Solved

New AD users not able to login through Telnet

Posted on 2008-10-15
11
419 Views
Last Modified: 2012-05-05
Any new users created withing Active directory are unable to login through Telnet.
Telnet works fine with new users when the Win Server 2003 standard is in a workgroup but as soon as it is joined to the Small Business Server 2003 Standard domain and setup as a Active Directory replicator any new users created under AD are not able to login to Telnet.
0
Comment
Question by:Accdat
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 2
11 Comments
 
LVL 1

Expert Comment

by:KentuckyDataService
ID: 22726945
I'm not too "expert" in this, but have you verifed that you don't have a domain group policy being pushed down from the SBS server that enables the firewall...and in turn, blocks it?  You can always use NETMON to watch the protocols for that coming in to see if they are making it.  Just an idea!!
0
 

Author Comment

by:Accdat
ID: 22726980
I will have a look at that,
but if there was a problem with the firewall blocking incoming connections then I would presume it would also affect existing users, which it is not.
Existing users within AD when Win 2003 Standard is joined to the domain work fine, its only new user added to AD that are not able to login using Telnet.
0
 
LVL 1

Expert Comment

by:KentuckyDataService
ID: 22726997
You're right...it would stop all.  Are the users trying to log onto windows with telnet? or another client software?
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:Accdat
ID: 22727053
They login to Telnet to access a DOS based app called "Business Manager Classic" from Business Manager Software, which is running on the Win 2003 standard server.
0
 
LVL 1

Expert Comment

by:KentuckyDataService
ID: 22727297
so, does the authentication happen with AD credentials, or does that software interface with active directory?
0
 

Author Comment

by:Accdat
ID: 22727347
Telnet session authenticates through AD (or windows user accounts if not joined to a domain). Business Manger Software has its own builtin user authentication and does not use AD.
0
 
LVL 1

Expert Comment

by:KentuckyDataService
ID: 22727896
1.  Are the telnet(ing) to the server from the WAN or LAN or both
2.  What exact port are they connecting too
3.  With one of the users that works, if you change their windows password from the new server AD console, not the old one, can they still establish a telnet session?

and to clarify my brain!!, they telnet the server on the specified port, give them their windows account credentials, then after session is established, they run the application from that session.  And the problem is with the initial connection, not the software authentication for "Business Manager Classic"
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 22727911
Do you have a firewall enabled, like windows firewall or ISA firewall?
0
 

Author Comment

by:Accdat
ID: 22728091
Response to Kentucky:
1. WAN
2. Port 23
3. I have also tried this and it works fine, you can change user passwords and they can still authenticate fine.
And yes you are correct. They Telnet to the server and authenticate using AD account details.  then after session is established, they run the application from that session.
Problem is with the intial Telnet Authentication not the BMC login.

Response to CheifIT:
Problem is not firewall related, old users can still login fine, this is only affecting new users.
0
 
LVL 1

Accepted Solution

by:
KentuckyDataService earned 500 total points
ID: 22730410
Well, i am not sure what the problem would be.  The only thing i can guess is the permission level of the new user.  No offense..but it seems that you are doing somthing different when creating the new users.

Are you trying to create teh new user with the 2003 standard server or with the SBS server?  Cause i know SBS has a nice little wizard that does extra stuff for you that standard doesn't.  Have you verified they are members of teh same security groups?  Maybe the old users belong to some group that allows the sessions, but the new ones weren't added to that group.
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 22740456
You might check out the file's ACL to see what happened:

There is a fileACL.exe program you can do this with.
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question