8 replies to this topic

[Mihai]

Hello guys.

I am facing with the following issue. After installing Windows XP with SP3 and connecting into our local network (no outside access) I am able to connect to a W2003 domain (the XP SP3 is not member of the domain, but using the same username and password like in the domain).

After applying all the patches from Autopatcher the following issue appear:

Going through the logs I see intervals of authentication attempts for this machine on our domain controller..... what I don't get is that the failure events recorded in the W2003 logs shows that the domain specified is the workstation name. Basically I don't understand how the authentication attempt is directed to our Domain controller when the domain specified during the log in is the local machine name.

Here is an example of the failure event: (information removed for security purposes)
==========================================================
Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 529
Date: 1/12/2010
Time: 11:40:06 AM
User: NT AUTHORITY\SYSTEM
Computer: Domain Controller
Description:
Logon Failure:
Reason: Unknown user name or bad password
User Name: User.Account.in.AD
Domain: Workstation Name
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: Workstation Name
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: A.B.C.D
Source Port: 0

Does anybody have an idea how can I fix this strange issue?

Thank you!
Mihai

[Cristiano]

did you have applied the following tweaks?
Disable Default Hidden Administrative Shares
Remove IPC$ Share Remote Netbios Attack Vulnerability

if so, then run autopatcher again, right-click those tweaks, select uninstall, reboot and try again. if the issue happen again, please state the updates/tweaks that you have applied

thanks

[]s

[Mihai]

Hello Cristiano!

I started over today, with a new fresh install, I will describe all the steps:
Step 1. Installing windows xp sp3 (from original CD)
Step 2. Installing main drivers (chipset + video + lan + wireless)
Step 3. Checking if 'map network driver' is working with the domain username and password (same as local windows username and password) --> everything is working great (local username and password are accepted by domain)
Step 4. All its working just fine, applying autopatcher patches and tweaks based on the attached answer file (none of the security tweaks are selected)
Step 5. After restart trying 'map network drive' --> asking me continuously for username and password (none accepted) --> receiving the same error as described before

What could be the problem?

Thanks,
Mihai

PS: I would like to mention that I used several time this answer file but never receive this kind of connection problem (only on this Toshiba Satelite L350)

Attached Files

•  autopatcher.zip   914bytes   1 downloads

[Cristiano]

please, try this:
- control panel, system, double-click it, computer name. check the 2nd option (change/rename, but i'm not running an english OS and the name of this option can be another one. but there's only 2 options and the one that you don't need is the wizard) and be sure that your station has another name than the domain. that can be easily tested, by changing the name of the workstation to another one or even by adding another character to the workstation name. after that, reboot and try again

as for your answers file, your selections don't look dangerous

[]s

[Mihai]

Cristiano, you are so fast Thanks a lot for your quick reply.
The name of station is different from the domain (it's a random letters and numbers), but now I tried to change it to something else and it's still refusing my username and password.

On the domain's log:

Logon Failure:
Reason: Unknown user name or bad password
User Name: Gabic
Domain: GABICCC
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: GABICCC
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: 192.168.0.15
Source Port: 0

I cannot understand why is receiving the workstation name as the domain name.

Mihai

The same steps, but on different workstation, are working perfectly.

[Cristiano]

> I tried to change it to something else
you have rebooted after that? in your log, Domain and Workstation Name are the same. that isn't allowed

one idea: choosing the wizard this time, try the option to join to an domain. you may require the admin password to do that. but that it's only an idea.

[]s

[Mihai]

Sure I restarted after changed the workstation name.

I am able to add the workstation to domain, after joined the domain I can map that drive, even if I login only locally (not into the domain).

Still wandering what could be the problem about sending the local station name as the domain name too.

Mihai

[Cristiano]

no idea. maybe something wrong with the OS, i don't know.

[]s

[Mihai]

Cristiano, on 25 January 2010 - 01:05 PM, said:

no idea. maybe something wrong with the OS, i don't know.

[]s

Thank you for trying, it is strange for me too.
I added the workstation to the domain and after a reboot I just leave the domain and transform back into a home workstation. After this he is working like it should work at the beginning (I am able to log in into domain using local username and password).
Really strange.

Thanks again for your kindness.

Mihai

LaterEdit: I'm back with som fresh news. After adding the workstation into domain & leaving the domain I just format & reinstall the workstation using the same steps as described before and everything works without joining again the domain. So I could have an ideea, It is possible that the domain apply a kind of blocking for this workstation's MAC and after joining the domain to remove the blocking, or something like that?

Edited by Mihai, 25 January 2010 - 01:54 PM.