Dameware Logon Failure 1326
Hi All,I thought that I would share a fix that I found for the persistent username/password failure when trying to access shared folders on a second machine. In the last two days I have searched hundreds of forum/help posts from people encountering the same problem, and for the most part the responses were unhelpful/assumedin-depthtechnicalproblems/assumedtheOPwasabitthick, and so on. As with so many problems, the cause and the fix (in my case) were dead simple. If the system error message had been a bit more on point, the fix would also have been quick!My system: A new i7 running Windows 7 RC1 64-bit, an older Athelon running Win2k Professional, both wired to a Linksys wireless router, and several laptops (XP, etc) with wireless connection to the router.The Win7 installation was the most pain-free Windows installation I have ever done, and getting everything talking and sharing was but a few minutes work. A few days later I embarked on some fairly complicated tests involving a couple of virtual machines on the Win2k system, and manipulating their VHDs from the Win7 machine (mounted via DiskPart).
If we make a mistake.please just email us and give us a chance to make it right.that is all we ask.806-687-2367 RETURN POLICY If you need to return an item it must be returned in New and Un-used condition. Pleas write your item number on the outside of the box& your phone number and item number on the inside of the box for faster processing. Used western pleasure saddles. We have a 100% satisfaction guarantee. It must be sent back to us within 14 days of receipt. ASK ALL QUESTIONS BEFORE YOU BUY Feel free to email me with any questions you may have.
How can the answer be improved?
- Logon failure: the user has not been granted the requested logon type at this computer. I was trying to use file sharing, I could port scan from either.
- Last attempt @ 2003-03-28 00:05.30 failed, result 1326: Logon failure: unknown user name or bad password. Last success @ 2003-03-27 23:15.14. 3 consecutive failure(s). If you run the dcdiag command on MYDC1, you may receive output similar to the following: DC Diagnosis Replications Check,DC-LV1 A recent replication attempt failed: From MYDC2.
While the tests all went well, when I shut the VMs down I discovered that the network was broken, Attempting to access anything on the Win2k system from the Win7 system prompted the dialog box asking me to enter a network username/password. Anything I entered was rejected with the error 'Logon failure: Unknown user or bad password'.
Cutting a long story short, I eventually realized that the Win7 workgroup name had reverted to the default 'WORKGROUP'. I corrected that, but the dialog error persisted, although the message changed slightly to 'The specified network password is not correct'. While I was pondering that, Win7 reset the workgroup name back to WORKGROUP (I've no idea why). The error message reverted to the original, so that immediately alerted me, and I set it back to the correct name again.While looking for clues on the Win2k system I realized that the date was wrong (I had set it forward ten days as part of the tests that I had been doing). I set it back to the correct date AND ALL PROBLEMS DISAPPEARED. Win7 prompted me for a username/password which I entered and which was immediately accepted, and I had full access again.In forty years of working with computers I've seen some pretty misleading error messages, but I think this one comes close to taking the cake!I hope this helps someone.Regards,Roger.
Kewell, as I said in my initial post, the fix in my case was simply to synchronize the date/time on the two machines. That was all that was required.
Judging by the number of other people who are reporting problems with the same error message it would seem that there must be other causes (besides the obvious one of not having a matching username/password on the other machine), although I didn't see any useful alternative fixes being offered.The reason I posted the fix that worked for me, even though it was so trivial, was because I was so irritated that a simple date/time mismatch generated such a misleading error message. I'm not a network guru, so I'm afraid that I can't offer anything further. When you.do. find the solution to your problem, please post it here, because I'm sure that there are still a lot of people having similar problems.Roger.
Kewell, I just read my original post and realize that I had forgotten about the default 'WORKGROUP' name. You didn't say what the OS is in the other machine on your network, but I guess you realize that if it's not Win7 then your win7 system has to join a workgroup (not a homegroup), and that the workgroup names in the two machines have to be the same. IIRC there was a subtle difference in the error message in the dialog box when the workgroup names didn't match (and the time difference also existed), and when there was only the time difference. I never bothered to investigate further once it was fixed.Roger. You're welcome, Ikocsis.Here's another tip that may be useful for anyone having username/password hassles:I was recently reminded that I'd also had the username/password problem when I initially set up my W7 system and couldn't access it from my win2k machine, even though I had set up an account on the W7 system with the same name and password as my account on the win2k machine. It turned out that it was necessary, but not sufficient, to have the same usernames with the same passwords on both the win2k and W7 systems.
I also had to be logged in to both systems with the same username/passwords at the same time. Then when I tried to access the W7 system from win2k I was once again asked for a username and password which I supplied (for what seemed like the 1000th time!), and lo and behold, it was accepted.Since that time it is sufficient to have matching account/passwords on both machines, but it is not necessary to be logged on to both machines simultaneously.Roger. Thanks alot Roger.
Your post justed saved me possibly hours of endless reads of Microsoft Knowledgebase Articles that are totally unrelated to this issue. I've never experienced this issue before. Possibly it's something new to Win 7? At any rate, when I first encountered this problem, I had already noticed that the time setting on my Win 7 machine wass off by a few hours. Even after correcting that though, I still got the same 'unknown username.' I checked my time again and realized that the AM/PM was wrong. Changed that and immediately was able to login.Just a side note: I have several Win 2000 Servers and 2003 Servers that I connect to at the office.
This only seemed to affect the 2000 Servers. I could still connect to the 2003 Servers, but when attempting to access shares on any of the 2000 servers, I would get the 'unknown username.' Error.Thanks again. Hi All,I thought that I would share a fix that I found for the persistent username/password failure when trying to access shared folders on a second machine.
In the last two days I have searched hundreds of forum/help posts from people encountering the same problem, and for the most part the responses were unhelpful/assumedin-depthtechnicalproblems/assumedtheOPwasabitthick, and so on. As with so many problems, the cause and the fix (in my case) were dead simple. If the system error message had been a bit more on point, the fix would also have been quick!In forty years of working with computers I've seen some pretty misleading error messages, but I think this one comes close to taking the cake!I hope this helps someone.Regards,Roger. I had this problem when trying to connect two win 7 desktops and needed a different solution.Background: when I first tried to network them I accidentally had given them the same name(don't ask). I fixed this and discovered the wonderful world of 'Logon failure: Unknown user or bad password'.
I tried all the fixes suggested on this thread to no avail then.I found my fix was to create a new user on each machine with a new username AND a different password (when i first tried this with the new user and original password it did not work) then login as the new user on each machine and try to connect to the other. This failed as before but when I logged out and logged back in again as the old user the network was fully functional! Roger, thanks greatly for this solution. I just got back from Afghanistan a month ago, and hadn't changed the time back to CST for one of my two laptops (running Vista). Yesterday I upgraded routers from a Dlink 600 to a Netgear WNDR3700.
Three of the four laptops in the house made the jump (and the change to WPA2) with no problems, including my control laptop on Win7 Starter. However, my Vista computer just would not connect to the Netgear system, even though the password was correct, when I had the computer at the other end of the house. Strangely, when I brought it into the same room as the router, the password worked, but when I took it back to the bedroom, it again gave the bad password message. Reading your post, I went back to my bedroom and changed the time from Kabul standard to CST (a difference of 10 1/3 hours only, same date) and voila, the password was recognized and the computer is now on the system.
Too simple a solution, and too obscure an error message, for sure. Thanks again. RotenburoRoger's original post (edited): I thought that I would share a fix that I found for the persistent username/password failure when trying to access shared folders on a second machine. As with so many problems, the cause and the fix (in my case) were dead simple. If the system error message had been a bit more on point, the fix would also have been quick!While looking for clues on the Win2k system I realized that the date was wrong (I had set it forward ten days as part of the tests that I had been doing).
Dameware Error 2146893048
I set it back to the correct date AND ALL PROBLEMS DISAPPEARED. Win7 prompted me for a username/password which I entered and which was immediately accepted, and I had full access again.Roger/QUOTE.
Ok, the reason I am posting this is because i learned a lot from getting hacked. I guess there is no better way to learn, but i decided to share the little that i know NOT so people can go out there do stupid things, but in order for them to learn what is ACTUALLY happening. Ok, so here is an ex:Say i am on machine A and i want to 'hack' machine B. Theoretically i need to know an IP address.
Then i am will port scan the machine. If there is a server/service that opens ports 80)http),21(ftp),22(ssh) or,23(telnet) I will have an easier time. But what most people don't realize is that there are other ways around. Through the Net Share which is build into microsoft.
The whole IPC$ and Admin$. I will need the PSTools collection, found at(» there is a program called psexec. The way it works, is you can execute a program remotely (Yes, even if the person doesn't have it.it coppies it) and you can do it intereactively or NOT so they can't see it run. So here is basically what you want to do; It needs ports 135-epman and 445-microsoft-ds (Fire sharing ports.by default open.only way to secure is unbound your TCP/IP adapter or firewall with custom setting) in order to connect to IPIPC$First of all you would need to know the username and password of the computer. The nice thing about Windows is that you CAN'T remove/disable the Administrator account. Maybe there is some way, but not directly.trust me i have tried a lot of ways to do this. Anyway, so you are half way there.
You know the IP, you know what ports are open and from that you probably have a pretty good idea what's running as a server program (http, ftp, telnet, etc.), and you have the username. All you need is the password. There are a few ways to find this. By doing code:net use IP ADDRESS GOES HEREipc$ 'PASSWORD GOES HERE' /user:Administratoryou can connect to the remote computer and see if it will establish a connection on the sharing ports mentioned above.If you have the wrong password, it will give you this message:'System error 1326 has occurred.Logon failure: unknown user name or bad password.' If you have the right password, you will get this message:'The command completed successfully.'
There are two ways to do this, and both of them are EXTREMELY painfull and time taking (and there is a third way which i will get into later)1.) Use a dictionary, and have a program plug in the PASSWORD GOES HERE with a word from a dictionary file. It will take a LOOOONG time. Trust me, i tried it on my computer and it took a while.2.) You can brute force it, and in this case, honestly it's pretty much IMPOSSIBLE!Anyway, there is a third way, which was done to me. By compiling a 'silent package' you can put a password dumper, and make it dump the hashes into a file and then ftp it to yourself, or send it to mirc or some place.
There is a file out there called 'pwdump3' which is a port from the linux program password dump. It's the most simple program ever.
Basically it works like this: code:pwdump MACHINE NAME somefile.txtNow think about this, if the person is logged in and you send it to them, all they have to do is double click this SOMETHING.exe file and it automatically extracts this and runs a batch file which creates the somefile.txt and the ftp's it or sends it some how remoetly. This is pretty much known as a trojan. By definition, we all know the horse story, but it's JUST THAT. A program which is a.exe and has an 'innoccent' look but does other things. ANyway, a program which works like WInZip, but creates these type of packets is GSfx Wizard 1.1 found at (») Basically it has the option of pre-defining EVERYTHING and when you click on the executable, it sets it up in a place you have specified and it runs a given program.Anyway, back on track. So now lets say you have the IP, the username and the password. Boy this sounded complicated.
Well now you use your PSEXEC to install remotely a packet which has been created with GSfx Wizard 1.1 and which is to extract some remote client so you can get a visual. The ideal program would be 'DameWare Mini Remote Control' Why? Because you Need pretty much 3 files to set up a remote visual server.
When you extract the package it sets it up.It is done like this: code:psexec COMPUTER NAME -u Username -p Password -c -f -d DW.exeNow let's explain, so you connect to the computer.c coppies it, -f coppies it even if it exists, and -d doesn't wait for the process to end. The DW.exe is the packet you have compiled with the program which contains the DameWare remote server.
After that you would do the same, with a small modification: code:psexec COMPUTER NAME -u Username -p Password -i cmdThat connects AGAIN, but this time it opens an interactive cmd window.the other person can see the window. They can't see what you are typing, but they can see the window.The default directory is C:WINNTSystem32but most packets would be installed in something like C:WINNTSystem32DW or C:WINNTSystem32Remotejust so it's more organized. Now since you have a command promt, you can type: code:start DWRCS.exeThat just started the visual server. Now from yours, you would connect, to the IP that YOU KNOW, with the user/password that YOU ALSO KNOW. You see the other person's screen. Now you can dump the hashes and transfer them through the build in ftp server. Now you would go to the Start.Settings.Control Pannel.Users & Passwords, and create your own admin user, something like backup1 or something that will not really stand out as in 'WOW i was hacked'.So let's see now, let's recap some things we learned:1.) Don't use DICTIONARY WORDS for passwords!2.) Don't make your passwords SHORT!3.) MOST IMPORTANT OF ALL.HAVE A FIRE WALL.GET A FREE ONE, WHATEVER, BUT HAVE ONE!
IT WILL COME VERY HANDY!!!4.) Don't install packages from friends that go, would you test this for me, especially if they look like a little box, because that is the only program that let's you make packets that self extract and run.5.) Check your C:WINNTSystem32 every ones in a while, and sort by date and just look around. If you have SOMEWHAT knowledge you would know how things look.
If you see weird.dat files or.ini files or names that just somehow dont' fit.or especially ICONS b.c hacking stuff has cool icons, anyway just delete it or poke around and find out.This is from direct experience, and most of all IT SHOULD BE READ as a way to SECURE yourself against this threat! It should be viewed as WHAT goes on behind the flashy blue screen with your dekstop background. It should make you aware of how easy it is to explore someone's computer.
I hope this helps people secure thier computers better. Wow, now i am really tired of writting so off to a little break! You can trivially rename the Administrator account. In Win2000/XP, the easiest way is to use the local security policy UI. Since it's the username that you need to use for remote access, this is equivalent to 'removing or disabling the Administrator account' which you declare to be impossible.As far as breaking in by mailing someone a program and have them execute it: well, you're right, there are a lot of people who don't realise that's a stupid thing to do.So, your methods will probably work against the naive, but they're easy enough to guard against.text was edited by author 2003-05-16 19:51:48. Said by:Actually if the box is vulnarable to the null session attack, you can see what the administrator account is even if it has been renamedI believe the Local Security Policy/Local Security Settings Administrative Tool that Dave mentioned also has a setting to protect against that.
(It's in the tree at Security Settings/Local Policies/Security Options with different names.) Both editions of XP have user account enumeration protected by default (forgot to check 2003; have to do that later), but 2000 and earlier versions of NT are not.It's a Registry value that is being goosed in case anyone is interested in the background.the value to look up is 'RestrictAnonymous' (HKLMCurrentControlSetControlLSA), which should also yield information on the newer values added to XP.Philip Sloss. This is a good overall documentation of how most Windows hacking is accomplished.You missed one key part of the process though.you do NOT need to know the Administrator pwd to begin the process, such as: net use IP ADDRESS GOES HEREipc$ 'PASSWORD GOES HERE' /user:AdministratorRather you start with a null session:net use IP ADDRESS GOES HEREipc$ ' /user:'Then use enum tool to identify ALL priviledged accounts on target:C:/ enum -G -d w.x.y.zgetting machine list (pass 1, index 0). Said by:You missed one key part of the process though.you do NOT need to know the Administrator pwd to begin the processTrue, but perhaps he meant that you need a password to actually break in.
Null sessions allow one on the outside to look in (assuming RestrictAnonymous isn't set), but only in rare cases - such as what Code Red II did with the Guest account - is a password not needed to break in.And it appears to me that tools like enum and XScan are 'application' specific.they may be employed for more targeted attacks, be they on a handful of IPs or larger ranges.I have only seen XScan in one malware package so far. I'm in a well-known broadband IP range - mostly home users - and so far with almost no exceptions, all I've seen are IRC bots (for DDoS and spamming). These seem to prey on systems with zero security and use tiny 'dictionaries' - they just employ the 'net use' syntax with maybe 10 passwords. The attacks also seem to be more random.Other IP ranges, for things like Web hosting providers or universities, may see more concerted dictionary attacks where the attacker is looking for a place to 'squat' with a Pubstro server. Hey there NetWatchMan.Thanks.
Pulse Secure Juac Error 1326
I didn't even know that. Also, i downloaded XScan and ran it accross my dedicated server which i kind of just put there so i can practice security stuff on, anyway it doesn't seem to do anything!! I mean unless the machine u are scanning has a server running, you can't really use it, or probably there is something that i am missing out.
Dameware Logon Failure 1326 Form
So my question is, how would you use XScan to guess with a dictionary the password for an Administrator accout using net use? Thanks A lot. Said by:So my question is, how would you use XScan to guess with a dictionary the password for an Administrator accout using net use?
Thanks A lot.Net.exe is just a shell around functionality that any program can use.As for XScan, I thought that Lawrence showed me an example of a dictionary attack with it, but looking at the readme for the tool, it states that it only checks for weak passwords by default. It has plug-in capabilities, though, so someone could write a brute-force plugin (which would have the same limitations discussed in the recent password cracking thread that you started).As for guessing with a dictionary, take a look at the Iraqioil worm - that has primordial elements of how to do it. Steve Friedl disassembled it:»All that the 'net use' attempts are doing would be like these lines from a batch file from an 'old' (circa February 2003) bot I collected last night (and as in your original post):net use IP addressipc$ 'password' /user:Administratorif not errorlevel 1 goto adpasswThat's essentially the same as calling the WNetAddConnection/WNetAddConnection2 function(s) in Steve's disassembled code.Philip Sloss.