Domain Admin cannot log on interactively

T

Tomppa

Problem is that after promoting server (w2k) to act as BDC
I cannot log on with domain administrator user. All other
accounts work fine. Also I'm able to log on using Terminal
Server.
Does anyone know how to solve this ?

Thanks,
Tommi
 
S

Steven Umbach

I suppose you mean another domain controller in a W2K domain, as a W2K can not
be a bdc in a NT4 domain. If you can log using Terminal Server remote
administration, then access the Local Security Policy for the server and check
the user rights assignments for "deny access to this computer from the network"
and remove administrator or any related group that may be in that setting. It is
possible that you will also have to check Domain Security Policy for settings to
the same user right assignment, as it would override local policy. --- Steve
 
T

Tomppa

Thanks for the answer,
And yes, i did mean it's another domain controller in w2k
domain. One thing I didn't mention is that there is also
Exchange 2000 installed on the machine, and I'm not sure
if the problem started after the promotion or Exchange
installation (we installed Exchange first).
Security settings have been checked many times on both
levels and they should be correct. Security settings are
also activating normally.


Here is the event log entry:

Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 529
Date: 17.09.2003
Time: 12:22:44
User: NT AUTHORITY\SYSTEM
Computer: COMPUTER
Description:
Logon Failure:
Reason: Unknown user name or bad
password
User Name: administrator
Domain: DOMAIN
Logon Type: 2
Logon Process: User32
Authentication Package: Negotiate
Workstation Name: COMPUTER
 
S

Steven L Umbach

Event ID 529 means that logon name and or password are incorrect. Can you logon the
other domain controller or can you logon to a domain member machine with that
name/password? --- Steve
 
T

Tomppa

Yes I can.
I'm also able to logon the problem machine using terminal
server. Only Logon Type that doesn't work is interactive
(2)
 
S

Steven L Umbach

The only thing I can think of is there are gremlins in the keyboard?
Terminal Services logon is considered interactive logon also. -- Steve
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Domain Admin vs Local Admin 7
lost right to logon interactively 2
Not able to Log On to domain, error message:- 2
logon interactively 1
HELP !!! User cannot log into the Terminal Server 2
Domain Admin security 2
Logging in interactively 3
Domain admin has lost administrative rights 6

Top