Help with XP networking on 2k Server network

[starwarsdad]

We are adding a couple of XP Pro machines to the company network. The network consists of NT servers that have been upgraded to Win2K and Win2K Pro workstations, Mac workstations, and Linux Servers. The DC is an NT4 box that has been upgraded to Win2K Server.

When trying to connect from the new XP boxes, we are getting LSASRV, Kerberos, and USERENV errors on the XP boxes.

We can see the domain, but when trying to access a network server we are prompted for the login. My login is that of a domain admin. It does not seem as if we are being authenticated on the network. Even though the XP boxes join the domain, they are acting as if they can not find it.


These are the error messages we are getting:

LSA Error 1 - The Security System detected an attempted downgrade attack for server cifs/SERVER. The failure code from authentication protocol Kerberos was "There are currently no logon servers available to service the logon request.



The Security System could not establish a secured connection with the server cifs/SERVER. No authentication protocol was available

Userenv Error - Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.


Any and all help is appreciated!!!!

 

[starwarsdad]

Bump

 

[igiveup]

Obviously its not authenticating (and you can tell that from this:

<< The Security System could not establish a secured connection with the server cifs/SERVER. No authentication protocol was available >>

, which is your second error message).

Kerberos is the default authentication method for Windows 2000. I have to log into my admin account to check things out though. BRB.


OK, I am back. Check out this link for an interesting MS KB article. Don't know how helpful though.

This article is interesting too. Again, not sure how much it will help though. It might directly apply to you though since you are running XP in a non active directory environment.

Just a thought, but what do your Apple clients use to authenticate? I think your solution is to manually set the KDC for the XP clients, as Kerberos is the default method used. You have windows 2000 clients that work and can connect successfully right? Thats my best shot, and I learned some stuff too. PLEASE make sure you write back, as I would love to know if a solution is found. I work for a company as a junior IT Admin and would love to add to my KB. Thanks!!!

 

[starwarsdad]

I promise to let you know what I find out! We have three admins and we are all taking the 2K Pro exam today, so it may be as late as Monday before we really get a solid answer.

Thanks for the effort!!!! I'll stay in touch!