This has been bugging me for the past 3 days now and even has my 3rd party Microsoft experts stumped.
The portion of our network that is in question is a site to site vpn using cisco routers. We have a mix of XP and Win2k machines that access a file server. This has worked fine for the past few years up until early Wednesday morning. All of a sudden we cannot get the Win2k machines to access the server. We've tried and tried to troubleshoot looking through all event logs, debug folders, packet captures, rebooting machines, updating to latest MS patches, etc. Those machines can ping the server, but not able to access the server's shares. Initiating a connection from the server to the client works like a charm and we can browse admin shares and print off a shared printer on the client machine, but only if initiated from the server. Initiated from the client is completely unsuccessful though. Also, the server we are trying to access is a domain controller as well as file server/app server. Shares such as "public" and "sysvol" are accessible, but the other shares are not.
The error we receive is \\X.X.X.X\c$ is not accessible. The remote procedure call failed.
packet capture from Wireshark 0.99.2 yields 3 errors:
Trans2 Response, QUERY_PATH_INFO, Error: STATUS_OBJECT_NAME_NOT_FOUND
KRB Error: KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN
Session Setup AndX Response, NTLMSSP_CHALLENGE, Error: STATUS_MORE_PROCESSING_REQUIRED
I do not believe this is a kerberos error as there are no relevant event logs, time is snychronized, and our krtbg user in Active directory is hidden and disabled. From what I understand Win2k machines by default will try kerberos authentication which we are not using. The NTLM error is a little vague, and I've gooogled for more info but have come up empty-handed.
Once again, I'm completely stumped, and I've been through all the trivial items at least 3 times. Please help!
Thanks in advance,
manilapoo
Facebook
Twitter