System detected a possible attempt to compromise security

[jsmith609@yahoo.com]

I have a remote lan with 3 XP pro computers that are part of a Win2003
Active Directory (in the main location). Most of the time this remote
location is connected via a VPN connection and all is good.

One of the XP machines has a share that the other 2 XP machines access
for a database app (inventory / invoices ...). When the VPN connection
is up, there is no problem for the 2 machines to access the share on
the 3rd that holds the database. However, the VPN goes down from time
to time and when it does the 2 machines cannot access the share on the
3rd. If I open a cmd window and enter dir \\computer1\share I get the
error:

The system detected a possible attempt to compromise security. Please
ensure that you can contact the server that authenticated you.

All 3 XP machines are part of the same domain and I am logging in as a
valid domain user using cached credientials. Why can't the machine
that has the share allow another machine to access its share using
cached credientials?

Any help would be great.

- John

[Phillip Windell]

<jsmith609@yahoo.com> wrote in message
news:1158869509.498482.206950@d34g2000cwd.googlegroups.com...
> All 3 XP machines are part of the same domain and I am logging in as a
> valid domain user using cached credientials. Why can't the machine
> that has the share allow another machine to access its share using
> cached credientials?

It doesn't validate off of cached credentials because those are not a valid
authenticator. It has to validate the credentials presented to it with the
Domain Controller.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

[jsmith609@yahoo.com]

Is there any way to force it to validate off the cached credentials? I
need all 3 machines to be able to run the database app regardless of
the VPN connection.

Thanks.

[Phillip Windell]

<jsmith609@yahoo.com> wrote in message
news:1158931382.831357.99390@b28g2000cwb.googlegroups.com...
> Is there any way to force it to validate off the cached credentials? I
> need all 3 machines to be able to run the database app regardless of
> the VPN connection.

No.
That is why a DC is required at every remote site. That is what the "Active
Directory Sites Object" is there for,...it regulates the replication between
DCs over slow & undependable WAN links and it also always makes sure the
users log in with their own local DC and not one somewhere else across the
WAN. The local DC keeps the Sites "alive" if the link goes down,...then
when the link comes up the AD Sites Object "catches up" the Replication so
everything is uptodate.


--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com