Solved

Cannot Shutdown or Restart Windows 2003 Server (Domain Controller)

Posted on 2007-12-06
7
3,163 Views
Last Modified: 2013-12-01
I have a Windows Server 2003 box that will not let me shut it down or restart.

The "shut down windows" box only has a "Log off [user]"

Every administrator has logged into the box with the same error.  I have not tried creating a new administrator in Active Directory, but will try that tomorrow morning.

Have attempted to shutdown/restart from the command line with shutdown.exe [attmepted with -i  and -r], but get a message reading "Access is denied.(5)"

The last action that I have taken on the box was to reinstall Symantec Backup Exec 10 (recovering from a disk array crash last week, the backup software would not allow me to back up to tape following recovery, so I was attempting to remove and reinstall it.)  I was able to restart after the removal.  However, I have not been able to do so since the reinstall.

Short of pulling the plug or holding in the power button, any thoughts on how I can reboot the machine?  

I have seen a suggestion (http://www.experts-exchange.com/Operating_Systems/WinXP/Q_20756919.html) for psshutdown (http://www.sysinternals.com/ntw2k/freeware/psshutdown.shtml), and will try this tomorrow if we can't get to the root of this today.

FYI There is a very limited window of opportunity for attempting as this is a critical box that I can only attempt to reboot at 6 AM Eastern.
0
Comment
Question by:NPSRWR
  • 4
  • 3
7 Comments
 
LVL 6

Expert Comment

by:chuck-williams
Comment Utility
I would check the local security policy and see who has rights to shut down the system. It may have been corrupted or Administrators may have been removed for some reason.

If you go to Administrator Tools and Local Security Settings. Then you navigate to Local Policies and User Rights Assignment look and see who has rights to shut down the system.
0
 

Author Comment

by:NPSRWR
Comment Utility
Hi chuck-williams,

I don't have a Local Security Settings in Administrative Tools.  Is there another way to find this?

Perhaps because this is a domain controller I have to access these settings through Active Directory?

Thanks!
0
 

Author Comment

by:NPSRWR
Comment Utility
I meant to mention there is nothing in the Event log (that I can find) related to the Access Denied message following the shutdown.exe invocation.
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 6

Expert Comment

by:chuck-williams
Comment Utility
Oh then you need to check the Domain Controllers Security Policy.
0
 
LVL 6

Accepted Solution

by:
chuck-williams earned 500 total points
Comment Utility
Is there more than one domain controller. If so and the other DCs are logging in fine then the above suggestion may not be helpful.
0
 

Author Comment

by:NPSRWR
Comment Utility
Hi chuck-williams,

I think you may be on to something.  I hadn't tried logging in to the other Domain Controller.  It is a Windows 2000 Server box.  I tried logging in as two members of the Administrators group and get this message:

"The local policy of this system does not permit you to logon interactively."

In the group policy for Domain Controllers, for the Log on locally and the shut down the system Policies, the Policy Setting includes "Administrators."  

The users that I have attempted this with are members of the built in "Administrators" group.  I added myself explicitly, and am still getting the same message (however, I'm not sure how long I would need to wait for the change to propogate to the DC.

Any thoughts?

Thank you for your help thus far!

0
 

Author Comment

by:NPSRWR
Comment Utility
I tried logging in to the second domain controller and am now able to login.  So clearly I hadn't waited long enough.  The administrator account could not login (I did not).

The second domain controller also only gives the "Log off [user]" option as well

It seems as though Active Directory has stopped recognizing the members of the built in Administrators group, or at least the DCs have.

Thank you for you help, chuck-williams!

I will post a second question to see if you or someone else can come up with an explanation as to what happened to cause this.

0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Join & Write a Comment

Workplace bullying has increased with the use of email and social media. Retain evidence of this with email archiving to protect your employees.
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now