2 DC "Access Denied" issues with Event Viewer

[Andy]

Hi, for some reason the 2nd DC I have created won't
display any Event Logs, it keeps saying access denied.
Also I can only log on with the administrator account and
no other account, not even mine and I am in most admin
groups. It seems to let me change user passwords and
replicate this to the 1st DC. What have I done wrong it's
like a locked down read only server!

Kind Regards

Andy

 

[David Pharr [MSFT]]

When did this problem first occur? Has this DC ever worked properly? If
it was working fine and then stopped, what changed just prior to the
problem occurring? Have permissions been modified on this DC or in group
policy?

Check the other DC to ensure it is healthy using the following kb article:
298143 How to Verify an Active Directory Installation
http://support.microsoft.com/?id=298143

Check the crashonauditfail setting to ensure it is not set to REG_NONE with
a value of 2:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\CrashOnAuditFail
If that is the case, you will need to delete the crashonauditfail value,
then recreate it as a REG_DWORD with a value of 0.

If this machine never worked properly as a DC, demote it, make sure the
other DC is healthy and configured correctly then promote it again.

The following article has a list of security settings that, if improperly
changed, will cause problems. It is long because it gives an explanation
of each setting and why it should be granted and an explanation of the
problems encountered when those permissions are not granted.

823659 Client, Service, and Program Incompatibilities That May Occur When
You
http://support.microsoft.com/?id=823659

David Pharr, (e-mail address removed)

This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| Content-Class: urn:content-classes:message
| From: "Andy" <[email protected]>
| Sender: "Andy" <[email protected]>
| Subject: 2 DC "Access Denied" issues with Event Viewer
| Date: Thu, 5 Feb 2004 08:55:20 -0800
| Lines: 11
| Message-ID: <[email protected]>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="iso-8859-1"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Thread-Index: AcPsCNblVYiBxFEwTpayxD+AVQEpYg==
| X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
| Newsgroups: microsoft.public.win2000.active_directory
| Path: cpmsftngxa07.phx.gbl
| Xref: cpmsftngxa07.phx.gbl microsoft.public.win2000.active_directory:65605
| NNTP-Posting-Host: tk2msftngxa08.phx.gbl 10.40.1.160
| X-Tomcat-NG: microsoft.public.win2000.active_directory
|
| Hi, for some reason the 2nd DC I have created won't
| display any Event Logs, it keeps saying access denied.
| Also I can only log on with the administrator account and
| no other account, not even mine and I am in most admin
| groups. It seems to let me change user passwords and
| replicate this to the 1st DC. What have I done wrong it's
| like a locked down read only server!
|
| Kind Regards
|
| Andy
|