if you're doing this from the baremetal machine in the DOS environment set up by the blade.img... then you cannot use the 'net use /user:username password' format. you have to rely on the 'net logon username' command combined with a 'net use
servername\sharename'. you'll get various errors in dos if you do try to use the '/user' switch. you may also need the 'net logoff' command if you wish to terminate and re-authenticate.
or i could have missed the ball completely and misunderstood your question. :)
Here's what I'm using:
Command completed successfully.
net use *
The password is invalid for
Error 5: Access has been denied.
I have an lmhost file set up in img and tried lowering the authentication level on win2k3, but didn't help.
Also, booting the target into Windows and trying to link works, so this looks like a DOS to Windows 2003 problem.
why the * after the net use? also, how long is the share name? is it just pxestore, or is it something else?
The '*' is there to assign next available drive letter, and this is just 'pxestore'.
when you try the login from the windows os on that machine to the data store, are you using the same credentials? also, how are you entering the username/password information? is this being done in the pm data dictionary, or is this being done manually with a pause inserted into the system package?
I'm using the same credentials on Windows as in DOS. The data dictionary contains entry with same credentials. It fails either way, whether entered during a provision, or manually entered once things fall through to the prompt. I'm not entering it using a pause statement, just directly on DOS prompt after failing.
silly question, but have you re-entered the username and password information into the data dictionary to verify their correct status? additionally, has any hardening been done to the Windows machine acting as the data store?
I'm asking them to check that perms on the pxestore directory share itself and the NTFS permissions on the directory (where the share is pointing) match. We tested this on a Win2k box and it works fine.
No hardening was done that I am aware of, though Win2k3 out of the box comes locked down when compared with older server versions.
with my datastore (also running 2k3), i explicitly defined everyone full access on both the share and filesystem levels. obviously, this may not mesh with the customers environment, but some medium compromise could be made.
See the following KB page for more information about what each settings mean for network clients.
Since the PXE client is Windows 98, you have allow the DOS client to use LanManager authentication. As long as the Data Store user can read the files in the repository, the provisioning will work. In my case, changing the data store username from GUEST to an known user(AD) called bladelogic works.
Set the following settings as indicated below in the Default Domain Security Settings\Security Options and in the Default Domain Controller Security Settings\Security Options.
MS Network Server: Digitally Sign Communications (always) Disabled
Network Security: LAN Manager authentication level (Send LM & NTLM reponses)