HPE Community
Windows Server 2003
1752817 Members
4416 Online
108789 Solutions
New Discussion юеВ

Re: Windows Server 2003 Sharing Problem

 
Simon Poulton
Honored Contributor

тАО11-14-2006 01:36 AM

тАО11-14-2006 01:36 AM

Windows Server 2003 Sharing Problem

Hi All
I'm having this strange issue with Windows Server 2003. If I stick with the basic 2003 without SP1 all works great but as soon as I upgrade to SP1 clients get the error:
"The system detected a possible attempt to compromise security"
This happens every time they try to access shares, it even appears when logging on.
This server is the only one on the network, Active Directory, DNS, DHCP and WINS are all installed and running. It also acts as a print server.
I recently upgraded it from Windows 2000 Advanced Server.
Without Fail SP1 always breaks this.
Any suggestions?
0 Kudos
8 REPLIES 8
Steven Clementi
Honored Contributor

тАО11-14-2006 02:17 AM

тАО11-14-2006 02:17 AM

Re: Windows Server 2003 Sharing Problem

Simon:

Is thee any issue preventing you from using the server?

Is the system "on the internet"?

I no... then just disbale your audit logging, unless you want it on for some reason.

With SP1, a lot of security enhancements were put into place and therefore the system generates a lot more audits to the logs and such. Your particular message might not mean anything except that things are normal.


Steven
Steven Clementi
HP Master ASE, Storage, Servers, and Clustering
MCSE (NT 4.0, W2K, W2K3)
VCP (ESX2, Vi3, vSphere4, vSphere5, vSphere 6.x)
RHCE
NPP3 (Nutanix Platform Professional)
0 Kudos
Jon Finley
Honored Contributor

тАО11-14-2006 03:39 AM

тАО11-14-2006 03:39 AM

Re: Windows Server 2003 Sharing Problem

From what I can find on the internet, the problem has to do with your DNS settings.

If you're including DNS settings with your DHCP subscription, make sure that you are NOT including an outside ISP in your DNS entries (set the ISP in as a DNS forwarder within your DNS server properties).

If these are all correct, check your DNS entries at the server.

The problem has to do with a "referencing" change that MS did in SP1 to make resource request more secure. The Client and the Server need to be able to securely exchange a token. Without the exchange, the server declares the transaction to be a possible security breach attempt.

If your subnet mask is incorrect, it can also affect this, so double-check your DHCP setting.

Make sure afterwards, that your Server is FULLY patched. There's some VERY nasty "bots" out loose that can and will compromise your Server quickly.

Jon
"Do or do not. There is no try!" - Yoda
0 Kudos
Simon Poulton
Honored Contributor

тАО11-14-2006 06:06 AM

тАО11-14-2006 06:06 AM

Re: Windows Server 2003 Sharing Problem

DNS Settings are all correct, Server is the Internet Server and uses ICS to deliver internet access. This breaks the shares this message always appears on clients after installing SP1.
I dont know where to find audit logging could you please point me to the settings page?
0 Kudos
Chucka Eya
Frequent Advisor

тАО11-14-2006 12:55 PM

тАО11-14-2006 12:55 PM

Re: Windows Server 2003 Sharing Problem

I am thinking DNS issues but can you look in the Event's log and see what the error messages are, as I'm sure they would be reporting this...
0 Kudos
Simon Poulton
Honored Contributor

тАО11-15-2006 05:27 AM

тАО11-15-2006 05:27 AM

Re: Windows Server 2003 Sharing Problem

I have attached the event log.
0 Kudos
Chucka Eya
Frequent Advisor

тАО11-21-2006 06:02 PM

тАО11-21-2006 06:02 PM

Re: Windows Server 2003 Sharing Problem

Hello Sorry - had IT issues of my own so disappeared. still in the middle of it, but not as bad as last week.
has this been resolved?

I've just looked at your logs - and there are rampant dns messages going on there, especially the last bit e.g

The description for Event ID ( 40961 ) in Source ( LSASRV ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: DNS/auth1.dns.gxn.net, "The SAM database on the Windows Server does not have a computer account for this workstation trust relationship.
(0xc000018b)".

I will look into this today and come back to you.

0 Kudos
Simon Poulton
Honored Contributor

тАО12-09-2006 02:51 AM

тАО12-09-2006 02:51 AM

Re: Windows Server 2003 Sharing Problem

Still the same issue when I install SP1. So i'm having to live without it for now.
0 Kudos
James Kavanagh
New Member

тАО03-15-2007 09:53 PM

тАО03-15-2007 09:53 PM

Re: Windows Server 2003 Sharing Problem

Hi,

I had this at work and resolved using the article from MS (http://support.microsoft.com/kb/889031/en-us). It is to do with the fact that VPN users don't have a valid site IP address and therefore can connect to any DC within the Site list. This was causing us some strange problems where people could and couldn't connect to certain servers and also would only affect certain machines. Very random and difficult to track down!

Thanks,

James.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.