Sunday, February 24, 2013

MAC OSX CIFS access and Windows account locked 0xC000006A

A MAC OSX is not commonly joined to a Windows domain (is that even possible?) but still from your MAC you access company resources like CIFS shares.

If your account gets locked in the DC and the "Source Workstation" says "\\workstation" most likely you have mounted the CIFS resource in a way that OSX tries to use NetBIOS name resolver but the real name of the machine cannot be resolved.
Logon account: 
Source Workstation: \\workstation
Error Code: 0xC000006A
The above will be the result for at least one replicable test case I am sharing today. If you automount the CIFS like in:
$ sudo cat /etc/fstab /mnt/foo url url==cifs:// 0 0
$ sudo automount -vc
Then you will get lock after some attempts to list the content of /mnt/foo which will always results in an error:
$ ls /mnt/foo
ls: foo: Authentication error
How to make sure then that the MAC is correctly registered as the "Source Workstation" in the Securty event log? The sysadmin needs this to understand exactly from which machine the failed attempt was made.

Most likely you will be able to resolve this issue looking into DHCP and DNS. Is your DHCP updating DNS? If not most likely the DC will be unable to show in its event log (out of the box) the correct information. It will list the "Source Workstation" as "\\workstation"

Enabling Netlogon logging in the DC should be of big help while troubleshooting this kind of issue:
  1. Enable netlogon logging: nltest /dbflag:0x2080ffff
  2. Restart netlogon service
  3. Inspect logs from %windir%\debug\netlogon
  4. Disable netlogon logging: nltest /dbflag:0×0

Avoiding the issue

If you cannot join the domain then you should delete any keychain entry for your "domain\user" and you should manually change the password for the specific account which most likely is setup for emails and calendars (System Preferences|Internet Accounts)

No comments: