|
Posted by Steven L Umbach on May 4, 2006, 4:08 pm
Please log in for more thread options Tim.
Interesting. If I read your post correctly you said that if you used your
domain administrator account from domain B on the same exact computer there
is no problem?? If that is the case [assuming you are not authenticating to
a local user account on it] it would not seem to be an issue with DNS
[though IP works where name does not indicates otherwise which really makes
this confusing] but I would still run the support tool netdiag on that
computer to see if any problems are reported such as for dns, dc discovery,
Kerberos, or trust/secure channel. I would also run netdiag and dcdiag on at
least the pdc fsmo in each domain. Make sure that the global catalog server
is active and that the client computer can ping it by name/IP. Also can you
ping the target server from that client computer by both name and IP trying
both fully qualified domain name and just computer name?? Consider creating
a new test user in domain B and see if the same problem happens in the same
site, in a different site, and if that test user logs onto a computer in
domain A. I would also post in the Active_directory newsgroup for feedback.
Also make sure that the XP Pro client computer does not have any stored
credentials for that server which can cause complications and try logging on
as that user from a different computer in the same site. --- Steve
http://support.microsoft.com/?id=306992 --- XP stored credentials
>I found some new information about this problem. It appears that if I try
>to connect to the share using the IP address instead of the NETBIOS name or
>the FQDN of the server, it works fine and there is no password prompt.
>However, if I try to use either the NETBIOS or FQDN names, it prompts for
>the password and after putting it in, it fails.
>
> Do you think this is a DNS issue on the client? The client machines are
> located in a different physical site with a single Domain Controller and
> DNS server. The domain spans multiple sites.
>
> I turned on the security logging and nothing shows up on the server for
> failed logons, so it doesn't appear to be getting that far.
>
> -Tim Nichols
>
>>I assume here that it works when you enter your credentials for domain B
>>on the same computer if I understand what you said correctly. Try looking
>>in the security log of the server with the share to see if any logon
>>failure is recorded and the reason why at the time of the logon failure.
>>Auditing of logon events would need to be enabled on the server. There
>>could also be a problem with the user right for access this computer from
>>the network but usually the user will get a message that you do not have
>>the proper logon type when trying to access the share. A logon failure
>>would probably show that and auditing of privilege use for failure
>>definitely would. --- Steve
>>
>>
>>>I am having an issue with accessing shares on a server in one domain in
>>>our forest from a desktop in another domain in the same forest.
>>>
>>> First of all I will describe the environment. The server is running
>>> Windows 2000 Server with SP4. It resides in Domain A, which is a
>>> Windows 2003 domain structure. This domain is in our Forest which is
>>> also at Windows 2003 functional level.
>>>
>>> The desktop and user having the problem are both members of Domain B,
>>> which is also a 2003 domain in our Forest. The desktop is running
>>> Windows XP Professional with SP2.
>>>
>>> Now, the situation:
>>>
>>> When the user is logged on to his computer, he cannot access a file
>>> share located on the server in question. When he tries to access going
>>> through UNC path name, it prompts for a user name and password. Putting
>>> his username and password in fails (regardless, he shouldn't have to do
>>> this). I have verified that the Domain Users group from Domain B (which
>>> he is a member of) has read-only permissions to the share folder (NTFS
>>> permissions) and the Shared permissions are set for "Everyone" to have
>>> full control.
>>>
>>> If I put my username and password into the box (I am a domain admin in
>>> Domain A), it works.
>>>
>>> When I logged on to his computer with the Domain B administrator
>>> account, it is able to access the share without any problems.
>>>
>>> We have two other users in domain B who need access to this share, and
>>> they have the same problems as the first user.
>>>
>>> Does anyone know what I should check or have any suggestions to assist
>>> me with this issue?
>>>
>>> -Tim Nichols
>>>
>>>
>>
>>
>
>
| 
XML Sitemap