recurrent drive mappings fail

J

JT

We are running XP workstations on a Windows 2003 domain (domain A).

We have a close working relationship with a separate domain (domain
cool.gif
and
all of domain A users have accounts in domain B. All domain A users have
routinely mapped drives to a domain B share using their domain B credentials.


We recently completed a two way trust between domains. As soon as the trust
was in place domain A users had problems with their recurrent drive mappings
to domain B. Currently, they can map a drive to the resource on domain B,
but the drive mapping will not hold. Sometimes it will last through their
Windows session and sometimes it will fail withing a few hours ('access
denied'). Domain A users can disconnect and then remap to the domain B
resource but the recurrent mapping will never hold.

Obviously, putting the trust in place caused a problem. It seems that the
recurrent drives should still work. I am assuming that the domains are
somehow getting 'confused' about which domains credentials are getting
passed?

Has anyone seen this before or can you suggest a fix?

Since the trust is in place, we can created cross domain groups to fix the
issue but I am wondering what is happening to block the drive mappings.

thanks for any suggestions.

JT
 
D

DaveMills

On Tue, 6 Oct 2009 11:45:02 -0700, JT wrote:

>We are running XP workstations on a Windows 2003 domain (domain A).
>
>We have a close working relationship with a separate domain (domain
cool.gif
and
>all of domain A users have accounts in domain B. All domain A users have
>routinely mapped drives to a domain B share using their domain B credentials.
>
>
>We recently completed a two way trust between domains. As soon as the trust
>was in place domain A users had problems with their recurrent drive mappings
>to domain B. Currently, they can map a drive to the resource on domain B,
>but the drive mapping will not hold. Sometimes it will last through their
>Windows session and sometimes it will fail withing a few hours ('access
>denied'). Domain A users can disconnect and then remap to the domain B
>resource but the recurrent mapping will never hold.
>
>Obviously, putting the trust in place caused a problem. It seems that the
>recurrent drives should still work. I am assuming that the domains are
>somehow getting 'confused' about which domains credentials are getting
>passed?
>
>Has anyone seen this before or can you suggest a fix?
>
>Since the trust is in place, we can created cross domain groups to fix the
>issue but I am wondering what is happening to block the drive mappings.
>
>thanks for any suggestions.
>
>JT

By "Recurrent" I assume you mean "persistent", i.e. you tick the box reconnect
at logon.

When you Map the drive do you use "domain\user" or just "user". If the latter
which domain account will be used? It is ambiguous.

I have seen similar issues. You have two domains with no trust, A and B.
Each user has an identically named account in both domains with the same
password.
Before the trust: user in A access a resource in B. The B domain says "Who the
heck are you, I don't know A\Fred" and challenges for the credentials. A\Fred's
PC supplies "Fred/password=x". Domain B says "Oh! Hi Fred nice to see you" and
lets him connect, thinking it is B\Fred as the credential match those of B\Fred
even though A\Fred issued them. Everything works well.

Now you add a trust and the effect is that when the connection comes, domain B
says "Hi A\Fred, nice to see you but I am sorry you do not have permissions to
access that resource", only B\Fred can go there. You must change the resource
permissions to now allow A\Fred access.

As you have discovered this is best done using Domain Local groups to access the
resource and adding "A\Global Group" and "B\Global Group" to the "Domain Local"
group. Add users to their Global Groups to grant access.




--
Dave Mills
There are 10 types of people, those that understand binary and those that don't.
 
J

JT

Thank you for your reply. My scenario extends to users who do not have the
same user names and passwords in each domain. A few do, but not all of them.
Still working the issue, but appreciate your insight!

"DaveMills" wrote:

> On Tue, 6 Oct 2009 11:45:02 -0700, JT wrote:
>
> >We are running XP workstations on a Windows 2003 domain (domain A).
> >
> >We have a close working relationship with a separate domain (domain
cool.gif
and
> >all of domain A users have accounts in domain B. All domain A users have
> >routinely mapped drives to a domain B share using their domain B credentials.
> >
> >
> >We recently completed a two way trust between domains. As soon as the trust
> >was in place domain A users had problems with their recurrent drive mappings
> >to domain B. Currently, they can map a drive to the resource on domain B,
> >but the drive mapping will not hold. Sometimes it will last through their
> >Windows session and sometimes it will fail withing a few hours ('access
> >denied'). Domain A users can disconnect and then remap to the domain B
> >resource but the recurrent mapping will never hold.
> >
> >Obviously, putting the trust in place caused a problem. It seems that the
> >recurrent drives should still work. I am assuming that the domains are
> >somehow getting 'confused' about which domains credentials are getting
> >passed?
> >
> >Has anyone seen this before or can you suggest a fix?
> >
> >Since the trust is in place, we can created cross domain groups to fix the
> >issue but I am wondering what is happening to block the drive mappings.
> >
> >thanks for any suggestions.
> >
> >JT
>
> By "Recurrent" I assume you mean "persistent", i.e. you tick the box reconnect
> at logon.
>
> When you Map the drive do you use "domainuser" or just "user". If the latter
> which domain account will be used? It is ambiguous.
>
> I have seen similar issues. You have two domains with no trust, A and B.
> Each user has an identically named account in both domains with the same
> password.
> Before the trust: user in A access a resource in B. The B domain says "Who the
> heck are you, I don't know AFred" and challenges for the credentials. AFred's
> PC supplies "Fred/password=x". Domain B says "Oh! Hi Fred nice to see you" and
> lets him connect, thinking it is BFred as the credential match those of BFred
> even though AFred issued them. Everything works well.
>
> Now you add a trust and the effect is that when the connection comes, domain B
> says "Hi AFred, nice to see you but I am sorry you do not have permissions to
> access that resource", only BFred can go there. You must change the resource
> permissions to now allow AFred access.
>
> As you have discovered this is best done using Domain Local groups to access the
> resource and adding "AGlobal Group" and "BGlobal Group" to the "Domain Local"
> group. Add users to their Global Groups to grant access.
>
>
>
>
> --
> Dave Mills
> There are 10 types of people, those that understand binary and those that don't.
>
 
You must log in or register to reply here.

Similar threads

C
Preventing Excel macro spreadsheets from being blocked that are located on a domain-based file server connecting via a namespace mapped drive
Replies
0
Views
30
CROSS_5430
C
A
  • Article
Announcing Windows 11 Insider Preview Build 26120.1542 (Dev Channel)
Replies
0
Views
48
Amanda Langowski
A
B
  • Article
Releasing Windows 10 Build 19045.4713 to Beta and Release Preview Channels
Replies
0
Views
67
Brandon LeBlanc
B
B
  • Article
Releasing Windows 11 Builds 22621.3951 and 22631.3951 to the Release Preview Channel
Replies
0
Views
70
Brandon LeBlanc
B
A
  • Article
Announcing Windows 11 Insider Preview Build 22635.4076 (Beta Channel)
Replies
0
Views
51
Amanda Langowski
A
Back
Top Bottom