Annoying Workstation lockout

Posted on 2007-07-19
Last Modified: 2007-12-29
We have 8 (Most running windows xp pro, others using 2000 pro) workstations that are running using Windows 2003 Server as our domain server, everyday at 4:30 pm all our workstations are locked out of the server for about an hour, then we can log back in and finish whatever we were doing. I'm not sure where to check for a setting that can be doing this. Could it be when a backup has been scheduled? Please advise on where to start looking.
Question by:Yiper72
    LVL 51

    Accepted Solution

    During this "lockout" can you ping the server by both IP and name?

    Does this "lockout" stop users from accessing shares, prevent access to the internet, stop serving DNS, stop new users from logging in, stop DHCP addresses from being obtained??

    If you can narrow down what exactly is being impacted, then we may be able to start you off in the correct direction.


    Author Comment

    I will check the items you asked about and respond -- Thanks for the starting point
    LVL 51

    Expert Comment

    LVL 1

    Expert Comment

    Do you have a Logon time exclusion in AD users and computers.
    Right click the user-properties-account tab
    click logon hours button...
    LVL 4

    Expert Comment

    Weird that this would happen at 4:30. Are you a new admin for this domain? Maybe there is a reason for this. I would think if this happens to everyone then it is a group policy setting. Do you know how to look into this? Look on MS.Com for Group Policy Management Console (
    Install thin and you will see all the policies on your domain, if you have the rights too, and this will show you what is setup. It is very nice since the policies are very big and tedious to look through every single configuration option.

    Hope that helps,

    LVL 5

    Expert Comment

    I had an issue similar to this. There were broken group policy objects that caused strange things such as the inability to login to the system.
    One option is to backup the group policies that you want to save, run the gpotool to reset all group policies, then restore the ones that you need. That would reset any "broken" gpo's that might be hanging out there.

    Author Comment

    I found out that they had multiple issues that needed my attention while I was there. I found out when I got there that I was hired for an hour to get as many things done as possible. I did not get time to troubleshoot the logoff issue but I did notice that the workstations were able to ping the server by ip, but not by name.  I also notice some dns issues in the event viewer. It sounds like the owners brother will be fixing the rest of the problems that I identified.  Thanks to all for your input!

    Author Comment

    What we found while trying to ping the server by ip and by name was that the ip address would resolve but the name would not. After looking at the dns settings we found that the dns name ended in .com rather than the .local that all the workstations were pointing to. Once we changed that dns setting everything worked and many of there problems cleared. Thanks

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Highfive Gives IT Their Time Back

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup usin…
    Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
    To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
    how to add IIS SMTP to handle application/Scanner relays into office 365.

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    12 Experts available now in Live!

    Get 1:1 Help Now