Solved

logon failure user account restrictions on file server

Posted on 2011-03-01
7
1,433 Views
Last Modified: 2012-05-11
I have a file server running windows 2k3 server. and a member server on the domain. my domain controller works fine as a file server. but all users are having problems accessing file and print resources. they get the following error logged on as a domain user.

"logon failure" user account restriction.

possible reasons are blank password not allowed, logon hour restrictions, or a policy restriction is enforced.  

help! its killing me i cannot figure it out.
0
Comment
Question by:SANDDRAGON2004
  • 3
  • 2
  • 2
7 Comments
 
LVL 10

Expert Comment

by:Owen Rubin
ID: 35011867
Interesting, you answered some of your own question. The official Microsoft answer to this error is:

"The user name, domain, and password were accepted, but then an administrative restriction was encountered, such as the hours you may log on."

They suggest logging on as a different user.  Yea, right!

It seems that you need to edit the user's restrictions on the server to not have restrictions.

Do you see these problems as administrator? If not, then you know the problem. I suspect new users are created with all the same settings, so they all have the same restrictions. Try creating a new user, manually set the restrictions, and see if that user works. If it does, then you need to change user restricitons on each user.
0
 
LVL 9

Expert Comment

by:avilov
ID: 35011918
DC doesn't allow to log on to it regular domain accounts, you need to allow it explicitly. but it'll probably be not a good idea if you are not sure why that is set by default
0
 

Author Comment

by:SANDDRAGON2004
ID: 35012232
domain admin works fine.

user accounts no bueno.
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 

Author Comment

by:SANDDRAGON2004
ID: 35012246
I can add the same user to the domain admins group it works fine.

the users are members of the users group, and the domain users group. I have applied the domain users and users group the the file share, and to the folder security to no avail.
0
 
LVL 9

Expert Comment

by:avilov
ID: 35012428
You need to give users - Allow Log on Locally user right in the domain controller as well as add them to remote desktop users group. but that is not recommended by best practices
0
 

Author Comment

by:SANDDRAGON2004
ID: 35018883
all logon users can access files and folders on the DC, but not this server. all users are members of the same groups.

0
 
LVL 10

Accepted Solution

by:
Owen Rubin earned 500 total points
ID: 35020257
So I understand this a bit differently now? Everything else works fine, just not the one server? Are you sure it is properly subscribed to the domain controller and that no additional restrictions are set locally on the server as well? The fact that admin can access but users cannot only on this one server points to security settings on the server itself, and something set to override the DC.
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

This article covers how to install the Microsoft Windows Operating System (OS). What is covered in this article:  > Different Versions and Editions of the Windows OS  > Upgrading versus Fresh Installation of the OS           - Steps to take pr…
Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now