?
Solved

Cannot Shutdown or Restart Windows 2003 Server (Domain Controller)

Posted on 2007-12-06
7
Medium Priority
?
3,187 Views
Last Modified: 2013-12-01
I have a Windows Server 2003 box that will not let me shut it down or restart.

The "shut down windows" box only has a "Log off [user]"

Every administrator has logged into the box with the same error.  I have not tried creating a new administrator in Active Directory, but will try that tomorrow morning.

Have attempted to shutdown/restart from the command line with shutdown.exe [attmepted with -i  and -r], but get a message reading "Access is denied.(5)"

The last action that I have taken on the box was to reinstall Symantec Backup Exec 10 (recovering from a disk array crash last week, the backup software would not allow me to back up to tape following recovery, so I was attempting to remove and reinstall it.)  I was able to restart after the removal.  However, I have not been able to do so since the reinstall.

Short of pulling the plug or holding in the power button, any thoughts on how I can reboot the machine?  

I have seen a suggestion (http://www.experts-exchange.com/Operating_Systems/WinXP/Q_20756919.html) for psshutdown (http://www.sysinternals.com/ntw2k/freeware/psshutdown.shtml), and will try this tomorrow if we can't get to the root of this today.

FYI There is a very limited window of opportunity for attempting as this is a critical box that I can only attempt to reboot at 6 AM Eastern.
0
Comment
Question by:NPSRWR
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 6

Expert Comment

by:chuck-williams
ID: 20421394
I would check the local security policy and see who has rights to shut down the system. It may have been corrupted or Administrators may have been removed for some reason.

If you go to Administrator Tools and Local Security Settings. Then you navigate to Local Policies and User Rights Assignment look and see who has rights to shut down the system.
0
 

Author Comment

by:NPSRWR
ID: 20421554
Hi chuck-williams,

I don't have a Local Security Settings in Administrative Tools.  Is there another way to find this?

Perhaps because this is a domain controller I have to access these settings through Active Directory?

Thanks!
0
 

Author Comment

by:NPSRWR
ID: 20421619
I meant to mention there is nothing in the Event log (that I can find) related to the Access Denied message following the shutdown.exe invocation.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
LVL 6

Expert Comment

by:chuck-williams
ID: 20421720
Oh then you need to check the Domain Controllers Security Policy.
0
 
LVL 6

Accepted Solution

by:
chuck-williams earned 2000 total points
ID: 20421723
Is there more than one domain controller. If so and the other DCs are logging in fine then the above suggestion may not be helpful.
0
 

Author Comment

by:NPSRWR
ID: 20422042
Hi chuck-williams,

I think you may be on to something.  I hadn't tried logging in to the other Domain Controller.  It is a Windows 2000 Server box.  I tried logging in as two members of the Administrators group and get this message:

"The local policy of this system does not permit you to logon interactively."

In the group policy for Domain Controllers, for the Log on locally and the shut down the system Policies, the Policy Setting includes "Administrators."  

The users that I have attempted this with are members of the built in "Administrators" group.  I added myself explicitly, and am still getting the same message (however, I'm not sure how long I would need to wait for the change to propogate to the DC.

Any thoughts?

Thank you for your help thus far!

0
 

Author Comment

by:NPSRWR
ID: 20422952
I tried logging in to the second domain controller and am now able to login.  So clearly I hadn't waited long enough.  The administrator account could not login (I did not).

The second domain controller also only gives the "Log off [user]" option as well

It seems as though Active Directory has stopped recognizing the members of the built in Administrators group, or at least the DCs have.

Thank you for you help, chuck-williams!

I will post a second question to see if you or someone else can come up with an explanation as to what happened to cause this.

0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question