
>> Thanks again!
>>
>>
>>
>>
>>> On Mars go to Control Panel - stored user names and passwords to see if
>>> anything is shown there which may be using the other user account. You
>>> can remove entries from there if you want. --- Steve
>>
>>
>>>
>>>> Weird one. If you're inclined to help, you may want to draw a picture.
>>>> :)
>>>>
>>>> 2 Servers:
>>>>
>>>> Mars (Windows 2003) has two local accounts, AccountA and AccountB, both
>>>> local administrators.
>>>> Pluto (Windows 2000) has two local accounts, also named AccountA and
>>>> AccountB, both local administrators.
>>>>
>>>> Both servers are member servers (not DCs) on the same mixed mode 2003
>>>> domain.
>>>>
>>>> The passwords for AccountA and AccountB are the same on both servers
>>>> (respectively), for the purpose of pass-through authentication.
>>>>
>>>> I log in to Mars locally with AccountB, and UNC to \Pluto\c$ at the
>>>> run command, expecting the local AccountB on Pluto to be used to access
>>>> the shared resource. I get the message that it is not accessible, and
>>>> that the referenced account is currently locked out and may not be
>>>> logged on to. When I check the security log on Pluto, I see that
>>>> instead of it using the local AccountB account to access the share (as
>>>> I would expect pass-through authentication to do), it is instead using
>>>> AccountA (even though I was logged in with AccountB on Mars). This
>>>> happens not just with the default shares, but any share AccountB has
>>>> access to.
>>>>
>>>> Any idea why Pluto would attempt to use the opposite account when
>>>> logically it should grab the one with the same name as what I'm logged
>>>> into Mars with?
>>>>
>>>> If I do everything the same, except log in with AccountA, everything
>>>> works fine.
>>>>
>>>> Any thoughts appreciated!!
>>>>
>>>> Phil
>>>>
>>>> Logs from Pluto:
>>>>
>>>> Event Type: Failure Audit
>>>> Event Source: Security
>>>> Event Category: Account Logon
>>>> Event ID: 681
>>>> Date: 09/05/2006
>>>> Time: 11:34:04 AM
>>>> User: NT AUTHORITY\SYSTEM
>>>> Computer: Pluto
>>>> Description:
>>>> The logon to account: AccountA
>>>> by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
>>>> from workstation: Mars
>>>> failed. The error code was: 3221226036
>>>>
>>>> and:
>>>>
>>>> Event Type: Failure Audit
>>>> Event Source: Security
>>>> Event Category: Logon/Logoff
>>>> Event ID: 539
>>>> Date: 09/05/2006
>>>> Time: 11:34:04 AM
>>>> User: NT AUTHORITY\SYSTEM
>>>> Computer: Pluto
>>>> Description:
>>>> Logon Failure:
>>>> Reason: Account locked out
>>>> User Name: AccountA
>>>> Domain: Pluto
>>>> Logon Type: 3
>>>> Logon Process: NtLmSsp
>>>> Authentication Package: NTLM
>>>> Workstation Name: Mars
>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>
| 
XML Sitemap