Forums Últimos mensajes - Powered by IBM
 

The system detected a possible attempt to compromise security

07/11/2007 - 16:21 por Kameron_MCSE | Informe spam
I currently run in a WIndows Server 2003 functional level domain with
8 servers. Two of my servers DC and DC2 act as the domain controllers
for the domain. DC holds the RID and PDC roles, while DC2 holds the
Infrastrucure and Domain Naming Roles. Each server hosts Active
Directory Integrated DNS zones for our single domain. DNS is
configured to allow secure and non-secure dynamic updates. DNS is
configured to look internally first then use our forwarders defined
on
the DNS server for outside DNS requests. Both DC's are GC's. I have
been testing replaciation on both servers and everything is
replicating fine(ReplMon, DCDiag, Netdiag). We have 5 remote sites
that operate on VPN connections to connect to Outlook and network
resources. All remote site clients are configured to use our home
office servers for their Preferred DNS server and then use their ISP
for the secondary DNS servers. All of our remote sites work fine
except for one site.

Situation: Our newest VPN sites is connected via T1 lines. They
currently are not operating Point-to-Point. They are operating over
IPSEC Site-To-Site VPN connection(Sonicwall). All of our field
machines are initially setup at the home office and shipped to remote
sites. During our setup we image our client machines with our
standard
sysprep image. After the machine has been imaged it is added to the
domain and shipped out to the user.


Problem: When the users receive their computers and log into the
network, they cannot access network resources or connect to the
Exchange server. This is happening to 25% of our machines while the
others operate just fine. I can successfully ping all of our servers
at the home office and get perfect replies with the correct IP
addresses. However, when trying to connect to network shares or root
shares such as \\DC I am unable to connect. After about 1-2 minutes I
receive an error as shown below:


Error 1265
The system detected a possible attempt to compromise security. Please
ensure that you can contact the server that authenticated you.


Because the computers are remote I have not yet had a chance to
disect
the client computers Event log as of yet. I have used netdom verify
to verify that the connection to the domain is valid and working. If
I log into the same machine as an administrator everything works just
fine. Our users are local admins of their machines. I have narrowed
this down to somewhat of a user problem. If I delete their AD user
acount and mailbox, re-create the account and login from the VPN site
as that user, everything works great. It seems that their is a
mismatch of the SID's or something but I have not been able to narrow
that down yet. I have also increased the Kerberos timeout to 30
seconds which did not help. Needless to say this 'fix' that I have
been using is very cumbersome and I am sure there is a more permanent
fix out there.


Thanks for any help in advance, it is greatly appreciated.
 

Leer las respuestas

#1 Marc [MVP Windows]
07/11/2007 - 19:06 | Informe spam
Check this thread: http://forums.windowsitpro.com/web/...erthread=y


Saludos,

Marc
MVP Windows Server System - Directory Services
MCSA/MCSE Windows Server 2003
Citrix CCA PS 4.0
Oracle9i Certified Associate (OCA)

Este mensaje se proporciona "como está" sin garantías de ninguna clase, y no otorga ningún derecho.

This posting is provided "AS IS" with no warranties, and confers no rights. You assume all risk for your use.

"Kameron_MCSE" escribió en el mensaje news:
I currently run in a WIndows Server 2003 functional level domain with
8 servers. Two of my servers DC and DC2 act as the domain controllers
for the domain. DC holds the RID and PDC roles, while DC2 holds the
Infrastrucure and Domain Naming Roles. Each server hosts Active
Directory Integrated DNS zones for our single domain. DNS is
configured to allow secure and non-secure dynamic updates. DNS is
configured to look internally first then use our forwarders defined
on
the DNS server for outside DNS requests. Both DC's are GC's. I have
been testing replaciation on both servers and everything is
replicating fine(ReplMon, DCDiag, Netdiag). We have 5 remote sites
that operate on VPN connections to connect to Outlook and network
resources. All remote site clients are configured to use our home
office servers for their Preferred DNS server and then use their ISP
for the secondary DNS servers. All of our remote sites work fine
except for one site.

Situation: Our newest VPN sites is connected via T1 lines. They
currently are not operating Point-to-Point. They are operating over
IPSEC Site-To-Site VPN connection(Sonicwall). All of our field
machines are initially setup at the home office and shipped to remote
sites. During our setup we image our client machines with our
standard
sysprep image. After the machine has been imaged it is added to the
domain and shipped out to the user.


Problem: When the users receive their computers and log into the
network, they cannot access network resources or connect to the
Exchange server. This is happening to 25% of our machines while the
others operate just fine. I can successfully ping all of our servers
at the home office and get perfect replies with the correct IP
addresses. However, when trying to connect to network shares or root
shares such as \\DC I am unable to connect. After about 1-2 minutes I
receive an error as shown below:


Error 1265
The system detected a possible attempt to compromise security. Please
ensure that you can contact the server that authenticated you.


Because the computers are remote I have not yet had a chance to
disect
the client computers Event log as of yet. I have used netdom verify
to verify that the connection to the domain is valid and working. If
I log into the same machine as an administrator everything works just
fine. Our users are local admins of their machines. I have narrowed
this down to somewhat of a user problem. If I delete their AD user
acount and mailbox, re-create the account and login from the VPN site
as that user, everything works great. It seems that their is a
mismatch of the SID's or something but I have not been able to narrow
that down yet. I have also increased the Kerberos timeout to 30
seconds which did not help. Needless to say this 'fix' that I have
been using is very cumbersome and I am sure there is a more permanent
fix out there.


Thanks for any help in advance, it is greatly appreciated.

Preguntas similares