6
We have a Windows 7 environment with an SBS 2003 server (which is the office's DC, DNS server, DHCP server and file server). It's a small, non-profit organization, otherwise we would have been able to afford to upgrade the server and, generally, it performs perfectly.
Unfortunately, after installing a Samsung printer last night on the server (by Ethernet, not USB), we soon discovered that all of our Windows 7 workstations were unable to connect to network resources on the server. Worse still, as we use desktop redirection, even the files on people's desktops are not appearing (which is surprising as we have Offline Folders enabled and synced).
Our desktops are now very slow to log in and slow after logging in, and bring up numerous security dialogue boxes, which look like this:
Rebooting the server and workstations does not help.
I enabled Kerberos error logging on the server.
Here is what is now appearing in the system logs:
Removing then re-joining the workstation to the domain gives the following error:
I applied a filter to only show Kerberos, SPNEGO and DNS traffic (this was recorded in a short 3-minute window during which an unsuccessful attempt was made by a domain user account to log on to the network):
Does anyone have any ideas what could be causing this and what I could try to fix it?
Austin ''Danger'' Powers
Posted 2014-10-03T00:35:24.570
Reputation: 5 992
2It is suspiciously like a virus. – Xavierjazz – 2014-10-03T00:37:45.207
1It's not a virus. I've already checked that out. This is something possibly related to Kerberos authentication but I need help narrowing it down. – Austin ''Danger'' Powers – 2014-10-03T00:40:24.237
Have you tried removing Printer + Drivers to see if your problem persists? – Devian – 2014-10-03T00:43:54.470
Tried it just now. No change. – Austin ''Danger'' Powers – 2014-10-03T00:53:08.037
I Don't know if that's relevant but take a look in this, it might helps: http://blogs.technet.com/b/sbs/archive/2007/04/24/common-networking-issues-after-applying-windows-server-2003-sp2-on-sbs.aspx
– Devian – 2014-10-03T01:02:20.047That doesn't help. We updated to SP2 about 5 years ago. The only recent change was the printer install, which I have since reversed. – Austin ''Danger'' Powers – 2014-10-03T01:05:14.967
I see... Some other Sources saying that if clients Point to an External DNS Server (odd) it can cause this problem. But since you have DHCP Configured so i guess this is not the problem either. – Devian – 2014-10-03T01:07:44.767
Let us continue this discussion in chat.
– Austin ''Danger'' Powers – 2014-10-03T01:35:22.853Could anyone with ideas please join me in chat? :) – Austin ''Danger'' Powers – 2014-10-03T02:45:30.413
That requires the chat's login page to not be broken... So, could you check the Event Log (eventvwr.msc) for any Kerberos errors (if required, enable detailed logging), and could you run Wireshark and capture all Kerberos and SPNEGO traffic, and see if it shows anything repeating over and over?
– user1686 – 2014-10-03T05:09:30.587I'll run the packet sniffers over the weekend. I have updated my question with screenshots showing the Kerberos error. – Austin ''Danger'' Powers – 2014-10-03T13:11:28.577
How can I filter my capture to show Kerberos and SPNEGO traffic? – Austin ''Danger'' Powers – 2014-10-04T01:15:03.040
Use the
kerberos || spnegofilter (in the box above capture log). Perhaps also add|| dns. Since you posted the logs, though, the stand-alone Kerberos messages will probably be most relevant; specifically the options in AP-REQ and TGS-REQ messages. – user1686 – 2014-10-04T18:48:08.223I've updated my answer to show Kerberos, SPNEGO and DNS traffic. – Austin ''Danger'' Powers – 2014-10-04T18:59:14.643