Solved

logon failure user account restrictions on file server

Posted on 2011-03-01
7
1,508 Views
Last Modified: 2012-05-11
I have a file server running windows 2k3 server. and a member server on the domain. my domain controller works fine as a file server. but all users are having problems accessing file and print resources. they get the following error logged on as a domain user.

"logon failure" user account restriction.

possible reasons are blank password not allowed, logon hour restrictions, or a policy restriction is enforced.  

help! its killing me i cannot figure it out.
0
Comment
Question by:SANDDRAGON2004
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
7 Comments
 
LVL 10

Expert Comment

by:Owen Rubin
ID: 35011867
Interesting, you answered some of your own question. The official Microsoft answer to this error is:

"The user name, domain, and password were accepted, but then an administrative restriction was encountered, such as the hours you may log on."

They suggest logging on as a different user.  Yea, right!

It seems that you need to edit the user's restrictions on the server to not have restrictions.

Do you see these problems as administrator? If not, then you know the problem. I suspect new users are created with all the same settings, so they all have the same restrictions. Try creating a new user, manually set the restrictions, and see if that user works. If it does, then you need to change user restricitons on each user.
0
 
LVL 9

Expert Comment

by:avilov
ID: 35011918
DC doesn't allow to log on to it regular domain accounts, you need to allow it explicitly. but it'll probably be not a good idea if you are not sure why that is set by default
0
 

Author Comment

by:SANDDRAGON2004
ID: 35012232
domain admin works fine.

user accounts no bueno.
0
What Is Transaction Monitoring and who needs it?

Synthetic Transaction Monitoring that you need for the day to day, which ensures your business website keeps running optimally, and that there is no downtime to impact your customer experience.

 

Author Comment

by:SANDDRAGON2004
ID: 35012246
I can add the same user to the domain admins group it works fine.

the users are members of the users group, and the domain users group. I have applied the domain users and users group the the file share, and to the folder security to no avail.
0
 
LVL 9

Expert Comment

by:avilov
ID: 35012428
You need to give users - Allow Log on Locally user right in the domain controller as well as add them to remote desktop users group. but that is not recommended by best practices
0
 

Author Comment

by:SANDDRAGON2004
ID: 35018883
all logon users can access files and folders on the DC, but not this server. all users are members of the same groups.

0
 
LVL 10

Accepted Solution

by:
Owen Rubin earned 500 total points
ID: 35020257
So I understand this a bit differently now? Everything else works fine, just not the one server? Are you sure it is properly subscribed to the domain controller and that no additional restrictions are set locally on the server as well? The fact that admin can access but users cannot only on this one server points to security settings on the server itself, and something set to override the DC.
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Have you ever had a hard drive that you can't boot into, but need to change the registry? Here is the solution! This article guides you through accessing and editing a registry of a non-primary drive. To read registry information on a non-prim…
This is a little timesaver I have been using for setting up Microsoft Small Business Server (SBS) in the simplest possible way. It may not be appropriate for every customer. However, when you get a situation where the person who owns the server is i…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question