Server 2008 R2 & Domain Trusts - Attempt to Compromise Security

Posted by SnAzBaZ on Server Fault See other posts from Server Fault or by SnAzBaZ
Published on 2010-09-30T16:07:49Z Indexed on 2012/11/20 11:08 UTC
Read the original article Hit count: 208

Filed under:

windows-server-2008-r2

|

network-share

We have two separate Active Directory domains; EUROPE and US. There is a two way trust between the domains / forests. I have a group of users called "USA Staff" that have access to certain shares on servers in the EUROPE domain and a group called "EUROPE Staff" which have access to shares in the USA domain.

Recently the USA PDC was upgraded to Windows Server 2008 R2. Now when I try to access a share on a USA server from a Windows 7 workstation in the EUROPE domain I get the "Please enter your username / password" dialog box appear, with a message at the bottom:

"The system has detected a possible attempt to compromise security."

When I enter a username / password for a user in the USA domain, I can then access the network resource. Entering credentials for a EUROPE user however does not give me access, even though my NTFS and Share permissions are set to allow that.

Windows Server 2003 / Windows Server 2008 did not have this problem, it seems to be unique to R2.

I found KB938457 and opened up port 88 on the Server 2008 R2 firewall but it did not make any difference.

Any other suggestions as to what to turn off in R2 to get this working again ?

Thanks

© Server Fault or respective owner

Related posts about windows-server-2008-r2

Cannot enable network discovery on Windows Server 2008 R2

as seen on Server Fault - Search for 'Server Fault'
I'm trying to enable the Network Discovery feature on a newly installed Windows Server 2008 R2 instance. The network connection is in the Home or Work profile (it is not domain joined). These are the steps I've followed: Within the Network and Sharing Center I select Change advanced sharing settings Then… >>> More
Windows Server 2008 R2: AD Module for Windows PowerShell

as seen on Internet.com - Search for 'Internet.com'
Windows Server 2008 R2 includes a new Active Directory module for Windows PowerShell, a consolidated group of 76 cmdlets that can perform a host of tasks against Active Directory's various services. >>> More
Windows Server 2008 R2: Introducing the AD Administrative Center

as seen on Internet.com - Search for 'Internet.com'
The Active Directory Administrative Center in Windows Server 2008 R2 is a significant improvement over its predecessor. Although not without limitations, it offers beefed-up management of AD objects, new navigation capabilities, better task-based management options, and improvements to the properties… >>> More
Sun Fire X4270 M3 SAP Enhancement Package 4 for SAP ERP 6.0 (Unicode) Two-Tier Standard Sales and Distribution (SD) Benchmark

as seen on Oracle Blogs - Search for 'Oracle Blogs'
Oracle's Sun Fire X4270 M3 server achieved 8,320 SAP SD Benchmark users running SAP enhancement package 4 for SAP ERP 6.0 with unicode software using Oracle Database 11g and Oracle Solaris 10. The Sun Fire X4270 M3 server using Oracle Database 11g and Oracle Solaris 10… >>> More
Now Customers Can Actually Locate Your Resources with URL Rewriter 2.0 RTW

as seen on ASP.net Weblogs - Search for 'ASP.net Weblogs'
Today, Microsoft announced the final release of IIS URL Rewriter 2.0 RTW . Now the first reason might be obvious why you would want to rewrite a URL – when you are at a cocktail party with loud music and tasty appetizers and a potential customer asks you where they can get more info on your snazzy… >>> More

Related posts about network-share

Can't access network share with name defined in hosts file

as seen on Server Fault - Search for 'Server Fault'
I have a network share on a machine that I can only reach by IP address. I then defined an alias for the IP in my hosts file so I could use that instead of the IP but then I can't log on to the share, I just get the logon prompt again and again. So basically this: \\172.17.0.48\SomeShare works but… >>> More
Need for explanation: NetBIOS over TCP/IP on VMware network adapter disturbs access to network share

as seen on Super User - Search for 'Super User'
Some time ago nearly all workstations in our team (Windows XP SP2) exhibited intermittend but frequent delays when accessing shares on the network. Typically the first access to a share which hadn't been accessed for some time resulted in a nearly frozen workstation for up to 30 seconds. Then everything… >>> More
Windows 7 allow pinning exe on network share to taskbar

as seen on Server Fault - Search for 'Server Fault'
I am just configuring my new Windows 7 work machine and have discovered that I can't pin an exe on a network drive to the taskbar. Are there any work arounds to this e.g. Registry Edits. I can understand the reasoning it's not allowed by default for newbies as the network location may later not exist… >>> More
window login when web application is using network share in IIS 6

as seen on Server Fault - Search for 'Server Fault'
Hi, I have installed a web application which is configured using a network drive But i am keep getting a pop up asking for credentials looking in the event log, the network logon is set to my domain/account which looks fine however caller user name is empty (not sure if this is an issue) the application… >>> More
Mapping Drive Error - System Error 1808

as seen on Server Fault - Search for 'Server Fault'
A vendor is attempting to map and preserve a network drive using nt authority/system; so it stays persistent when the interactive session of the server is lost. They were able to do this on one server (Windows 2008 R2) but not a second computer (also Windows 2008 R2). D:\PsExec.exe -s cmd.exe PsExec… >>> More