logon failure user account restrictions on file server

I have a file server running windows 2k3 server. and a member server on the domain. my domain controller works fine as a file server. but all users are having problems accessing file and print resources. they get the following error logged on as a domain user.

"logon failure" user account restriction.

possible reasons are blank password not allowed, logon hour restrictions, or a policy restriction is enforced.  

help! its killing me i cannot figure it out.
Who is Participating?
Owen RubinConnect With a Mentor PrincipalCommented:
So I understand this a bit differently now? Everything else works fine, just not the one server? Are you sure it is properly subscribed to the domain controller and that no additional restrictions are set locally on the server as well? The fact that admin can access but users cannot only on this one server points to security settings on the server itself, and something set to override the DC.
Owen RubinPrincipalCommented:
Interesting, you answered some of your own question. The official Microsoft answer to this error is:

"The user name, domain, and password were accepted, but then an administrative restriction was encountered, such as the hours you may log on."

They suggest logging on as a different user.  Yea, right!

It seems that you need to edit the user's restrictions on the server to not have restrictions.

Do you see these problems as administrator? If not, then you know the problem. I suspect new users are created with all the same settings, so they all have the same restrictions. Try creating a new user, manually set the restrictions, and see if that user works. If it does, then you need to change user restricitons on each user.
DC doesn't allow to log on to it regular domain accounts, you need to allow it explicitly. but it'll probably be not a good idea if you are not sure why that is set by default
Train for your Pen Testing Engineer Certification

Enroll today in this bundle of courses to gain experience in the logistics of pen testing, Linux fundamentals, vulnerability assessments, detecting live systems, and more! This series, valued at $3,000, is free for Premium members, Team Accounts, and Qualified Experts.

SANDDRAGON2004Author Commented:
domain admin works fine.

user accounts no bueno.
SANDDRAGON2004Author Commented:
I can add the same user to the domain admins group it works fine.

the users are members of the users group, and the domain users group. I have applied the domain users and users group the the file share, and to the folder security to no avail.
You need to give users - Allow Log on Locally user right in the domain controller as well as add them to remote desktop users group. but that is not recommended by best practices
SANDDRAGON2004Author Commented:
all logon users can access files and folders on the DC, but not this server. all users are members of the same groups.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.