Roger Abell [MVP]
May 21st 03, 11:15 PM
I am not aware whether a fix is yet released either. It seems it
once was, and then was not, and I have not chased it down recently.
I prefer to advise them to go into the XP client and disable the
MS network client : digiatlly sign communications when server agrees
policy, rather than lowering the security of the whole domain, especially
if they are only introducing a few XPs.
Also, a problem that parades much like this one is that XP is shipping
with NTML v2 not enabled, which causes problems when authentication
is direct to a W2k that has been configured to insist on NTLM v2.
This is best adjusted on the XP client by changing the policy governing
the LM Authentication level.
--
Roger
"Steven L Umbach" > wrote in message
news:QENya.61712$rt6.24009@sccrnsc02...
> There is an issue with incompatible smb signing between W2K and XP
> Pro. On the security options of the W2K server, make sure all four options
> for "digitally sign client/server communications" are disabled for
effective
> settings,documenting your changes. Reboot server and try again. I am not
> sure if this issue has been resolved via hotfix yet. If it has, please
> someone let me know. -- Steve
>
>
> "Bertrand" > wrote in message
> ...
> > My PC is connected to the local area network of my office. I was
> previously
> > running Windows2000 SP3 on my PC.
> > I recently upgraded to WindowsXP SP1 (HDD reformat and clean install).
> From
> > this day, I cannot loggon to my network folders hosted on our office
> server
> > (Windows2000 SP2 domain controler).
> > In fact, I cannot access to ANY shared folder on this server. I could
> > before.
> > I have administrator's rights on the network.
> >
> > The error message I can see in the system event log, due to this, are
> always
> > the following 2:
> >
> > The Security System detected an attempted downgrade attack for server
> > cifs/namedserver. The failure code from authentication protocol
Kerberos
> > was "There are currently no logon servers available to service the logon
> > request. (0xc000005e)".
> > then:
> > The Security System could not establish a secured connection with the
> server
> > cifs/namedserver. No authentication protocol was available.
> >
> > Can one help me fix this problem ?
> > Thanks in advance
> > (I am still very novice in WindowsXP)
> >
> > Bertrand
> > Tokyo, Japan
> >
>
>
once was, and then was not, and I have not chased it down recently.
I prefer to advise them to go into the XP client and disable the
MS network client : digiatlly sign communications when server agrees
policy, rather than lowering the security of the whole domain, especially
if they are only introducing a few XPs.
Also, a problem that parades much like this one is that XP is shipping
with NTML v2 not enabled, which causes problems when authentication
is direct to a W2k that has been configured to insist on NTLM v2.
This is best adjusted on the XP client by changing the policy governing
the LM Authentication level.
--
Roger
"Steven L Umbach" > wrote in message
news:QENya.61712$rt6.24009@sccrnsc02...
> There is an issue with incompatible smb signing between W2K and XP
> Pro. On the security options of the W2K server, make sure all four options
> for "digitally sign client/server communications" are disabled for
effective
> settings,documenting your changes. Reboot server and try again. I am not
> sure if this issue has been resolved via hotfix yet. If it has, please
> someone let me know. -- Steve
>
>
> "Bertrand" > wrote in message
> ...
> > My PC is connected to the local area network of my office. I was
> previously
> > running Windows2000 SP3 on my PC.
> > I recently upgraded to WindowsXP SP1 (HDD reformat and clean install).
> From
> > this day, I cannot loggon to my network folders hosted on our office
> server
> > (Windows2000 SP2 domain controler).
> > In fact, I cannot access to ANY shared folder on this server. I could
> > before.
> > I have administrator's rights on the network.
> >
> > The error message I can see in the system event log, due to this, are
> always
> > the following 2:
> >
> > The Security System detected an attempted downgrade attack for server
> > cifs/namedserver. The failure code from authentication protocol
Kerberos
> > was "There are currently no logon servers available to service the logon
> > request. (0xc000005e)".
> > then:
> > The Security System could not establish a secured connection with the
> server
> > cifs/namedserver. No authentication protocol was available.
> >
> > Can one help me fix this problem ?
> > Thanks in advance
> > (I am still very novice in WindowsXP)
> >
> > Bertrand
> > Tokyo, Japan
> >
>
>