You receive an error message when try to map a network drive from a Windows XP workstation: “Logon failure: unknown user name or bad password”

Symptoms

Consider the following scenario. You try to map a network drive from a Windows XP workstation to a computer that is running Windows XP or Windows Server 2003. You have a peer to peer network or a domain environment.

When you execute the net view command-line command on the Windows XP workstation, you receive the following error message:
System error 6118 has occurred.

The list of servers for this workgroup is not currently available
When you execute the net view \\<RemoteComputer> command-line command to view the shares on the remote computer, you receive the following error message:
Access is denied.
When you execute the net use <DriveLetter>: \\<ComputerName>\<ShareName> /USER:<ComputerName>\<Username> * command-line command, you receive the following error message:
Logon failure: unknown user name or bad password.
Note The same command may succeed if you run the command from a Windows NT 4.0 workstation or on the Windows XP workstation toward itself.

When you perform the remote connection by using a VBS script, you may see that the status of the remote share in Windows Explorer is displayed as "Disconnected Network Drive." When you examine the System logs you may see the following messages.

On the remote Windows XP or Windows Server 2003 computer

On the local Windows XP workstation

In the network trace, you see that the remote Windows XP or Windows Server 2003 computer returns the following status code:
0xc000006d STATUS_LOGON_FAILURE

Cause

This behavior occurs when NTLM version 2 (NTLMv2) is used for authentication and when there is a time difference of more than 30 minutes between the local Windows XP computer and the remote Windows XP computer.

The client computer compares the flags in the request that is received to its own security policy. If the negotiated flags either do not meet or do not exceed the features that are required by the client's security policy, the client ends the authentication process. Otherwise, the client computes the complete challenge from the server's nonce and its own nonce and a "response key" from the user's password. To compute the response key, the client uses the following items:
  • The one-way function (OWF) of the user's password
  • An MD4 hash of the user's unicode password
  • The user’s name
  • The user's domain account name
After this computation is complete, the client generates the response key. This response key is an MD5 hash of the OWF with the server's nonce, the client's nonce, a time stamp, and other information. The client uses the response key to generate a response to the challenge and to generate a session key.

Workaround

To work around this behavior, synchronize the time on both the Windows XP workstation and on the remote Windows XP or Windows Server 2003 computer. You can synchronize the time by using a command-line command that resembles the following command:
NET TIME \\<ComputerName> /SET

Status

This behavior is by design.

More Information

For more information about the NT LAN Manager (NTLM) Authentication Protocol Specification, visit the following Microsoft Developer Network (MSDN) Web site:
Özellikler

Makale No: 957009 - Son İnceleme: 26 Ağu 2008 - Düzeltme: 1

Geri bildirim