Unable to logon(Critical)

[chris]

Hi

I am unable to login to the domain controller as a normal
user.Now I am getting an error message "unable to locate
profile,Access Denied" I checked all the security polcies
and set as follows

Active directory -------->logon locally >>Everyone
Access this computer from n/w -
Everyone

Domain controller security policy also I configured as same

Please Help me it's so critical

Chris

 

[Ace Fekay [MVP]]

In

Hi

I am unable to login to the domain controller as a normal
user.Now I am getting an error message "unable to locate
profile,Access Denied" I checked all the security polcies
and set as follows

Active directory -------->logon locally >>Everyone
Access this computer from n/w -
Everyone

Domain controller security policy also I configured as same

Please Help me it's so critical

Chris

This can also be a DNS issue. Let's try to eliminate that part at least. So
to ensure that you are NOT using your ISP's DNS addresses on any machines'
IP properties (DCs, member servers or clients), or this can cause numerous
errors, including what you are seeing.You must remove any ISP's addresses.
YOu can configure a forwarder for efficient Internet resolution. If the
option is grayed out, delete the Root zone. This article shows you how to do
that:
http://support.microsoft.com/?id=300202

Now once we establish that, we can dig further. Also check if there are any
Event log errors as well, on the client and on the server, and post the ID
#s and source please.

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.

 

[Guest]

yes I did but still same prob.My doubt is why the local
profile is not loading.then I am able to logon to the same
machine through TS

 

[chris]

yes I correct the DNS server IP address but still I am
facing the same problem.But I am able to logon to the same
server through terminal service.The event viewer reports
following info
source : userenv
event ID : 1000
Description : windows cannot log you on because the
profile cannot be loaded
Detail : access denied

 

[chris]

Hi ace

yes I correct the DNS server IP address but still I am
facing the same problem.But I am able to logon to the same
server through terminal service.The event viewer reports
following info
source : userenv
event ID : 1000
Description : windows cannot log you on because the
profile cannot be loaded
Detail : access denied

 

[Ace Fekay [MVP]]

In

yes I correct the DNS server IP address but still I am
facing the same problem.But I am able to logon to the same
server through terminal service.The event viewer reports
following info
source : userenv
event ID : 1000
Description : windows cannot log you on because the
profile cannot be loaded
Detail : access denied

The TS profile is different from a local profile logging on locally or with
your domain account on a machine.

Would you be able to post an ipconfig /all please from the client and the
DC?
Can you also post what that AD DNS domain name is?
Can you also verify in DNS that the SRV records under the zone exist?

Thanks

Ace

 

[Guest]

Hi Ace

Output of ipconfig/all
Windows 2000 IP conf
hostname :seefemail
Primary DNS Suffix :seefproperties.com
Node Type :hybrid
IP Routing Enabled : No
Wins Proxy enabled : No
DNS Suffix search List : seefproperties.com

My dns server's srv record and name server contains a lot
of unnecessory records.Because previously there was three
remote sites and 4 DCs.The admin has physiacally removed
all DCs without any configuration changes so old DC and
DNS records are still there on ADS

Chris

 

[Ace Fekay [MVP]]

In

Hi Ace

Output of ipconfig/all
Windows 2000 IP conf
hostname :seefemail
Primary DNS Suffix :seefproperties.com
Node Type :hybrid
IP Routing Enabled : No
Wins Proxy enabled : No
DNS Suffix search List : seefproperties.com

My dns server's srv record and name server contains a lot
of unnecessory records.Because previously there was three
remote sites and 4 DCs.The admin has physiacally removed
all DCs without any configuration changes so old DC and
DNS records are still there on ADS

Chris

Thanks for the additional info. The PRimary DNS Suffix looks good. I assume
you are only using the internal DNS (didn't see that part in the ipconfig
/all). If the old DCs were removed byjust unplugging them, then that can
cause major issues. They would need to be demoted properly and the Roles
transferred. If this was the case, you would need to remove the data out of
AD, since it is still publishing the existance of the old DCs, even if they
are not there, since they were not removed properly. This one article should
help remove the old DCs. If there were other domains, the other article will
h elp with that portion.

HOW TO Remove Data in Active Directory After an Unsuccessful Domain
Controller Demotion Q216498:
http://support.microsoft.com/?id=216498

HOW TO Remove Orphaned Domains from Active Directory Without Demoting the
Domain Controllers (Q251307):
http://support.microsoft.com/support/kb/articles/Q251/3/07.asp

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.

 

[chris]

Ace

Frankly saying I fed up with it.still same prob.Actually I
am doing all these to enable OWA access to all users
through Https.now only admins are getting owa access,from
one documantation ,I got the tip as if user is not having
logon locally right it may happen that's why I am trying
to give logon locally to everyone to the dc because DC and
exchange is installed on same machine


Chris

 

[Ace Fekay [MVP]]

In

Ace

Frankly saying I fed up with it.still same prob.Actually I
am doing all these to enable OWA access to all users
through Https.now only admins are getting owa access,from
one documantation ,I got the tip as if user is not having
logon locally right it may happen that's why I am trying
to give logon locally to everyone to the dc because DC and
exchange is installed on same machine


Chris

Oh, I see. That makes a bit of a difference. But it doesn't really coorelate
to not being able to log onto the machine and the local logon rights, as the
original post stated. Was anything changed or altered in the past? You don't
want to give everyone Log On Locally to a DC. Besides, they would also need
the LogOn Interactively right as well, but that wouldn't have anything to do
with users accessing OWA.

As for SSL for the OWA or any website, SSL is IP based. OWA by default is
permitted to all mailbox users. If you disable SSL, does it work normally
for the users?

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.

 

[chris]

No I removed ssl ..even now I am unable to access owa

 

[Ace Fekay [MVP]]

In

No I removed ssl ..even now I am unable to access owa

Hi Chris,

This seems to have turned into an Exchange OWA IIS issue, not a DC issue!


Some questions for you and some links below to troubleshoot. Since some
things have been altered, it maybe best to put everything back to default
and try from scratch.

How are you trying to connect, what method?
http://servername/exchange
http://servername.domain.com/exchange
http://IpAddress/exchange

What exact error are you getting in the browser when you attempt to connect?

What hostheaders if any, are on the default website?
Do the DNS records match the hostheaders?
What is the IP setting set to? All Unassigned or a specific IP?
If a specific IP, does that match the DNS record?
Were any permissions altered in Exchange System Manager, IIS website
properties for the Exchange subfolders (exchange, exweb or public), or the
M: drive?
Was anything else altered?
Any errors in the Event viewer, especially focusing on Web services,
Exchange, DSAccess, AD, NTFRS, Netlogon?

Check these out please:

234022 - XCLN Configuring Exchange OWA to Use SSL:
http://support.microsoft.com/default.aspx?scid=KB;en-us;q234022

Securing Outlook Web Access using SSL:
http://www.msexchange.org/tutorials/MF004.html

190008 - HOW TO- Use Host Header Names to Host Multiple Sites from One IP
Address in IIS 5.0:
http://support.microsoft.com/default.aspx?scid=kb;en-us;190008

293386 - HTTP 401 or 404 error messages when you access OWA ...:
http://support.microsoft.com/?id=293386

Troubleshooting Outlook Web Access in Exchange 2000 Server:
http://216.239.51.104/search?q=cach...WA+navigation+frame+scroll+bar&hl=en&ie=UTF-8



--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.