Learn how to a build a cloud-first strategyRegister Now


Annoying Workstation lockout

Posted on 2007-07-19
Medium Priority
Last Modified: 2007-12-29
We have 8 (Most running windows xp pro, others using 2000 pro) workstations that are running using Windows 2003 Server as our domain server, everyday at 4:30 pm all our workstations are locked out of the server for about an hour, then we can log back in and finish whatever we were doing. I'm not sure where to check for a setting that can be doing this. Could it be when a backup has been scheduled? Please advise on where to start looking.
Question by:Yiper72
LVL 51

Accepted Solution

Netman66 earned 1500 total points
ID: 19528013
During this "lockout" can you ping the server by both IP and name?

Does this "lockout" stop users from accessing shares, prevent access to the internet, stop serving DNS, stop new users from logging in, stop DHCP addresses from being obtained??

If you can narrow down what exactly is being impacted, then we may be able to start you off in the correct direction.


Author Comment

ID: 19528035
I will check the items you asked about and respond -- Thanks for the starting point
LVL 51

Expert Comment

ID: 19528063
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Expert Comment

ID: 19528123
Do you have a Logon time exclusion in AD users and computers.
Right click the user-properties-account tab
click logon hours button...

Expert Comment

ID: 19528533
Weird that this would happen at 4:30. Are you a new admin for this domain? Maybe there is a reason for this. I would think if this happens to everyone then it is a group policy setting. Do you know how to look into this? Look on MS.Com for Group Policy Management Console (http://www.google.com/url?sa=t&ct=res&cd=1&url=http%3A%2F%2Fwww.microsoft.com%2Fdownloads%2Fdetails.aspx%3Ffamilyid%3D0a6d4c24-8cbd-4b35-9272-dd3cbfc81887&ei=ViugRsSaN4KceZq5qewB&usg=AFQjCNHisukQxKKThoyHGdXoUsBH2JfeUw&sig2=YXdMg9d00TFzOFaLMJyCfQ)
Install thin and you will see all the policies on your domain, if you have the rights too, and this will show you what is setup. It is very nice since the policies are very big and tedious to look through every single configuration option.

Hope that helps,


Expert Comment

ID: 19528657
I had an issue similar to this. There were broken group policy objects that caused strange things such as the inability to login to the system.
One option is to backup the group policies that you want to save, run the gpotool to reset all group policies, then restore the ones that you need. That would reset any "broken" gpo's that might be hanging out there.

Author Comment

ID: 19695278
I found out that they had multiple issues that needed my attention while I was there. I found out when I got there that I was hired for an hour to get as many things done as possible. I did not get time to troubleshoot the logoff issue but I did notice that the workstations were able to ping the server by ip, but not by name.  I also notice some dns issues in the event viewer. It sounds like the owners brother will be fixing the rest of the problems that I identified.  Thanks to all for your input!

Author Comment

ID: 20547889
What we found while trying to ping the server by ip and by name was that the ip address would resolve but the name would not. After looking at the dns settings we found that the dns name ended in .com rather than the .local that all the workstations were pointing to. Once we changed that dns setting everything worked and many of there problems cleared. Thanks

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup usin…
Screencast - Getting to Know the Pipeline
As many of you are aware about Scanpst.exe utility which is owned by Microsoft itself to repair inaccessible or damaged PST files, but the question is do you really think Scanpst.exe is capable to repair all sorts of PST related corruption issues?

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question