Consider the following scenario. You try to map a network drive from a Windows XP workstation to a computer that is running Windows XP or Windows Server 2003. You have a peer to peer network or a domain environment.
When you execute the net view command-line command on the Windows XP workstation, you receive the following error message:
System error 6118 has occurred. The list of servers for this workgroup is not currently available
When you execute the net view \\<RemoteComputer> command-line command to view the shares on the remote computer, you receive the following error message:
Access is denied.
When you execute the net use <DriveLetter>: \\<ComputerName>\<ShareName> /USER:<ComputerName>\<Username> * command-line command, you receive the following error message:
Logon failure: unknown user name or bad password.
Note The same command may succeed if you run the command from a Windows NT 4.0 workstation or on the Windows XP workstation toward itself.
When you perform the remote connection by using a VBS script, you may see that the status of the remote share in Windows Explorer is displayed as "Disconnected Network Drive." When you examine the System logs you may see the following messages.
On the remote Windows XP or Windows Server 2003 computer
Source: W32Time Event ID: 29 Type: Error Computer: <ComputerName> Description: The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 29 minutes. NtpClient has no source of accurate time.
On the local Windows XP workstation
Source: W32Time Event ID: 36 Type: Warning Computer: <ComputerName> Description: The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.
In the network trace, you see that the remote Windows XP or Windows Server 2003 computer returns the following status code:
This behavior occurs when NTLM version 2 (NTLMv2) is used for authentication and when there is a time difference of more than 30 minutes between the local Windows XP computer and the remote Windows XP computer.
The client computer compares the flags in the request that is received to its own security policy. If the negotiated flags either do not meet or do not exceed the features that are required by the client's security policy, the client ends the authentication process. Otherwise, the client computes the complete challenge from the server's nonce and its own nonce and a "response key" from the user's password. To compute the response key, the client uses the following items:
The one-way function (OWF) of the user's password
An MD4 hash of the user's unicode password
The user’s name
The user's domain account name
After this computation is complete, the client generates the response key. This response key is an MD5 hash of the OWF with the server's nonce, the client's nonce, a time stamp, and other information. The client uses the response key to generate a response to the challenge and to generate a session key.
To work around this behavior, synchronize the time on both the Windows XP workstation and on the remote Windows XP or Windows Server 2003 computer. You can synchronize the time by using a command-line command that resembles the following command:
NET TIME \\<ComputerName> /SET
This behavior is by design.
For more information about the NT LAN Manager (NTLM) Authentication Protocol Specification, visit the following Microsoft Developer Network (MSDN) Web site: