theniteowl
Programmer
Hi All,
We have four servers, 1 dev and 3 production for one of our major applications.
Monthly we install software updates, apply any non-critical security patches and reboot the servers.
The servers are setup so that the vendor can remotely connect and administer the application and the application runs under a local login account so that outside access to the server is not getting rights on the domain.
The servers have several persistant drive mappings set with "Connect as different user" and use a domain account to establish the connection.
Every month when the servers are rebooted (one at a time) we end up with the domain account getting locked out and have to call to get it unlocked so we can proceed with the next step and other servers.
Checking the error logs I find LSASRV/SPNEGO errors stating "The Security System could not establish a secured connection with the server cifs/servername. No authentication protocol was available."
I find this error once for each server to which a domain account based drive mapping is supposed to be established.
It seems to me that the mappings are being attempted at a point prior to some other component being available to negotiate the connection and results in account violations.
Once some time has passed if the account has not yet been locked out or has been unlocked the drives establish themselves.
The mappings are correct with id and password and will ultimately work without changing them after the account lockout gets cleared up.
The only thing I can find that might help is editing the registry entries for the mappings setting the DeferFlags value to 4 rather than one as I believe this will cause the mappings not to re-establish until first use is attempted rather than trying to establish at boot time.
Any thoughts on this? I have searched a LOT on this and all I can find is NT server related issues which sound similar but should not apply on 2003 server.
At my age I still learn something new every day, but I forget two others.
We have four servers, 1 dev and 3 production for one of our major applications.
Monthly we install software updates, apply any non-critical security patches and reboot the servers.
The servers are setup so that the vendor can remotely connect and administer the application and the application runs under a local login account so that outside access to the server is not getting rights on the domain.
The servers have several persistant drive mappings set with "Connect as different user" and use a domain account to establish the connection.
Every month when the servers are rebooted (one at a time) we end up with the domain account getting locked out and have to call to get it unlocked so we can proceed with the next step and other servers.
Checking the error logs I find LSASRV/SPNEGO errors stating "The Security System could not establish a secured connection with the server cifs/servername. No authentication protocol was available."
I find this error once for each server to which a domain account based drive mapping is supposed to be established.
It seems to me that the mappings are being attempted at a point prior to some other component being available to negotiate the connection and results in account violations.
Once some time has passed if the account has not yet been locked out or has been unlocked the drives establish themselves.
The mappings are correct with id and password and will ultimately work without changing them after the account lockout gets cleared up.
The only thing I can find that might help is editing the registry entries for the mappings setting the DeferFlags value to 4 rather than one as I believe this will cause the mappings not to re-establish until first use is attempted rather than trying to establish at boot time.
Any thoughts on this? I have searched a LOT on this and all I can find is NT server related issues which sound similar but should not apply on 2003 server.
At my age I still learn something new every day, but I forget two others.
