User has not been granted the requested logon type at this computer -- HELP!

I had a complaint from a user yesterday that they couldn't logon normally.  They had to UpperCase their user name in order to get onto our 2000 domain.  very odd.  I came in this morning and restarted DC and FileServer and now all of my users below Administrator privileges receive the following error when they try to access the network shares:

"Logon Failure: The User Has Not been Granted The Requested Logon Type at this Computer"

Please help and thank you!
vikingyouthAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
vikingyouthConnect With a Mentor Author Commented:
I got the bugger back up and working.  It seemed to be 3 things that at least I can discover immediately:

1) There appeared to be a corruption in the Default Domain Policy and Default Domain Controller Policy... I discovered and fixed this per the instructions in Event ID 1202.

2) I also removed the FileServer from the domain and then rejoined it.

3) I also followed the nbtstat instructions from this post:
http://www.experts-exchange.com/Operating_Systems/Q_21018430.html
the nbtstat -RR seemed to help.

My hunch is that there might have been a conflict with the NetBios.  It's on the 2000 server (our PDC) but not available on 2003 servers (our FileServer).  I didn't see any warnings about this or other issues of w2k and w2k3 not playing nice together, but alas I do believe that is the case.
0
 
jkrCommented:
Can you check the event log if it sheds in some more light about the details of the error?
0
 
vikingyouthAuthor Commented:
i've checked event logs on both the PDC and the file server.  they are not showing any significant problems now and the problem persists.  i feel like there must be a corruption in the ACtive Directory or something.  is there some diagnostics i can run on that or someway i can refresh my AD?
something i noticed this morning that may be at the root of this is that the NIC on my File Server was showing a subnet mask differing from the PDC subnet mask.  i have fixed this and still no luck, but i'm wondering if that may have started the trouble?
0
Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

 
vikingyouthAuthor Commented:
it seems so odd to me that Admins can still access everything, but every other level of privilege is locked out.  i'm racking my brain trying to figure out what that can mean....
0
 
vikingyouthAuthor Commented:
the event log on the FileServer lists the following potential problem...
"
The system failed to register host(A) resource records (RRs) for network adapter with settings:
<settings>

The reason the system could not register these RRs was because either a) the DNS server does not support the DNS dynamic update protocol, or b)the authoritative zone for the specificed DNS domain name does not accept dynamic updates.
"

this was after i ran ipconfig /dnsregister to try and reset the DNS connection between the fileserver and our PDC/DNS server.
0
 
johnb6767Commented:
Have you looked in the Security policy for anything out of the oridnary??
0
 
vikingyouthAuthor Commented:
like what?
0
 
vikingyouthAuthor Commented:
i restarted my PDC and in the security logs it's showing that NT Authority\System failed, "an unexpected error occurred during logon"
0
 
vikingyouthAuthor Commented:
anybody? i'm dying over here.

so i've messed around with the privileges enough to deduce that it isn't with the privileges.  it's got to be some kind of policy somewhere, but i've dug through them both on the AD and on the local machines and FileServer and I can't find anything that seems like it would do this.

the language of the pop up leads me to believe that it is a security policy of some kind as it says "the requested *logon type*", but honestly, i've looked high and low and i can't find anything that seems to make any difference.

if i haven't mentioned it yet the PDC is running on W2k the FileServer on 2003.  i thought this wasn't supposed to be an issue.

0
 
DennisPostCommented:
Hi,

>>  is there some diagnostics i can run on that or someway i can refresh my AD?
Have you tried NetDiag and DCDiag from the command prompt?
(Windows support tools are needed.  http://support.microsoft.com/kb/301423 )

This won't exactly refresh your AD, but it will display any problems. Before to use /? to look at the possible switches.

Btw, have you chacked for viruses and spyware?

These 3 MS sites may help you troubleshoot using UserEnv.log
http://support.microsoft.com/kb/221833
http://technet2.microsoft.com/windowsserver/en/library/0907105e-7856-4c93-b97f-a9a306623af51033.mspx?mfr=true
http://technet2.microsoft.com/windowsserver/en/library/ccd7b430-99a5-40fd-b68a-6c1979e565a21033.mspx?mfr=true

Google your error message returned lost of results. Here are a few of them that claim to have been solved.
http://www.techsupportforum.com/networking-forum/file-application-sharing/66647-win-xp-home-logon-failure-user-has-not-been-granted-requested-logon-type.html
http://www.pcreview.co.uk/forums/thread-1716289.php  ** Local Security Setting Change ( Access this computer form the network. ) **

I hope one of these helps you.
0
 
DennisPostCommented:
Nice one. Glad you got it working.
How did you fix the Default Domain GPO corruption?
0
 
vikingyouthAuthor Commented:
i removed all old unused and duplicate machines and users from the AD.
0
All Courses

From novice to tech pro — start learning today.