You are currently offline, waiting for your internet to reconnect

Your browser is out-of-date

You need to update your browser to use the site.

Update to the latest version of Internet Explorer

You receive an error message when try to map a network drive from a Windows XP workstation: “Logon failure: unknown user name or bad password”

Support for Windows XP has ended

Microsoft ended support for Windows XP on April 8, 2014. This change has affected your software updates and security options. Learn what this means for you and how to stay protected.

Support for Windows Server 2003 ended on July 14, 2015

Microsoft ended support for Windows Server 2003 on July 14, 2015. This change has affected your software updates and security options. Learn what this means for you and how to stay protected.

SYMPTOMS
Consider the following scenario. You try to map a network drive from a Windows XP workstation to a computer that is running Windows XP or Windows Server 2003. You have a peer to peer network or a domain environment.

When you execute the net view command-line command on the Windows XP workstation, you receive the following error message:
System error 6118 has occurred.
The list of servers for this workgroup is not currently available
When you execute the net view \\<RemoteComputer> command-line command to view the shares on the remote computer, you receive the following error message:
Access is denied.
When you execute the net use <DriveLetter>: \\<ComputerName>\<ShareName> /USER:<ComputerName>\<Username> * command-line command, you receive the following error message:
Logon failure: unknown user name or bad password.
Note The same command may succeed if you run the command from a Windows NT 4.0 workstation or on the Windows XP workstation toward itself.

When you perform the remote connection by using a VBS script, you may see that the status of the remote share in Windows Explorer is displayed as "Disconnected Network Drive." When you examine the System logs you may see the following messages.

On the remote Windows XP or Windows Server 2003 computer

Source: W32Time
Event ID: 29
Type: Error
Computer: <ComputerName>
Description:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 29 minutes. NtpClient has no source of accurate time.

On the local Windows XP workstation

Source: W32Time
Event ID: 36
Type: Warning
Computer: <ComputerName>
Description:
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

In the network trace, you see that the remote Windows XP or Windows Server 2003 computer returns the following status code:
0xc000006d STATUS_LOGON_FAILURE
CAUSE
This behavior occurs when NTLM version 2 (NTLMv2) is used for authentication and when there is a time difference of more than 30 minutes between the local Windows XP computer and the remote Windows XP computer.

The client computer compares the flags in the request that is received to its own security policy. If the negotiated flags either do not meet or do not exceed the features that are required by the client's security policy, the client ends the authentication process. Otherwise, the client computes the complete challenge from the server's nonce and its own nonce and a "response key" from the user's password. To compute the response key, the client uses the following items:
  • The one-way function (OWF) of the user's password
  • An MD4 hash of the user's unicode password
  • The user’s name
  • The user's domain account name
After this computation is complete, the client generates the response key. This response key is an MD5 hash of the OWF with the server's nonce, the client's nonce, a time stamp, and other information. The client uses the response key to generate a response to the challenge and to generate a session key.
WORKAROUND
To work around this behavior, synchronize the time on both the Windows XP workstation and on the remote Windows XP or Windows Server 2003 computer. You can synchronize the time by using a command-line command that resembles the following command:
NET TIME \\<ComputerName> /SET
STATUS
This behavior is by design.
MORE INFORMATION
For more information about the NT LAN Manager (NTLM) Authentication Protocol Specification, visit the following Microsoft Developer Network (MSDN) Web site:
time, timestamp NTLMv2 NTLM
Properties

Article ID: 957009 - Last Review: 08/26/2008 18:16:09 - Revision: 1.0

  • Microsoft Windows XP Professional
  • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
  • Microsoft Windows Server 2003, Enterprise x64 Edition
  • Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
  • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
  • Microsoft Windows Server 2003, Datacenter x64 Edition
  • Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
  • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
  • Microsoft Windows Server 2003, Standard x64 Edition
  • kbtshoot kbpubtypekc kberrmsg kbprb KB957009
Feedback
I=4050&did=1&t="> var varCustomerTracking = 1; var Route = "76500"; var Ctrl = ""; document.write(" d')[0].appendChild(m);" onload="var m=document.createElement('meta');m.name='ms.dqp0';m.content='false';document.getElementsByTagName('head')[0].appendChild(m);" src="http://c1.microsoft.com/c.gif?"> >