Solved

logon failure user account restrictions on file server

Posted on 2011-03-01
7
1,460 Views
Last Modified: 2012-05-11
I have a file server running windows 2k3 server. and a member server on the domain. my domain controller works fine as a file server. but all users are having problems accessing file and print resources. they get the following error logged on as a domain user.

"logon failure" user account restriction.

possible reasons are blank password not allowed, logon hour restrictions, or a policy restriction is enforced.  

help! its killing me i cannot figure it out.
0
Comment
Question by:SANDDRAGON2004
  • 3
  • 2
  • 2
7 Comments
 
LVL 10

Expert Comment

by:Owen Rubin
ID: 35011867
Interesting, you answered some of your own question. The official Microsoft answer to this error is:

"The user name, domain, and password were accepted, but then an administrative restriction was encountered, such as the hours you may log on."

They suggest logging on as a different user.  Yea, right!

It seems that you need to edit the user's restrictions on the server to not have restrictions.

Do you see these problems as administrator? If not, then you know the problem. I suspect new users are created with all the same settings, so they all have the same restrictions. Try creating a new user, manually set the restrictions, and see if that user works. If it does, then you need to change user restricitons on each user.
0
 
LVL 9

Expert Comment

by:avilov
ID: 35011918
DC doesn't allow to log on to it regular domain accounts, you need to allow it explicitly. but it'll probably be not a good idea if you are not sure why that is set by default
0
 

Author Comment

by:SANDDRAGON2004
ID: 35012232
domain admin works fine.

user accounts no bueno.
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 

Author Comment

by:SANDDRAGON2004
ID: 35012246
I can add the same user to the domain admins group it works fine.

the users are members of the users group, and the domain users group. I have applied the domain users and users group the the file share, and to the folder security to no avail.
0
 
LVL 9

Expert Comment

by:avilov
ID: 35012428
You need to give users - Allow Log on Locally user right in the domain controller as well as add them to remote desktop users group. but that is not recommended by best practices
0
 

Author Comment

by:SANDDRAGON2004
ID: 35018883
all logon users can access files and folders on the DC, but not this server. all users are members of the same groups.

0
 
LVL 10

Accepted Solution

by:
Owen Rubin earned 500 total points
ID: 35020257
So I understand this a bit differently now? Everything else works fine, just not the one server? Are you sure it is properly subscribed to the domain controller and that no additional restrictions are set locally on the server as well? The fact that admin can access but users cannot only on this one server points to security settings on the server itself, and something set to override the DC.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
The password reset disk is often mentioned as the best solution to deal with the lost Windows password problem. In Windows 2008, 7, Vista and XP, a password reset disk can be easily created. But besides Windows 7/Vista/XP, Windows Server 2008 and ot…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question