[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 780
  • Last Modified:

Can't logon SBS domain

We have a Windows 2003 SBS and other two Terminal servers. No one cant logon the TS using RDC over the Internet or over VPN. When we try, we will receive this error: "The system cannot log you on due to the following error: Access is denied".

However, we can local the TS using local computer username. We can also logon the SBS using domain account. But no computer including SBS can access the Internet.

What we have done:
1. Rebooted all servers.
2. Rebooted all hardware such as router and switch.
3. Run netdiag and dcdiag. No errors.
4. nslookup doesn't show any errors and we can ping any web sites.
5. We have tried clean boot.
6. We have run CEICW
7. The TS have the following Event ID
Event ID: 1219 - Logon rejected for chicagotech\BobLin. Unable to obtain Terminal Server User Configuration. Error: Access is denied.

Event ID: 40960 - The Security System detected an authentication error for the server LDAP/domainname. The failure code from authentication protocol Kerberos was "There are currently no logon servers available to service the logon request.

(0xc000005e)".

What could be the problem?
0
blin2000
Asked:
blin2000
  • 4
  • 2
  • 2
2 Solutions
 
acromentCommented:
Are your servers up to date with patches, service packs, and updates?

Also, can you confirm that all services set to start automaticlly are started?

-Eric
0
 
ormerodrutterCommented:
Have you put your users into the Mobile Users (or Remote Desktop Users) group?

You said in your question - "But no computer including SBS can access the Internet." is it another issue? No one has internet within your SBS network, or no one can log onto the TS?


0
 
blin2000Author Commented:
1. We can't access the internet so that we can't install any update.
2. I have checked all services are starting and no errors in the event viewer relatd to any services stpped.
3. Yes all users are mobile users and I log on use administrator account.
4. I have feeling can't logon and no internet access are the same issue.
5. I can VPN in to the office to logon TS using local computer account.

Any other suggestions.
0
Transaction-level recovery for Oracle database

Veeam Explore for Oracle delivers low RTOs and RPOs with agentless transaction log backup and transaction-level recovery of Oracle databases. You can restore the database to a precise point in time, even to a specific transaction.

 
ormerodrutterCommented:
If you can logon to TS locally but not remotely, and you don't have internet access in the office then the two can be related, although not definite. Do you have internet access before?

Check your physical connection again, I have seen case where people plug their modem in an empty socket. Make sure you have broadband activated on the line. Open the configuration page of your router/modem and see if you got signal.
0
 
acromentCommented:
What is your internet setup like?

What kind of firewall are you using?
When you run the CEIC wizard, does it give you any errors?

On your server, from a command prompt, can you run IPconfig /all and make sure that the default gateway is your firewall and that the DNS server is set to be your SBS server.

-Eric
0
 
blin2000Author Commented:
1. Yes, we did have the INternet access.
2. Event the inside compuetrs can't access the Internet, i can VPN in and I can ping any web sites.
3. No error message when running CEICW.
4. No one in the office until the weekend.

Here are the results of ipconfig /all and tracert on the SBS.

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

H:\>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : SBS
   Primary Dns Suffix  . . . . . . . : chicagotech.local
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : Yes
   DNS Suffix Search List. . . . . . : chicagotech.local

PPP adapter RAS Server (Dial In) Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
   Physical Address. . . . . . . . . : 00-53-45-00-00-00
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 10.88.78.116
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . :
   NetBIOS over Tcpip. . . . . . . . : Disabled

Ethernet adapter Server Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
   Physical Address. . . . . . . . . : 00-0E-0C-3E-B2-7E
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 10.88.78.220
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 10.88.78.1
   DNS Servers . . . . . . . . . . . : 10.88.78.220
   Primary WINS Server . . . . . . . : 10.88.78.220

H:\>tracert chicagotech.net

Tracing route to chicagotech.net [69.89.25.174]
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  10.88.78.1
  2    30 ms     5 ms     7 ms  c-3-0-ubr01.maynard.ma.boston.comcast.net [73.17
1.192.1]
  3     5 ms     8 ms     6 ms  ge-2-3-ur01.londonderry.nh.boston.comcast.net [6
8.86.227.225]
  4     8 ms     7 ms     7 ms  te-9-2-ar01.needham.ma.boston.comcast.net [68.87
.146.194]
  5    10 ms    11 ms    10 ms  68.85.162.70
  6    14 ms    13 ms    14 ms  pos-1-6-0-0-cr01.newyork.ny.ibone.comcast.net [6
8.86.90.61]
  7    13 ms    14 ms    14 ms  te2-6.mpd01.jfk05.atlas.cogentco.com [154.54.12.
205]
  8    15 ms    13 ms    14 ms  te8-4.ccr01.jfk02.atlas.cogentco.com [154.54.5.2
09]
  9    22 ms     *        *     te2-4.mpd01.bos01.atlas.cogentco.com [154.54.5.2
49]
 10    40 ms    41 ms    42 ms  te2-2.mpd01.ord01.atlas.cogentco.com [154.54.6.1
8]
 11    52 ms    51 ms    52 ms  te9-8.mpd01.mci01.atlas.cogentco.com [154.54.7.1
38]
 12    62 ms    64 ms    64 ms  te4-4.mpd01.den01.atlas.cogentco.com [154.54.24.
81]
 13   101 ms   101 ms   101 ms  te4-2.ccr01.slc01.atlas.cogentco.com [154.54.0.4
2]
 14   102 ms   103 ms   102 ms  vl3504.na31.b020767-1.slc01.atlas.cogentco.com [
38.20.34.178]
 15   103 ms   104 ms   103 ms  38.104.174.30
 16   103 ms   104 ms   103 ms  box174.bluehost.com [69.89.25.174]

Trace complete.

0
 
blin2000Author Commented:
I have opened a case with Microsoft. Here is the case link: Unable to login to 2003 Terminal Servers - http://www.chicagotech.net/netforums/viewtopic.php?p=9618#9618
0
 
blin2000Author Commented:
fixed by opening a case with MS.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 4
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now