Cannot Shutdown or Restart Windows 2003 Server (Domain Controller)
I have a Windows Server 2003 box that will not let me shut it down or restart.
The "shut down windows" box only has a "Log off [user]"
Every administrator has logged into the box with the same error. I have not tried creating a new administrator in Active Directory, but will try that tomorrow morning.
Have attempted to shutdown/restart from the command line with shutdown.exe [attmepted with -i and -r], but get a message reading "Access is denied.(5)"
The last action that I have taken on the box was to reinstall Symantec Backup Exec 10 (recovering from a disk array crash last week, the backup software would not allow me to back up to tape following recovery, so I was attempting to remove and reinstall it.) I was able to restart after the removal. However, I have not been able to do so since the reinstall.
Short of pulling the plug or holding in the power button, any thoughts on how I can reboot the machine?
I have seen a suggestion (https://www.experts-exchange.com/questions/20756919/Access-is-denied-when-using-shutdown-exe-on-XP.html) for psshutdown (http://www.sysinternals.com/ntw2k/freeware/psshutdown.shtml), and will try this tomorrow if we can't get to the root of this today.
FYI There is a very limited window of opportunity for attempting as this is a critical box that I can only attempt to reboot at 6 AM Eastern.
The "shut down windows" box only has a "Log off [user]"
Every administrator has logged into the box with the same error. I have not tried creating a new administrator in Active Directory, but will try that tomorrow morning.
Have attempted to shutdown/restart from the command line with shutdown.exe [attmepted with -i and -r], but get a message reading "Access is denied.(5)"
The last action that I have taken on the box was to reinstall Symantec Backup Exec 10 (recovering from a disk array crash last week, the backup software would not allow me to back up to tape following recovery, so I was attempting to remove and reinstall it.) I was able to restart after the removal. However, I have not been able to do so since the reinstall.
Short of pulling the plug or holding in the power button, any thoughts on how I can reboot the machine?
I have seen a suggestion (https://www.experts-exchange.com/questions/20756919/Access-is-denied-when-using-shutdown-exe-on-XP.html) for psshutdown (http://www.sysinternals.com/ntw2k/freeware/psshutdown.shtml), and will try this tomorrow if we can't get to the root of this today.
FYI There is a very limited window of opportunity for attempting as this is a critical box that I can only attempt to reboot at 6 AM Eastern.
ASKER
Hi chuck-williams,
I don't have a Local Security Settings in Administrative Tools. Is there another way to find this?
Perhaps because this is a domain controller I have to access these settings through Active Directory?
Thanks!
I don't have a Local Security Settings in Administrative Tools. Is there another way to find this?
Perhaps because this is a domain controller I have to access these settings through Active Directory?
Thanks!
ASKER
I meant to mention there is nothing in the Event log (that I can find) related to the Access Denied message following the shutdown.exe invocation.
Oh then you need to check the Domain Controllers Security Policy.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi chuck-williams,
I think you may be on to something. I hadn't tried logging in to the other Domain Controller. It is a Windows 2000 Server box. I tried logging in as two members of the Administrators group and get this message:
"The local policy of this system does not permit you to logon interactively."
In the group policy for Domain Controllers, for the Log on locally and the shut down the system Policies, the Policy Setting includes "Administrators."
The users that I have attempted this with are members of the built in "Administrators" group. I added myself explicitly, and am still getting the same message (however, I'm not sure how long I would need to wait for the change to propogate to the DC.
Any thoughts?
Thank you for your help thus far!
I think you may be on to something. I hadn't tried logging in to the other Domain Controller. It is a Windows 2000 Server box. I tried logging in as two members of the Administrators group and get this message:
"The local policy of this system does not permit you to logon interactively."
In the group policy for Domain Controllers, for the Log on locally and the shut down the system Policies, the Policy Setting includes "Administrators."
The users that I have attempted this with are members of the built in "Administrators" group. I added myself explicitly, and am still getting the same message (however, I'm not sure how long I would need to wait for the change to propogate to the DC.
Any thoughts?
Thank you for your help thus far!
ASKER
I tried logging in to the second domain controller and am now able to login. So clearly I hadn't waited long enough. The administrator account could not login (I did not).
The second domain controller also only gives the "Log off [user]" option as well
It seems as though Active Directory has stopped recognizing the members of the built in Administrators group, or at least the DCs have.
Thank you for you help, chuck-williams!
I will post a second question to see if you or someone else can come up with an explanation as to what happened to cause this.
The second domain controller also only gives the "Log off [user]" option as well
It seems as though Active Directory has stopped recognizing the members of the built in Administrators group, or at least the DCs have.
Thank you for you help, chuck-williams!
I will post a second question to see if you or someone else can come up with an explanation as to what happened to cause this.
If you go to Administrator Tools and Local Security Settings. Then you navigate to Local Policies and User Rights Assignment look and see who has rights to shut down the system.