Hi, I'm having a weird problem with my W2008 Server (64bits standard SP1). We hace a W2003 domain and we installed this server and joined to the active directory and shared a specific folder. Our users are having intermitent disconnections for the share and the server is showing the following message in the security log: Any idea how to solve the error? Log Name: Security Source: Microsoft-Windows-Security-Auditing Date: 17/12/2009 10:46:20 a.m. Event ID: 4625 Task Category: Logon Level: Information Keywords: Audit Failure User: N/A Computer: XXXXX.XXXX Description: An account failed to log on. Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 Account For Which Logon Failed: Security ID: NULL SID Account Name: Vitecno Account Domain: ACORDE Failure Information: Failure Reason: Unknown user name or bad password. Status: 0xc000006d Sub Status: 0xc0000064 Process Information: Caller Process ID: 0x0 Caller Process Name: - Network Information: Workstation Name: XXXXX-04 Source Network Address: 192.168.X.X Source Port: 1817 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon request fails. It is generated on the computer where access was attempted. The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network). The Process Information fields indicate which account and process on the system requested the logon. The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" /> <EventID>4625</EventID> <Version>0</Version> <Level>0</Level> <Task>12544</Task> <Opcode>0</Opcode> <Keywords>0x8010000000000000</Keywords> <TimeCreated SystemTime="2009-12-17T16:46:20.639Z" /> <EventRecordID>21365</EventRecordID> <Correlation /> <Execution ProcessID="596" ThreadID="728" /> <Channel>Security</Channel> <Computer>XXXXXXXXXXXXXX</Computer> <Security /> </System> <EventData> <Data Name="SubjectUserSid">S-1-0-0</Data> <Data Name="SubjectUserName">-</Data> <Data Name="SubjectDomainName">-</Data> <Data Name="SubjectLogonId">0x0</Data> <Data Name="TargetUserSid">S-1-0-0</Data> <Data Name="TargetUserName">Vitecno</Data> <Data Name="TargetDomainName">XXXXX</Data> <Data Name="Status">0xc000006d</Data> <Data Name="FailureReason">%%2313</Data> <Data Name="SubStatus">0xc0000064</Data> <Data Name="LogonType">3</Data> <Data Name="LogonProcessName">NtLmSsp </Data> <Data Name="AuthenticationPackageName">NTLM</Data> <Data Name="WorkstationName">XXXXX-04</Data> <Data Name="TransmittedServices">-</Data> <Data Name="LmPackageName">-</Data> <Data Name="KeyLength">0</Data> <Data Name="ProcessId">0x0</Data> <Data Name="ProcessName">-</Data> <Data Name="IpAddress">192.168.XX.XX</Data> <Data Name="IpPort">1817</Data> </EventData> </Event>

Hi,To better understand the issue, please confirm the following:1. Do you mean that the user was suddenly disconnected from the server and failed to access to the share folder again? 2. Does only this specific user account (Vitecno) encounter the issue?3. Can the user access other resource in the domain (such as a share folder on other computer) when he encounters the issue?Thanks.This posting is provided "AS IS" with no warranties, and confers no rights.

hi Joson 1. Exactly, they can access the shared folder and randomly they can't. Two weeks ago, this share was in a w2k server in the same domain and nothing happened ever. 2. It's happening to several users. Vitecno is the name of an application, but they also can't access the share with windows explorer. 3. Yes, they can access other resources in different servers (this is our first w2008 server)

Hi,I have exactly the same issue on my SBS 2008 server. It is the only server I have (running SBS Std) and it is a fresh install.Very strange...I am constantly prompted in Outlook to enter my username / password to connect to "remote.domain.local".When I enter it (no matter the format) it does not accept it however Outlook is still accessible and all other network services remain.It does not matter whether it is in cached mode or simply online and it occurs for all users on all PCs / laptops.Thoughts?Kevin