• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3028
  • Last Modified:

The user has not been granted the requested logon type at this machine error

I have a root domain (root.local) and a child domain child.local, and since my account is belongs to the Enterprise admin group on the root domain up, I was able to fully RDP into any of the child domain servers. I can not longer RDP to any of the servers except the child.local domain controller, and if I console/log locally into the server, I only have limited user access not administrative rights. if I check into a child.local server event viewer I get the following error message:

Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          3/31/2011 4:14:11 PM
Event ID:      4625
Task Category: Logon
Level:         Information
Keywords:      Audit Failure
User:          N/A
Computer:      Server.child.local
Description:
An account failed to log on.

Subject:
      Security ID:            SYSTEM
      Account Name:            Server$
      Account Domain:            CHILD
      Logon ID:            0x3e7

Logon Type:                  10

Account For Which Logon Failed:
      Security ID:            NULL SID
      Account Name:            Administrator
      Account Domain:            ROOT
Failure Information:
      Failure Reason:            The user has not been granted the requested logon type at this machine.
      Status:                  0xc000015b
      Sub Status:            0x0

Process Information:
      Caller Process ID:      0x534
      Caller Process Name:      C:\Windows\System32\winlogon.exe

Network Information:
      Workstation Name:      SERVER
      Source Network Address:      192.168.1.95
      Source Port:            3603

Detailed Authentication Information:
      Logon Process:            User32
      Authentication Package:      Negotiate
      Transited Services:      -
      Package Name (NTLM only):      -
      Key Length:            0

I have checked and flush DNS and register it, then stopped and restarted netlogon on the DC to no avail, Any help will be appreciated.
0
piedrahitf
Asked:
piedrahitf
  • 5
  • 2
1 Solution
 
DraginMagikCommented:
are other EntAdmin accounts able to RDC into the child domain?

you can RDC into machines in the root domain just fine correct?
0
 
piedrahitfAuthor Commented:
it is the same for all my enterprise admin accounts, , I can RDP just fine to all the root machines, and to the child DC but none of  the child's servers, I also ran a dc diag and everything passed as tested
0
 
DraginMagikCommented:
by name or by IP?
i'm assuming you can rdc into server.child.local using the child domain Administrator(s) accounts.  if yes, have you checked your domain trust?  
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
piedrahitfAuthor Commented:
they validate from both sides, and yes I get the same results by IP or by FQDN, I can RDP using the child domains admin but not the enterprise admin (root)
0
 
piedrahitfAuthor Commented:
Anyone? I still need help, please?
0
 
piedrahitfAuthor Commented:
OK, after some research, I found that enterprise admins are local admins on a child domain's Domain controller only, so I just created a global group called GRP_CHILDLocalAdmins on the root domain and added that group to the local administrator group and presto, all root admins can rdp and be administrators on the child domain
0
 
piedrahitfAuthor Commented:
Found the answer by visiting other outside forums.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

  • 5
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now