We help IT Professionals succeed at work.

Can't logon SBS domain

blin2000
blin2000 asked
on
Medium Priority
792 Views
Last Modified: 2012-05-06
We have a Windows 2003 SBS and other two Terminal servers. No one cant logon the TS using RDC over the Internet or over VPN. When we try, we will receive this error: "The system cannot log you on due to the following error: Access is denied".

However, we can local the TS using local computer username. We can also logon the SBS using domain account. But no computer including SBS can access the Internet.

What we have done:
1. Rebooted all servers.
2. Rebooted all hardware such as router and switch.
3. Run netdiag and dcdiag. No errors.
4. nslookup doesn't show any errors and we can ping any web sites.
5. We have tried clean boot.
6. We have run CEICW
7. The TS have the following Event ID
Event ID: 1219 - Logon rejected for chicagotech\BobLin. Unable to obtain Terminal Server User Configuration. Error: Access is denied.

Event ID: 40960 - The Security System detected an authentication error for the server LDAP/domainname. The failure code from authentication protocol Kerberos was "There are currently no logon servers available to service the logon request.

(0xc000005e)".

What could be the problem?
Comment
Watch Question

Commented:
Are your servers up to date with patches, service packs, and updates?

Also, can you confirm that all services set to start automaticlly are started?

-Eric

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
Have you put your users into the Mobile Users (or Remote Desktop Users) group?

You said in your question - "But no computer including SBS can access the Internet." is it another issue? No one has internet within your SBS network, or no one can log onto the TS?


Author

Commented:
1. We can't access the internet so that we can't install any update.
2. I have checked all services are starting and no errors in the event viewer relatd to any services stpped.
3. Yes all users are mobile users and I log on use administrator account.
4. I have feeling can't logon and no internet access are the same issue.
5. I can VPN in to the office to logon TS using local computer account.

Any other suggestions.
If you can logon to TS locally but not remotely, and you don't have internet access in the office then the two can be related, although not definite. Do you have internet access before?

Check your physical connection again, I have seen case where people plug their modem in an empty socket. Make sure you have broadband activated on the line. Open the configuration page of your router/modem and see if you got signal.

Commented:
What is your internet setup like?

What kind of firewall are you using?
When you run the CEIC wizard, does it give you any errors?

On your server, from a command prompt, can you run IPconfig /all and make sure that the default gateway is your firewall and that the DNS server is set to be your SBS server.

-Eric

Author

Commented:
1. Yes, we did have the INternet access.
2. Event the inside compuetrs can't access the Internet, i can VPN in and I can ping any web sites.
3. No error message when running CEICW.
4. No one in the office until the weekend.

Here are the results of ipconfig /all and tracert on the SBS.

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

H:\>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : SBS
   Primary Dns Suffix  . . . . . . . : chicagotech.local
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : Yes
   DNS Suffix Search List. . . . . . : chicagotech.local

PPP adapter RAS Server (Dial In) Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
   Physical Address. . . . . . . . . : 00-53-45-00-00-00
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 10.88.78.116
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . :
   NetBIOS over Tcpip. . . . . . . . : Disabled

Ethernet adapter Server Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
   Physical Address. . . . . . . . . : 00-0E-0C-3E-B2-7E
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 10.88.78.220
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 10.88.78.1
   DNS Servers . . . . . . . . . . . : 10.88.78.220
   Primary WINS Server . . . . . . . : 10.88.78.220

H:\>tracert chicagotech.net

Tracing route to chicagotech.net [69.89.25.174]
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  10.88.78.1
  2    30 ms     5 ms     7 ms  c-3-0-ubr01.maynard.ma.boston.comcast.net [73.17
1.192.1]
  3     5 ms     8 ms     6 ms  ge-2-3-ur01.londonderry.nh.boston.comcast.net [6
8.86.227.225]
  4     8 ms     7 ms     7 ms  te-9-2-ar01.needham.ma.boston.comcast.net [68.87
.146.194]
  5    10 ms    11 ms    10 ms  68.85.162.70
  6    14 ms    13 ms    14 ms  pos-1-6-0-0-cr01.newyork.ny.ibone.comcast.net [6
8.86.90.61]
  7    13 ms    14 ms    14 ms  te2-6.mpd01.jfk05.atlas.cogentco.com [154.54.12.
205]
  8    15 ms    13 ms    14 ms  te8-4.ccr01.jfk02.atlas.cogentco.com [154.54.5.2
09]
  9    22 ms     *        *     te2-4.mpd01.bos01.atlas.cogentco.com [154.54.5.2
49]
 10    40 ms    41 ms    42 ms  te2-2.mpd01.ord01.atlas.cogentco.com [154.54.6.1
8]
 11    52 ms    51 ms    52 ms  te9-8.mpd01.mci01.atlas.cogentco.com [154.54.7.1
38]
 12    62 ms    64 ms    64 ms  te4-4.mpd01.den01.atlas.cogentco.com [154.54.24.
81]
 13   101 ms   101 ms   101 ms  te4-2.ccr01.slc01.atlas.cogentco.com [154.54.0.4
2]
 14   102 ms   103 ms   102 ms  vl3504.na31.b020767-1.slc01.atlas.cogentco.com [
38.20.34.178]
 15   103 ms   104 ms   103 ms  38.104.174.30
 16   103 ms   104 ms   103 ms  box174.bluehost.com [69.89.25.174]

Trace complete.

Commented:
I have opened a case with Microsoft. Here is the case link: Unable to login to 2003 Terminal Servers - http://www.chicagotech.net/netforums/viewtopic.php?p=9618#9618

Author

Commented:
fixed by opening a case with MS.
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.