Cached Password Issue???

Cached Password Issue???

Post by Roman » Thu, 22 Apr 2004 04:08:01


I have a notebook(XP PRO SP1)user who is unable to login
to the domain. They are supplying the correct credentials
at logon but are unable to connect to shares on the
server. I have even gone as far as resetting the users
password with a prompt for them to change it at next
logon, which they get prompted to do, however they still
cannot browse the server. I can manually connect to
shares if I supply the same credentials however. I looked
at the event viewer on the server and notice on the
security log indicates an security fault indicating this
user tried to authenticate with either an incorrect
username or password. If I look at the users event log on
their XP Notebook, I get the following entries:

anyone know what is going on and how to fix this?

Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1006
Date: 4/16/2004
Time: 7:19:33 PM
User: TVPA\user1
Computer: CPU1
Description:
Windows cannot bind to TVPA.local domain. (Invalid
Credentials). Group Policy processing aborted.

Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1030
Date: 4/16/2004
Time: 7:19:33 PM
User: TVPA\user1
Computer: CPU1
Description:
Windows cannot query for the list of Group Policy
objects. A message that describes the reason for this was
previously logged by the policy engine.
 
 
 

Cached Password Issue???

Post by gcamorl » Sat, 03 Dec 2005 02:30:23

Same issue as
1. Roman B
Apr 20 2004, 1:09 pm show options

Newsgroups: microsoft.public.windows.server.sbs
From: "Roman B" < XXXX@XXXXX.COM > - Find messages by this author
Date: Tue, 20 Apr 2004 12:08:01 -0700
Local: Tues, Apr 20 2004 1:08 pm
Subject: Cached Password Issue???
Reply to Author | Forward | Print | Individual Message | Show original
| Report Abuse

I have a notebook(XP PRO SP1)user who is unable to login
to the domain. They are supplying the correct credentials
at logon but are unable to connect to shares on the
server. I have even gone as far as resetting the users
password with a prompt for them to change it at next
logon, which they get prompted to do, however they still
cannot browse the server. I can manually connect to
shares if I supply the same credentials however. I looked
at the event viewer on the server and notice on the
security log indicates an security fault indicating this
user tried to authenticate with either an incorrect
username or password. If I look at the users event log on
their XP Notebook, I get the following entries:


anyone know what is going on and how to fix this?


Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1006
Date: 4/16/2004
Time: 7:19:33 PM
User: TVPA\user1
Computer: CPU1
Description:
Windows cannot bind to TVPA.local domain. (Invalid
Credentials). Group Policy processing aborted.


Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1030
Date: 4/16/2004
Time: 7:19:33 PM
User: TVPA\user1
Computer: CPU1
Description:
Windows cannot query for the list of Group Policy
objects. A message that describes the reason for this was
previously logged by the policy engine.
++++++++++++++++++++++++++++++++++
Additional notes: This issue started after we implemented Active
Directory in our environment.
We are on Windows XP/SP2. and use Group Policies.
It happenst intermitently and affects different accounts at different
times. Usually after password is being changed, and to those who log
into multiple computers. Sometimes in the middle of work, then if
trying to browse a network drive I receive access denied.
Please advise. This is a serious problem.

 
 
 

Cached Password Issue???

Post by v-crina » Sat, 03 Dec 2005 15:08:42

i Gcamorli,

Thank you for posting in SBS newsgroup.

From the description, I understand the issue to be: user got event 1006 and
1030 when they log on to SBS domain. They can log on to SBS domain,
however, they can not access shares on the server. If I have misunderstood
your concerns, please do not hesitate to let me know.

Based on my research, I suspect the event 1030/1006 problem is very likely
related to either of the following problems:

1. DNS name resolution.
2. Corrupt user profiles.

Let's check DNS settings first.

Check DNS name resolution:
----------------------------------

Windows 2000/2003 AD domains rely on DNS for name resolution. If there is
no internal DNS server, the DC cannot register their SRV, A records on the
DNS zone and therefore the other client machines and member servers will be
unable to locate the directory services.

Basically, we should ensure the following:

1. Please help me confirm if you have followed the steps to configure SBS:

1) Leave the Default Gateway of the internal NIC blank.
2) Configure both the internal NIC and the external NIC to use the internal
DNS Service as the DNS Server.
3) On the DNS Server, create the DNS Forwarder to forward the external DNS
resolution requests to the ISP's DNS server. See:

323380 How to configure DNS for Internet access in Windows Server 2003
http://support.microsoft.com/?id=323380

4) Strictly followed the instructions in the KB article below to run CEICW:

825763 How to configure Internet access in Windows Small Business Server
2003
http://support.microsoft.com/?id=825763

2. All client computers should be pointed to internal DNS servers for DNS
name resolution.

Therefore, we need to check the TCP/IP settings on all computers and point
them to the internal DNS server as the "Preferred DNS Server".

3. Check if the Forward Lookup Zone has Dynamic Updates set to None:

1) Click Start -> All Programs -> Administrative Tools -> DNS.
2) Expand Forward Lookup Zones, right-click the zone and select Properties.
3) On the General tab, set Dynamic updates to Nonsecure and secure.

4. After performing the above steps, we can run the following commands on
the DC to create SRV records:

net stop netlogon
net start netlogon

Then please open the DNS management snap-in and browse to
DNS\<ServerName>\Forward Lookup Zones\YourDomain.local\. There should be
new subfolders: _msdcs, _sites, _tcp, _udp, DomainDnsZones and
ForestDnsZones.

After performing the above steps, please restart the problematic machine
and check if the problem has been resolved.

If the problem still occurs, would you please help me collect the following
information?

1. On the SBS server, open Server Management, click Users, right-click the
user and click Change Password. Can you log on with the new password and
access shares?
2. Can you log on to the domain as a domain administrator from the Windows
XP computer and access shares?
3. On the SBS server, check if the user has sufficient NTFS permissions and
Share permissions to the "C:\WINDOWS\SYSVOL\sysvol" folder.
4. You said "I can manually connect to shares if I supply the same
credentials", can you describe how you access the shares manually?

Thanks for your time and I look forward to hearing from you.

Best regards,

Crina Li (MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/sec