locked
Mac Users unable to connect to WinServer 2008 R2

    Question

  • New user accounts that I have set up in Active Directory are unable to connect to my server from a macintosh.  However, they are able to connect normally from a windows machine.  Old accounts can connect normally from either a mac or windows machine.

    Each time the user attempts to connect to the server from a mac they are prompted with an "Incorrect Credentials"  error.  Any idea of what could cause this?
    Tuesday, March 09, 2010 3:02 AM

Answers

  • I  managed to solve the problem although I don`t think its a real solution.  The Failure information code told me that it was due to the password having expired which is the AD code word for change password at next logon, that account status was indeed checked.  I turned off the check and manually changed the password and the Mac`s are now able to connect just fine.  It seems like Mac`s don`t handle that AD feature too well in Srv2008R2. 
    • Marked as answer by bakesale Wednesday, March 10, 2010 8:46 PM
    Wednesday, March 10, 2010 8:46 PM

All replies

  • I understand that this is a Microsoft forum but I have users who connect using Mac's and I would really appreciate some help with this problem if anyone could please offer some insight.  I can detail things more if someone has specific questions.

    This is Audit Failure from the Event Viewer for it.

    An account failed to log on.

    Subject:
        Security ID:        NULL SID
        Account Name:        -
        Account Domain:        -
        Logon ID:        0x0

    Logon Type:            3

    Account For Which Logon Failed:
        Security ID:        NULL SID
        Account Name:        TRACY.SLOTIN
        Account Domain:        DOMAIN

    Failure Information:
        Failure Reason:        Unknown user name or bad password.
        Status:            0xc000006d
        Sub Status:        0xc0000064

    Process Information:
        Caller Process ID:    0x0
        Caller Process Name:    -

    Network Information:
        Workstation Name:    DOMAIN
        Source Network Address:    -
        Source Port:        -

    Detailed Authentication Information:
        Logon Process:        NtLmSsp
        Authentication Package:    NTLM
        Transited Services:    -
        Package Name (NTLM only):    -
        Key Length:        0

    This event is generated when a logon request fails. It is generated on the computer where access was attempted.

    The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

    The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).

    The Process Information fields indicate which account and process on the system requested the logon.

    The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

    The authentication information fields provide detailed information about this specific logon request.
        - Transited services indicate which intermediate services have participated in this logon request.
    Tuesday, March 09, 2010 6:15 PM
  • Hi bakesale, does the RDP program you are using from the Mac support RDC 7.0 protocol?  also do you have it set to only allow connections with authentication set?
    Wednesday, March 10, 2010 7:51 PM
  • I  managed to solve the problem although I don`t think its a real solution.  The Failure information code told me that it was due to the password having expired which is the AD code word for change password at next logon, that account status was indeed checked.  I turned off the check and manually changed the password and the Mac`s are now able to connect just fine.  It seems like Mac`s don`t handle that AD feature too well in Srv2008R2. 
    • Marked as answer by bakesale Wednesday, March 10, 2010 8:46 PM
    Wednesday, March 10, 2010 8:46 PM