Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1102
  • Last Modified:

Cannot log into any domain controller on my network Windows 2003 server

Windows 2003 Server domain controllers - cannot log in to any of them - message "To logon to this remote computer you must be granted the Allow logon through Terminal Services right.  By default, members of the Remote Desktop group have this right.... Then it goes on.  I have vnc installed on my domain controllers and am able to access them this way, but I cannot remote desktop into ANY domain controller.  I can remote into any other workstation except my domain controllers.  Another twist to this is that I only have one domain controller that was logged in, the others I cannot log into even through vnc.  It gives me a message "The l ocal policy of this system does not permit you to log on inteactively"  I am logging on as administrator which is the only account allowed to log into the domain controllers.  HELP!  Yesterday all was fine - There was an update last night....
0
manch03
Asked:
manch03
  • 4
  • 3
  • 2
1 Solution
 
speshalystCommented:
What was the update that was done last night ?
0
 
manch03Author Commented:
I am trying to find it - I cannot get logged into any of the dc's that got the update.  The one I have access to did not get any updates last night.   I logged into another server and there were several updates but I believe this one just has not gotten the updates prior to last night. The only one I see that could potentially be the issue is this one.  http://support.microsoft.com/?kbid=926122
0
 
manch03Author Commented:
I can RD to any server except my domain controllers and I cannot log into them as an administrator.
0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 
speshalystCommented:
Did you try to login ot the DC locally... like..at the console ?

Im not able to connect the problem on hand.. to the KB article..
0
 
DavidBCSCommented:
Sounds like System State might be corrupted. Try using System Restore or restoring from backup the System State and see if that fixes the issue. If you could RDP into them before and you have made no changes besides a possible MS update, then something else is at play.
0
 
manch03Author Commented:
The problem is we can't log in to them at all - It will not allow a local login even as the administrator!  We canot do a system restore if we cannot get into them.  The only one I can get into is my global catalog server and my main domain controller.  The only reason I am itno that one is because I never logged off it - even at the console it will not allow me to login to any domain controller.
0
 
DavidBCSCommented:
You can access the servers through Active Directory Services Restore mode even in RDP. From there you can run your backup program and restore the System State from a good backup that was taken a day or two before you noticed this issue. I'll look for the MS KB on how to do that and post it here.
0
 
manch03Author Commented:
I did get in to my group policy for the domain controllers and allowed local login and took away the Deny All and now I can get into my dc's but only through vnc - cannot remote into them.  I am going to take a look to see if the dc's got any updates.  If I do a system restore that has to be on all dc's right?  Or will it replicate each server?
0
 
DavidBCSCommented:
Here's the article I was referring to:
http://support.microsoft.com/kb/256588/en-us

Use this article if you don't know what your AD Service Restore mode password is:
http://support.microsoft.com/kb/322672/en-us

If a corruption occurred and this is what is causing your servers to not allow login through RDP, then yes you would need to perform the restore across all the DC's. What started in one was most likely replicated to all.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 4
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now