"The system detected a possible attempt to compromise security. Please ensure that you can contact the server that authenticated you"

We have a Windows 7 environment with an SBS 2003 server (which is the office's DC, DNS server, DHCP server and file server). It's a small, non-profit organization, otherwise we would have been able to afford to upgrade the server and, generally, it performs perfectly.

Unfortunately, after installing a Samsung printer last night on the server (by Ethernet, not USB), we soon discovered that all of our Windows 7 workstations were unable to connect to network resources on the server. Worse still, as we use desktop redirection, even the files on people's desktops are not appearing (which is surprising as we have Offline Folders enabled and synced).

Our desktops are now very slow to log in and slow after logging in, and bring up numerous security dialogue boxes, which look like this:

Rebooting the server and workstations does not help.

I enabled Kerberos error logging on the server.

Here is what is now appearing in the system logs:

Removing then re-joining the workstation to the domain gives the following error:

I applied a filter to only show Kerberos, SPNEGO and DNS traffic (this was recorded in a short 3-minute window during which an unsuccessful attempt was made by a domain user account to log on to the network):

Does anyone have any ideas what could be causing this and what I could try to fix it?

Solution 1:

I had a similar issue, and found out that it was related to two things.

DNS Servers - the printer may be trying to access the server without being pointed to the correct DNS server. Domain Name - the printer is not part of the domain and the authentication system thinks the printer is trying to compromise the network.

I had this issue with a NAS, all I did was give it one DNS Address (the server IP) and I made sure it was part of the domain.

Not sure if this will help.