Is anyone else experiencing this issue or knows how to solve it? Its been driving me crazy for some months now. This authentication error message is logged regularly on our Windows 2008 SP2 domain controller:
Log Name: System
Date: 25/05/2010 21:37:26
Event ID: 5722
Task Category: None
The session setup from the computer FILERNAME failed to authenticate. The name(s) of the account(s) referenced in the security database is FILERNAME$. The following error occurred:
The system detected a possible attempt to compromise security. Please ensure that you can contact the server that authenticated you.
We have CIFs shares mounted directly on the filers.
Our domain is currently a mixed-mode forest, and we have a 2003 & 2008 DC located at this site.
This error message is only logged on the 2008 DC (not the 2003 one).
CIFs access to the filers is working fine though, and the filer does have a computer account registered in our Active Directory (2 computer accounts actually - 1 for controllerA and 1 for controllerB).
We are planning on replacing the last 2003 DC we have with a 2008 one - therefore this problem is important to solve. If our filer really has authentication issues with 2008 DCs, then when we scrap our last 2003 DC which its binding too we'll likely encounter a whole bag of issues.
- Is anyone else running CIFs shares off the filers in a 2008 DC only environment?
- Are there any special NTLM/kerberos authentication tweaks that I should be making with a 2008 DC to allow it to work nicely with the slightly older "Windows 2000 mode CIFs" on the filers? (I imagine it's a local group policy on the 2008 DC which can be tweaked to allow this?).
Similar issue we have when implementing DC 2012 .It can be related Wins configuration on DC.
if you get error like:
CIFS: Warning for server \\xxxx: Could not make TCP connection. CIFS: Error for server \\xxxx: Error while negotiating protocol with server No Trusted Logon Servers Available - STATUS_NO_LOGON_SERVERS.
And from Netapp console:
Not currently connected to any DCs Preferred Addresses: None Favored Addresses: xxxxxxx PDCBROKEN xxxxxxx PDCBROKEN xxxxxxx PDCBROKEN Other Addresses: None
Connected AD LDAP Server: \\xxxxxx
Doing option cifs.netbios_over_tcp.enable option off. cifs resetdc. cifs domaininfo. All is working.