Windows 2003 Compromise Security

I have this Windows 2003 server for small biz. I also have a DNS in this server. I have added a user and a computer to the DNS network. When I try to log in at a workstation I'm able to log in and map a network drive but then after a while if I try to access the network drive I get this error message:
"The system detected possible attempt to compromise security. Please ensure that you can contact the server that authenticated you."

The only way that I can actually browse a network drive again is to log off and log back in.
I will greatly appreciate if someone out there can help me resolve this issue.

There are a couple of uhmm, holes in 2003 that microsoft hasnt fixed yet.

This one has been there since the nt4 days, I use this technique for recovery not hacking.

Run regedit and goto
local machine\software\microsoft\windows nt\current version\winlogon

Setup a manual autologon (required for dc's anyways)
Make sure you have these strings & values:
AutoAdminLogon 1
DefaultUserName <Set to your username>
DefaultPassword <Set to your password>
DefaultDomainName <Set to your domain name>

This will get your pc (or server) from nt 3.51, nt4, 2k, xp, 2003, etc... to autologin using a cached copy of the login (if there is one).

Basically is you have a workstation or domain member server you can log it in to the domain as a admin when it is no longer in the location of that domain.

With Remote Task Manager (RTM) & Remote Registry Editor (RRE) you can set this remotely when a computer is still in its location in anticipation of transportation.

The only way that I can actually browse a network drive again is to log off and log back in.
I will greatly appreciate if someone out there can help me resolve this issue.[/QUOTE]


Turn off smart card authentication for the Network Card.

Nope that does not work - any more ideas?

Finally cracked it! (nothing to do with disabling network card authentication):
The problem is actually caused by setting the XP Client to obtain it's DNS server address
automatically. If you specify the DNS server's i/p address, it works fine. You give the
"Alternate DNS Server" address as your ISP's primary DNS, so that you can still browse the
Internet.
Apparently it is because that automatic mode is really for workgroups where there is no
specific Domain Name Server and the workstations share the responsibility for DNS (but this is
incompatible with a domain where you have a specific server providing DNS service).

How did you figure that one out?

What are the steps that you have been taken to solve the problem? I mean get rid of the error message?

I have the same problem (no access to shared resources after a while), log off and log on solves but takes a lot of time.

I have static IP, static DNS within our network. And aparently I am getting this 1265 error messages several times a day. The difference might be that I am getting not only 1265 but sometimes some other error codes (like "device letter already in use" while it is not etc.).

I failed to figure out the reason for that (I think reinstalling XP on my PC might help). I created a script and for couple of days it helps.

In this script I map my network drives manually with "net use" command. I noticed that strange network behaviour depends on the time network resource is actually mapped so I keep network drives unmapped for the most of the time.

If normal mapping fails (meaning mapping with current user and password - like "net use p: \\serv\share") I have an option within the script to map some drive with explicit username and password (like "net use p: \\serv\share * /user:domain\user"). This helps most of the time.

A little complication in my case is that we have 2 domains with trusts, so I have to (as I call it) "refresh" my credentials in local domain first and then in trusted domain.

Still curious why this happens, but worked this around.