Hi all,
Recently I discovered that our print server is denying connection to some users.
I found it accidentally when an user with access rights to the printer and server, tried to connect from a non domain computer.
From the client PC side, the user attempted to connect to \\PRINTSERVER. He wrote domain username and password and all printers were shown, but when he right-clicked on one of them and tried to connect, server asked again for username and password, and got an error that he couldn't connect.
After searching in the DC log event for a failed user/pass attempt, I found lots of events in the print server event view, in the folder
Applications and Services Logs/Microsoft/Windows/SMBServer/Security
Some of them were related to denied anonymous attempts, but others were from client PC trying to connect. The client PC that previously tried to connect gave this event ID 551:
SMB Session Authentication Failure Client Name: \\CLIENT_PC_IP_ADDRESS_HERE Client Address: CLIENT_PC_IP_ADDRESS_HERE:58372 User Name: Session ID: 0xD43C90000049 Status: The attempted logon is invalid. This is either due to a bad username or authentication information. (0xC000006D) Guidance: You should expect this error when attempting to connect to shares using incorrect credentials. This error does not always indicate a problem with authorization, but mainly authentication. It is more common with non-Windows clients. This error can occur when using incorrect usernames and passwords with NTLM, mismatched LmCompatibility settings between client and server, duplicate Kerberos service principal names, incorrect Kerberos ticket-granting service tickets, or Guest accounts without Guest access enabled
Strange thing is that the User Name field is empty. It talks about NTLM and LmCompatibility, but, how do I check LmCompatibility, or whatever is causing a denied access?
Server is a Windows 2012R2 with latest updates hosted in an ESX 5.1, with 2 vmxnet3 nic (as suggested somewhere to avoid compatibility problems between 2012R2 and ESX 5.0/5.1 when using intel virtual nic)
Client PC is an updated Windows 8.1
For testing purposes, I asked another user to test on client PC, and had same result. On client PC, they were logged using a hotmail account (if that matters at all).
On another Windows 8.1 PC using a local account, both users could connect to the server and user shared printer after providing domain credentials.
Anyway, I'd like to remark that I've many errors like this from many client PC, so I believe that it's not just one PC, instead, it's either a problem with the server config, or maybe a bug in sysprep images.
As CloudThomas suggests in a proposed answer in this technet, I've already changed the way srv2 starts with:
sc config srv2 start=auto
Rest of suggestions are useless as I'm already using vmxnet3 and as you can see on thefltmc output below, I don't have vsepflt driver:
Filter Name Num Instances Altitude Frame ------------------------------ ------------- ------------ ----- mfehidk 329998.99 <Legacy> mfehidk 4 321300.00 0 luafv 1 135000 0 npsvctrig 1 46000 0
Thanks in advance