Domain Admin cannot log on interactively

  • Thread starter Thread starter Tomppa
  • Start date Start date
T

Tomppa

Problem is that after promoting server (w2k) to act as BDC
I cannot log on with domain administrator user. All other
accounts work fine. Also I'm able to log on using Terminal
Server.
Does anyone know how to solve this ?

Thanks,
Tommi
 
I suppose you mean another domain controller in a W2K domain, as a W2K can not
be a bdc in a NT4 domain. If you can log using Terminal Server remote
administration, then access the Local Security Policy for the server and check
the user rights assignments for "deny access to this computer from the network"
and remove administrator or any related group that may be in that setting. It is
possible that you will also have to check Domain Security Policy for settings to
the same user right assignment, as it would override local policy. --- Steve
 
Thanks for the answer,
And yes, i did mean it's another domain controller in w2k
domain. One thing I didn't mention is that there is also
Exchange 2000 installed on the machine, and I'm not sure
if the problem started after the promotion or Exchange
installation (we installed Exchange first).
Security settings have been checked many times on both
levels and they should be correct. Security settings are
also activating normally.


Here is the event log entry:

Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 529
Date: 17.09.2003
Time: 12:22:44
User: NT AUTHORITY\SYSTEM
Computer: COMPUTER
Description:
Logon Failure:
Reason: Unknown user name or bad
password
User Name: administrator
Domain: DOMAIN
Logon Type: 2
Logon Process: User32
Authentication Package: Negotiate
Workstation Name: COMPUTER
 
Event ID 529 means that logon name and or password are incorrect. Can you logon the
other domain controller or can you logon to a domain member machine with that
name/password? --- Steve
 
Yes I can.
I'm also able to logon the problem machine using terminal
server. Only Logon Type that doesn't work is interactive
(2)
 
The only thing I can think of is there are gremlins in the keyboard?
Terminal Services logon is considered interactive logon also. -- Steve
 
Back
Top