Go Back   TechArena Community > Technical Support > Computer Help > Windows Server > Windows Server Help
Become a Member!
Forgot your username/password?
Tags Active Topics RSS Search Mark Forums Read

Sponsored Links



trusted domain authentication

Windows Server Help


Reply
 
Thread Tools Search this Thread
  #1  
Old 11-07-2008
Urs Wegm?ller
 
Posts: n/a
trusted domain authentication

We have two different AD Forrests. Forrest A (2003 DC's) and Forrest B (2008
GC, 2003 DC). Forrest B trusts Forrest A.

Now Users are ablte to connect to Servers located in Forrest B by RDP, but
there not able to connect to Filesahres.

Does sombody now, why that could happen? In the event log, we can see that
the user is not permitted:

Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 11.07.2008 16:34:06
Event ID: 4625
Task Category: Logon
Level: Information
Keywords: Audit Failure
User: N/A
Computer: ATLAS.xxx.xxx.ch
Description:
An account failed to log on.

Subject:
Security ID: NULL SID
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 3

Account For Which Logon Failed:
Security ID: NULL SID
Account Name: u.brogle
Account Domain: xxx

Failure Information:
Failure Reason: An Error occured during Logon.
Status: 0xc0000413
Sub Status: 0x0

Process Information:
Caller Process ID: 0x0
Caller Process Name: -

Network Information:
Workstation Name: PP6
Source Network Address: 195.170.175.183
Source Port: 61764

Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon request fails. It is generated on the
computer where access was attempted.

The Subject fields indicate the account on the local system which requested
the logon. This is most commonly a service such as the Server service, or a
local process such as Winlogon.exe or Services.exe.

The Logon Type field indicates the kind of logon that was requested. The
most common types are 2 (interactive) and 3 (network).

The Process Information fields indicate which account and process on the
system requested the logon.

The Network Information fields indicate where a remote logon request
originated. Workstation name is not always available and may be left blank
in some cases.

The authentication information fields provide detailed information about
this specific logon request.
- Transited services indicate which intermediate services have participated
in this logon request.
- Package name indicates which sub-protocol was used among the NTLM
protocols.
- Key length indicates the length of the generated session key. This will
be 0 if no session key was requested.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Security-Auditing"
Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" />
<EventID>4625</EventID>
<Version>0</Version>
<Level>0</Level>
<Task>12544</Task>
<Opcode>0</Opcode>
<Keywords>0x8010000000000000</Keywords>
<TimeCreated SystemTime="2008-07-11T14:34:06.316Z" />
<EventRecordID>152456</EventRecordID>
<Correlation />
<Execution ProcessID="584" ThreadID="4036" />
<Channel>Security</Channel>
<Computer>ATLAS.dmz.vit.ch</Computer>
<Security />
</System>
<EventData>
<Data Name="SubjectUserSid">S-1-0-0</Data>
<Data Name="SubjectUserName">-</Data>
<Data Name="SubjectDomainName">-</Data>
<Data Name="SubjectLogonId">0x0</Data>
<Data Name="TargetUserSid">S-1-0-0</Data>
<Data Name="TargetUserName">u.brogle</Data>
<Data Name="TargetDomainName">VITADS</Data>
<Data Name="Status">0xc0000413</Data>
<Data Name="FailureReason">%%2304</Data>
<Data Name="SubStatus">0x0</Data>
<Data Name="LogonType">3</Data>
<Data Name="LogonProcessName">NtLmSsp </Data>
<Data Name="AuthenticationPackageName">NTLM</Data>
<Data Name="WorkstationName">PP6</Data>
<Data Name="TransmittedServices">-</Data>
<Data Name="LmPackageName">-</Data>
<Data Name="KeyLength">0</Data>
<Data Name="ProcessId">0x0</Data>
<Data Name="ProcessName">-</Data>
<Data Name="IpAddress">195.170.175.183</Data>
<Data Name="IpPort">61764</Data>
</EventData>
</Event>


Reply With Quote
  #2  
Old 13-07-2008
Meinolf Weber
 
Posts: n/a
Re: trusted domain authentication

Hello Urs,

Here you have an overview about accessing resources:
Forests:
http://technet2.microsoft.com/Window...bb85e1033.mspx

Domains
http://technet2.microsoft.com/window....mspx?mfr=true

Set permissions:
http://technet2.microsoft.com/window....mspx?mfr=true

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

> We have two different AD Forrests. Forrest A (2003 DC's) and Forrest B
> (2008 GC, 2003 DC). Forrest B trusts Forrest A.
>
> Now Users are ablte to connect to Servers located in Forrest B by RDP,
> but there not able to connect to Filesahres.
>
> Does sombody now, why that could happen? In the event log, we can see
> that the user is not permitted:
>
> Log Name: Security
> Source: Microsoft-Windows-Security-Auditing
> Date: 11.07.2008 16:34:06
> Event ID: 4625
> Task Category: Logon
> Level: Information
> Keywords: Audit Failure
> User: N/A
> Computer: ATLAS.xxx.xxx.ch
> Description:
> An account failed to log on.
> Subject:
> Security ID: NULL SID
> Account Name: -
> Account Domain: -
> Logon ID: 0x0
> Logon Type: 3
>
> Account For Which Logon Failed:
> Security ID: NULL SID
> Account Name: u.brogle
> Account Domain: xxx
> Failure Information:
> Failure Reason: An Error occured during Logon.
> Status: 0xc0000413
> Sub Status: 0x0
> Process Information:
> Caller Process ID: 0x0
> Caller Process Name: -
> Network Information:
> Workstation Name: PP6
> Source Network Address: 195.170.175.183
> Source Port: 61764
> Detailed Authentication Information:
> Logon Process: NtLmSsp
> Authentication Package: NTLM
> Transited Services: -
> Package Name (NTLM only): -
> Key Length: 0
> This event is generated when a logon request fails. It is generated on
> the computer where access was attempted.
>
> The Subject fields indicate the account on the local system which
> requested the logon. This is most commonly a service such as the
> Server service, or a local process such as Winlogon.exe or
> Services.exe.
>
> The Logon Type field indicates the kind of logon that was requested.
> The most common types are 2 (interactive) and 3 (network).
>
> The Process Information fields indicate which account and process on
> the system requested the logon.
>
> The Network Information fields indicate where a remote logon request
> originated. Workstation name is not always available and may be left
> blank in some cases.
>
> The authentication information fields provide detailed information
> about
> this specific logon request.
> - Transited services indicate which intermediate services have
> participated
> in this logon request.
> - Package name indicates which sub-protocol was used among the NTLM
> protocols.
> - Key length indicates the length of the generated session key. This
> will
> be 0 if no session key was requested.
> Event Xml:
> <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
> <System>
> <Provider Name="Microsoft-Windows-Security-Auditing"
> Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" />
> <EventID>4625</EventID>
> <Version>0</Version>
> <Level>0</Level>
> <Task>12544</Task>
> <Opcode>0</Opcode>
> <Keywords>0x8010000000000000</Keywords>
> <TimeCreated SystemTime="2008-07-11T14:34:06.316Z" />
> <EventRecordID>152456</EventRecordID>
> <Correlation />
> <Execution ProcessID="584" ThreadID="4036" />
> <Channel>Security</Channel>
> <Computer>ATLAS.dmz.vit.ch</Computer>
> <Security />
> </System>
> <EventData>
> <Data Name="SubjectUserSid">S-1-0-0</Data>
> <Data Name="SubjectUserName">-</Data>
> <Data Name="SubjectDomainName">-</Data>
> <Data Name="SubjectLogonId">0x0</Data>
> <Data Name="TargetUserSid">S-1-0-0</Data>
> <Data Name="TargetUserName">u.brogle</Data>
> <Data Name="TargetDomainName">VITADS</Data>
> <Data Name="Status">0xc0000413</Data>
> <Data Name="FailureReason">%%2304</Data>
> <Data Name="SubStatus">0x0</Data>
> <Data Name="LogonType">3</Data>
> <Data Name="LogonProcessName">NtLmSsp </Data>
> <Data Name="AuthenticationPackageName">NTLM</Data>
> <Data Name="WorkstationName">PP6</Data>
> <Data Name="TransmittedServices">-</Data>
> <Data Name="LmPackageName">-</Data>
> <Data Name="KeyLength">0</Data>
> <Data Name="ProcessId">0x0</Data>
> <Data Name="ProcessName">-</Data>
> <Data Name="IpAddress">195.170.175.183</Data>
> <Data Name="IpPort">61764</Data>
> </EventData>
> </Event>



Reply With Quote
  #3  
Old 15-07-2008
Urs Wegm?ller
 
Posts: n/a
Re: trusted domain authentication

Thank you for your help:

Te reason was, that we used selective authentication instead of forest-wide
authentication on the Forest trust.

Regards
Urs Wegm?ller

"Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message
news:ff16fb66a38598cab3139d8d2700@msnews.microsoft.com...
> Hello Urs,
>
> Here you have an overview about accessing resources:
> Forests:
> http://technet2.microsoft.com/Window...bb85e1033.mspx
>
> Domains
> http://technet2.microsoft.com/window....mspx?mfr=true
>
> Set permissions:
> http://technet2.microsoft.com/window....mspx?mfr=true
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and
> confers no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>> We have two different AD Forrests. Forrest A (2003 DC's) and Forrest B
>> (2008 GC, 2003 DC). Forrest B trusts Forrest A.
>>
>> Now Users are ablte to connect to Servers located in Forrest B by RDP,
>> but there not able to connect to Filesahres.
>>
>> Does sombody now, why that could happen? In the event log, we can see
>> that the user is not permitted:
>>
>> Log Name: Security
>> Source: Microsoft-Windows-Security-Auditing
>> Date: 11.07.2008 16:34:06
>> Event ID: 4625
>> Task Category: Logon
>> Level: Information
>> Keywords: Audit Failure
>> User: N/A
>> Computer: ATLAS.xxx.xxx.ch
>> Description:
>> An account failed to log on.
>> Subject:
>> Security ID: NULL SID
>> Account Name: -
>> Account Domain: -
>> Logon ID: 0x0
>> Logon Type: 3
>>
>> Account For Which Logon Failed:
>> Security ID: NULL SID
>> Account Name: u.brogle
>> Account Domain: xxx
>> Failure Information:
>> Failure Reason: An Error occured during Logon.
>> Status: 0xc0000413
>> Sub Status: 0x0
>> Process Information:
>> Caller Process ID: 0x0
>> Caller Process Name: -
>> Network Information:
>> Workstation Name: PP6
>> Source Network Address: 195.170.175.183
>> Source Port: 61764
>> Detailed Authentication Information:
>> Logon Process: NtLmSsp
>> Authentication Package: NTLM
>> Transited Services: -
>> Package Name (NTLM only): -
>> Key Length: 0
>> This event is generated when a logon request fails. It is generated on
>> the computer where access was attempted.
>>
>> The Subject fields indicate the account on the local system which
>> requested the logon. This is most commonly a service such as the
>> Server service, or a local process such as Winlogon.exe or
>> Services.exe.
>>
>> The Logon Type field indicates the kind of logon that was requested.
>> The most common types are 2 (interactive) and 3 (network).
>>
>> The Process Information fields indicate which account and process on
>> the system requested the logon.
>>
>> The Network Information fields indicate where a remote logon request
>> originated. Workstation name is not always available and may be left
>> blank in some cases.
>>
>> The authentication information fields provide detailed information
>> about
>> this specific logon request.
>> - Transited services indicate which intermediate services have
>> participated
>> in this logon request.
>> - Package name indicates which sub-protocol was used among the NTLM
>> protocols.
>> - Key length indicates the length of the generated session key. This
>> will
>> be 0 if no session key was requested.
>> Event Xml:
>> <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
>> <System>
>> <Provider Name="Microsoft-Windows-Security-Auditing"
>> Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" />
>> <EventID>4625</EventID>
>> <Version>0</Version>
>> <Level>0</Level>
>> <Task>12544</Task>
>> <Opcode>0</Opcode>
>> <Keywords>0x8010000000000000</Keywords>
>> <TimeCreated SystemTime="2008-07-11T14:34:06.316Z" />
>> <EventRecordID>152456</EventRecordID>
>> <Correlation />
>> <Execution ProcessID="584" ThreadID="4036" />
>> <Channel>Security</Channel>
>> <Computer>ATLAS.dmz.vit.ch</Computer>
>> <Security />
>> </System>
>> <EventData>
>> <Data Name="SubjectUserSid">S-1-0-0</Data>
>> <Data Name="SubjectUserName">-</Data>
>> <Data Name="SubjectDomainName">-</Data>
>> <Data Name="SubjectLogonId">0x0</Data>
>> <Data Name="TargetUserSid">S-1-0-0</Data>
>> <Data Name="TargetUserName">u.brogle</Data>
>> <Data Name="TargetDomainName">VITADS</Data>
>> <Data Name="Status">0xc0000413</Data>
>> <Data Name="FailureReason">%%2304</Data>
>> <Data Name="SubStatus">0x0</Data>
>> <Data Name="LogonType">3</Data>
>> <Data Name="LogonProcessName">NtLmSsp </Data>
>> <Data Name="AuthenticationPackageName">NTLM</Data>
>> <Data Name="WorkstationName">PP6</Data>
>> <Data Name="TransmittedServices">-</Data>
>> <Data Name="LmPackageName">-</Data>
>> <Data Name="KeyLength">0</Data>
>> <Data Name="ProcessId">0x0</Data>
>> <Data Name="ProcessName">-</Data>
>> <Data Name="IpAddress">195.170.175.183</Data>
>> <Data Name="IpPort">61764</Data>
>> </EventData>
>> </Event>

>
>


Reply With Quote
Reply

  TechArena Community > Technical Support > Computer Help > Windows Server > Windows Server Help
Tags: ,



Thread Tools Search this Thread
Search this Thread:

Advanced Search


Similar Threads for: "trusted domain authentication"
Thread Thread Starter Forum Replies Last Post
Authentication via Windows domain in proxy server Algernon Networking & Security 6 17-02-2011 11:18 AM
Unable to see a forest trusted domain from XP admin tools but able to see from a Domain Controller Assasin boy Networking & Security 5 24-08-2010 03:12 AM
How to assign Domain admin credential to User from trusted domain Tom Active Directory 4 15-07-2009 11:29 PM
Domain authentication through a VPN bigboy Active Directory 0 16-10-2008 08:19 PM
what port is domain authentication using. inenewbl Windows Server Help 4 09-05-2008 09:54 AM


All times are GMT +5.5. The time now is 02:40 PM.