Mapping network drives issues 1

mudskipper · Sep 3, 2003

Hello, all--having a bit of trouble here, and my brain is fried. I have been searching all over for solutions, and I am coming up short. I am getting the horrible feeling like this is a forehead slapping, stupid, easy issue--but it eludes me!!

We have a server (still NT) that replaced a problematic one. (Yes, this is scheduled for an upgrade when time allows--maybe this is a sign that the time is now?!!).

Trying to map network drives to some shared folders which all previously worked (on old NT server). When we copied the shared folders, the permissions appear to have tranferred correctly as well. To be sure, we have actually removed and reapplied the security settings--all with the same results.

The issue is:

System 1 (win 2k pro): User1 logs onto system. Both mapped drives access fine. User2 logs onto system, try to access the share, gets "this user account has expired". In the process of troubleshoooting we deleted the share, tried to re-map, and we get "An extended error has occurred--access denied". User is not expired. I am able to change this user's account info, go back to the server in question, and the settings seem to take--so it seems to be pulling down this info correctly....

System 2 (win 2k pro): User1 still works fine. User2 works fine.

I have tried various things--even those that don't seem like they apply. I have checked time sync with the domain controller on the server in question as well as the workstations. I have ensured that this server is properly joined to the domain. I have removed the workstation(s) in question from the domain and rejoined it. We have removed User1's account and set it back up.

I actually have about 20 people accessing these shares, and 3 with these errors....

There is much more that we tried, but the facts are slowly slipping away and/or all fading together. What am I missing?

Thank you for all of your help (and reading through a painfully long post)!

Mudskipper
-----------------
Groucho said it best- "A four year-old child could understand this!
Quick! Run out and find me a four year-old child: I can't make heads nor tails out of this!"

nlm9802 · Sep 3, 2003

have you checked the eventlog on the server? enabled auditing on that shared folder? any clues in the eventlog on system1? anything look odd?

microsoft was not very helpful with their description of error 532..

Event Message:
Logon Failure: Reason: The specified user account has expired User Name: user name Domain: name Logon Type: name Logon Process: parameter Authentication Package: parameter Workstation Name: computer name

Source Event Log Event ID Event Type
Security Security 532 Failure Audit

Explanation:
This event record indicates an attempt to log on to an account that has expired.

more microsoft mumbo jumbo:

http://support.microsoft.com/defaul...port/kb/articles/q174/0/73.asp&NoWebContent=1

it's definitely something with system1.. it almost sounds like user2 is logging into system1 locally with a cached account instead of using their domain account. But I'm sure you checked that

good luck, I'm turning email notification on this one, interesting issue.

mudskipper · Sep 3, 2003

Thanks for the reply

On system1 (and others with this issue), they also get Event ID 1000 source Userenv and Event ID 1202 source Scecli. Individually, these IDs also give pretty generic info, but one MS listing...let's see...

http://support.microsoft.com/default.aspx?scid=kb;en-us;260715

speaks of conflicting group policies....doesn't seem to apply, but I did double (triple) check it.

To answer your question, yeah, logging on locally was an issue that we looked at, and I was (at the time) standing behind the users and watched as they logged in properly to the domain.... And don't feel bad for mentioning it--i'm certainly not above missing the easy stuff (we all have had the "did you plug it in...?" issues)!!

Either I'm having a really bad "Tech Day", or the issue may have come to light....

Oddly enough, on the NT server, I was getting event logs (security) showing the failed attempts to access the shares. Out of frustration, from this NT box I tried to sync to the primary domain controller, and have since started getting (System) Event ID 5721 and 3096(which to paraphrase, say, "What the (insert choice word here)?!! I can't find the PDC." At this point, this ID 5721 is coming up every 5-10 minutes on its own.

The only other times that I have seen these events (5721 mostly), they were *constant*--not appearing just after a sync....

So whether this is the cause of the entire issue (certainly could do it) or the result of "replace technician, press any key to continue", it looks like I'm going back to square one and re-joining the domain on this box.... We'll see if this clears everything up, or if it just throws me back into the same issues.

I'll post back with the results....

Mudskipper
-----------------
Groucho said it best- "A four year-old child could understand this!
Quick! Run out and find me a four year-old child: I can't make heads nor tails out of this!"

mudskipper · Sep 3, 2003

nlm9802 -- Go figure (slaps own forehead). It did the trick.

I can't for the life of me, figure out why I was not getting messages to the effect of it now finding the Primary Domain Controller, but after renaming the NT box, deleting the account on the PDC, recreating it, and changing the name back, all is well.

Additionally, I am puzzled as to why the locked out user could access everything fine from another system....

I guess that I will keep an eye on these systems and keep my fingers crossed (although that slows down my WPM). I must admit that I am a bit leary that the wierdness will slowly creep back into the picture, but hopefully I can have a new server up and running before this can happen again.

Thanks for your interest in the problem. It is very much appreciated!! Always nice to get ideas from others (and to have others keep you on the right track)!

Mudskipper
-----------------
Groucho said it best- "A four year-old child could understand this!
Quick! Run out and find me a four year-old child: I can't make heads nor tails out of this!"

mudskipper · Sep 5, 2003

nlm9802 -- Just an update to satisfy your curiosity.... I should have posted sooner, but have been very busy lately.

Shortly after the system started working, I recieved a call from a tech who was "away" on vacation (this person was at home). Evidentally, somebody called the tech about the issue and he had remoted into the system. He found the issue (can't find the MS article now, doesn't that figure), and had changed a registry key (if/when I find that stinkin' article, I'll post it for you). When I checked the very same registry key, I saw nothing wrong with it. As it turns out, tech #2 did not happen to be on the system when I was. In addition, I did not check the *successful* logins on the system, as this possibility did not occur to me.

To make a (very) long story short, he had decided (don't ask why--I have yet to get a good answer from him) to remove it from the domain and re-join it. After removing it, he was unable to remote back into the system (duh!). This is where I went in, found the "no primary domain controller" errors, renamed the box, rejoined, etc..

To make a long story short, I was the victim of some bad tech work, and HORRIBLE communications problems....

I love my job... I love my job... I love my job....

;-)

Mudskipper
-----------------
Groucho said it best- "A four year-old child could understand this!
Quick! Run out and find me a four year-old child: I can't make heads nor tails out of this!"

Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Mapping network drives issues 1

mudskipper

Technical User

nlm9802

IS-IT--Management

mudskipper

Technical User

mudskipper

Technical User

mudskipper

Technical User

Similar threads

Part and Inventory Search

Sponsor