The net use command you exemplified below has no password on the command line - you do have a password included in the actual script, do you not?
Do you get the same logon failures if you run the same logon script from a non-domain-joined machine on the same LAN as the target server? Carl From: Dean Cunningham [mailto:[email protected]] Sent: Wednesday, November 09, 2011 5:33 PM To: NT System Admin Issues Subject: Re: Random logon failures over WAN , due to a net use command, resulting in account lockout Make that a CISCO firewall On Thu, Nov 10, 2011 at 10:08 AM, Dean Cunningham <[email protected]> wrote: Any straws greatfully accepted Overview A group of 20 users in a separate domain connect to file resources in another domain via a 1MB WAN link. The file server (Wk8) is in its own DMZ, with the domain controllers (Wk3) in separate DMZs. The FMSO role is on a DC (FMSODC )in one DMZ and there are 2 DCs(DC01,DC02) in another DMZ. The remote domain are behind a NAT pool so the usual SMB NAT translation problems are eliminated The file server generally connects to DC02 There is a logon script for the clients that runs a net use x: \\domain\share <file:///\\domain\share> / u:\\DOMAIN\Username ALL users map the drive as that \\DOMAIN\username <file:///\\DOMAIN\username> . The users have a combination of XP and Windows 7 clients, joined to their own NT Domain (yes NT SP4) The problem is that the net use command can create sporadic logon failures before finally logging in success fully (over the space of 5 - 15 sec). If multiple users are running the logon script over the same period (5 - 15 sec) then multiple logon failures will occur, resulting in the common user account being locked out The logon failures are shown in the security log on the file server as an Audit Failure Event ID 4625 The account lockout is shown in the security log of a domain controller as a Success Audit Event ID 644 The firewall between the DCs and the file server (CISCO) allows for dynamic ports for RPC etc so no static ports setup Anyone seen this before? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
<<image001.gif>>
