Can't map to a network share

[jjpotter]

I am having issue's with "net use" as well with my winPE 2.0-

I have an IP

I can ping the server I want to map to

I have the proper accounts and passwords

If I use my winPE 1.2 disk I can map to it fine.

I am using - "net use p: \\server\share /user:domain\username password"

The error is get is "Error 1326 - Login Failure: Unknown user name or bad password"

I read all the suggestions in these forums and nothing is working. Any other ideas? Do I need to build something extra in my pe2.0 build to map network drives?

Edited February 18, 2009 by Tripredacus
Moved posts from other thread, changed topic description

[Tripredacus]

You do not need anything extra. Verify that you can use this same net use command on another (non PE booted) client to verify that you have access.

You may also try re-arranging your syntax, although from what I understand the order does not matter. I use the following command:

net use \\server\share Password /user:user

While the domain\user may work, you can also try without putting the domain\ or computername\ part in there to see what happens. The error you are getting means that you are in-fact getting a response from the server, but it doesn't like that account, that password, or that account doesn't have access to the share path, or that account doesn't have NTFS or Domain permissions set properly, etc.

So try your command out on another Windows client to see if you get a similar error.

[jjpotter]

Thanks for the response,

I am able to use the "net use" command on other machines succesfully, connecting to the same server, using the same credentials. I've also tried the many different syntax's

I never injected a network driver before I built my .ISO. Could it be a driver issue, even though I am pulling a valid ip and can ping the server?

[Tripredacus]

It is not likely a driver issue. You may also check to see if you are using any Domain Group Policies that are rejecting the MININT. Or perhaps you need to pre-qualify the PE if your server is set up to only accept certain connections, such as Trusted computers, etc.

[jjpotter]

Thanks again Trip,

It looks like I should start looking on the server side of this issue. I think I am going to start a new thread in either the Windows Server Forum or Networking and Internet foruming to try and see what is needed on the Server Setup to allow WinPE2.0 to allowing mapping with "net use"

Thanks again for the help.

[jjpotter]

I am having issues getting "net use" to accept my credentials when I try to map a drive in winPE 2.0

I started this journey in another topic which can be seen here:

http://www.msfn.org/board/index.php?showtopic=81650

After trying all the trouble shooting steps in my PE Build it looks like everything on my end is fine. Have an IP, can ping the server I want to Map to, have rights to the server (can connect to it on my regular xp build), and have tried the many different syntax suggestions of the "net use" command.

I am thinking the issue is with the server I am trying to map to. I do not run this server, and the person who does, doesn't have the time to help me out at the moment. So I am hoping I can find out as much as I can to give him some ideas and make it easy for the both of us.

So here is what I know:

The server I am trying to map to is a Windows 2003 box.

We currently map to this server with a winPE 1.2 disc and use PowerQuest for our imaging.

I spoke to the Infrastructure Manager about it a little bit, he mentioned a few things that I'll throw out there. He said that we run this box in compatibility mode and it might not be set up to use Kerberos and that it uses some sort of hash authentication? Sorry for the lack of technical knowledge there.

If I can come up with anything else, Ill add it in.

Thanks for any help!

Edited February 18, 2009 by jjpotter

[Tripredacus]

Make sure that you have set (at least) Read permissions on the 2003 server (shared folder) for both AD and NTFS. There are two places to set permissions, first being the Permissions button on the Sharing tab, and then also on the Security tab.

Is the server you are connecting to a Domain Controller? Or is the PE client, production clients and the server all within a domain?

[jjpotter]

Everything is within the Domain. As far as the PE Client goes, I haven't configured anything specifically in the build to tell it is part of the domain. I am just using my domainname\user syntax when using "net use".

[Tripredacus]

OK yes I forgot to mention about the account. Try without domainname\ part, just use the account name. Make sure that this is a Domain account and not a local account. The Server should try all logon attempts without a container specified as being a domain account, and then local account second.

[jjpotter]

I tried mapping the drive under my regular Vista install and was getting the same problem. I also couldn't join the Domain either, so I looked into that a little bit and found this:

"Run as administrator" secpol.msc

Under Local Policies > Security Options

Change the value of "Network Security: LAN Manager authentication level"

from "NTVLM2 responses only" to "LM and NTLM - use NTLMv2 session security

if negotiated"

This allowed me to map the drive under the regular install. Is there a way to manipulate this in my winpe build?

[Tripredacus]

I am not aware of anything like that. However, a non-domain machine will use local policies as its primary, of course. If that computer had been joined to the domain, Domain Group Policy would override any local settings.

I do not have a Vista client handy but I will try to look into it tomorrow.

In addition, I have also found it helpful to add the remote user account (the one for mapping drives) to the Remote Access AD group.

[jjpotter]

I finally got net use to map correctly:

I booted up my PE and went into regedit, there is a DWORD located in this string:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\LmCompatibilityLevel

By default the value is set to 3, I changed it to 2. This changes the setting from "NTVLM2 responses only" to "LM and NTLM - use NTLMv2 session security

if negotiated"

I believe the server side could be modify with these same settings as well to accept the different types of authentication.

Now I just need to look into modifying the registry after I imagex /mountrw my PE build. That way it will be set up already when I boot up, rather then going into regedit everytime.

Edited February 19, 2009 by jjpotter

[Tripredacus]

It would definately appear that a setting on the server is limiting you. If you happen to determine what that is, please post it in here also.

[jjpotter]

The server has to be setup for to allow the connections under the secpol.msc as well. So if the sender is sending LM or NTLMv1 requests, the server needs to be configured to accept this, I think by default they are set to only accept NTLMv2.

So you have to adjust the value or "Network Security: LAN Manager authentication level" under secpol.msc on the server.