The user has not been granted the requested logon type at this machine error

I have a root domain (root.local) and a child domain child.local, and since my account is belongs to the Enterprise admin group on the root domain up, I was able to fully RDP into any of the child domain servers. I can not longer RDP to any of the servers except the child.local domain controller, and if I console/log locally into the server, I only have limited user access not administrative rights. if I check into a child.local server event viewer I get the following error message:

Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          3/31/2011 4:14:11 PM
Event ID:      4625
Task Category: Logon
Level:         Information
Keywords:      Audit Failure
User:          N/A
Computer:      Server.child.local
An account failed to log on.

      Security ID:            SYSTEM
      Account Name:            Server$
      Account Domain:            CHILD
      Logon ID:            0x3e7

Logon Type:                  10

Account For Which Logon Failed:
      Security ID:            NULL SID
      Account Name:            Administrator
      Account Domain:            ROOT
Failure Information:
      Failure Reason:            The user has not been granted the requested logon type at this machine.
      Status:                  0xc000015b
      Sub Status:            0x0

Process Information:
      Caller Process ID:      0x534
      Caller Process Name:      C:\Windows\System32\winlogon.exe

Network Information:
      Workstation Name:      SERVER
      Source Network Address:
      Source Port:            3603

Detailed Authentication Information:
      Logon Process:            User32
      Authentication Package:      Negotiate
      Transited Services:      -
      Package Name (NTLM only):      -
      Key Length:            0

I have checked and flush DNS and register it, then stopped and restarted netlogon on the DC to no avail, Any help will be appreciated.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

are other EntAdmin accounts able to RDC into the child domain?

you can RDC into machines in the root domain just fine correct?
piedrahitfAuthor Commented:
it is the same for all my enterprise admin accounts, , I can RDP just fine to all the root machines, and to the child DC but none of  the child's servers, I also ran a dc diag and everything passed as tested
by name or by IP?
i'm assuming you can rdc into server.child.local using the child domain Administrator(s) accounts.  if yes, have you checked your domain trust?  
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

piedrahitfAuthor Commented:
they validate from both sides, and yes I get the same results by IP or by FQDN, I can RDP using the child domains admin but not the enterprise admin (root)
piedrahitfAuthor Commented:
Anyone? I still need help, please?
piedrahitfAuthor Commented:
OK, after some research, I found that enterprise admins are local admins on a child domain's Domain controller only, so I just created a global group called GRP_CHILDLocalAdmins on the root domain and added that group to the local administrator group and presto, all root admins can rdp and be administrators on the child domain

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
piedrahitfAuthor Commented:
Found the answer by visiting other outside forums.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.