Here's the deal:
1. Windows 2008 AD server running on VMWare with host only network.
IP static
2. Windows 2008 App server running on same VMWare machine with host
only network tied to AD server and bridged network to the rest of the
world. Machine is part of machine 1's domain.
3. Personal PC in a workgroup.
I h ave a website running on machine 2 that I can connect to and
authenticate fine on machine 2. If I go onto machine 3 at home,
either wired or wireless, it keeps asking me to authenticate in IE.
If I go to work and plug the same machine into the network, I can
connect from machine 3 find. Only difference I can see is at work the
network is larger and has other domains on it, however since no one
but machine 2 can see the AD server running on machine 1, not sure why
it's failing. Any ideas?
Here is what is in the event log (and for the record, the username
() and password are right):
An account failed to log on.
Subject:
Security ID: NULL SID
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Type: 3
Account For Which Logon Failed:
Security ID: NULL SID
Account Name:
Account Domain:
Failure Information:
Failure Reason: Unknown user name or bad password.
Status: 0xc000006d
Sub Status: 0xc000006a
Process Information:
Caller Process ID: 0x0
Caller Process Name: -
Network Information:
Workstation Name: -
Source Network Address: 192.168.59.1
Source Port: 4110
Detailed Authentication Information:
Logon Process: Kerberos
Authentication Package: Kerberos
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
This event is generated when a logon request fails. It is generated on
the computer where access was attempted.
The Subject fields indicate the account on the local system which
requested the logon. This is most commonly a service such as the
Server service, or a local process such as Winlogon.exe or
Services.exe.
The Logon Type field indicates the kind of logon that was requested.
The most common types are 2 (interactive) and 3 (network).
The Process Information fields indicate which account and process on
the system requested the logon.
The Network Information fields indicate where a remote logon request
originated. Workstation name is not always available and may be left
blank in some cases.
The authentication information fields provide detailed information
about this specific logon request.
- Transited services indicate which intermediate services have
participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM
protocols.
- Key length indicates the length of the generated session key. This
will be 0 if no session key was requested.
It could be due to NAT or IP traffic restrictions between DC and workstation.