• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3028
  • Last Modified:

The user has not been granted the requested logon type at this machine error

I have a root domain (root.local) and a child domain child.local, and since my account is belongs to the Enterprise admin group on the root domain up, I was able to fully RDP into any of the child domain servers. I can not longer RDP to any of the servers except the child.local domain controller, and if I console/log locally into the server, I only have limited user access not administrative rights. if I check into a child.local server event viewer I get the following error message:

Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          3/31/2011 4:14:11 PM
Event ID:      4625
Task Category: Logon
Level:         Information
Keywords:      Audit Failure
User:          N/A
Computer:      Server.child.local
An account failed to log on.

      Security ID:            SYSTEM
      Account Name:            Server$
      Account Domain:            CHILD
      Logon ID:            0x3e7

Logon Type:                  10

Account For Which Logon Failed:
      Security ID:            NULL SID
      Account Name:            Administrator
      Account Domain:            ROOT
Failure Information:
      Failure Reason:            The user has not been granted the requested logon type at this machine.
      Status:                  0xc000015b
      Sub Status:            0x0

Process Information:
      Caller Process ID:      0x534
      Caller Process Name:      C:\Windows\System32\winlogon.exe

Network Information:
      Workstation Name:      SERVER
      Source Network Address:
      Source Port:            3603

Detailed Authentication Information:
      Logon Process:            User32
      Authentication Package:      Negotiate
      Transited Services:      -
      Package Name (NTLM only):      -
      Key Length:            0

I have checked and flush DNS and register it, then stopped and restarted netlogon on the DC to no avail, Any help will be appreciated.
  • 5
  • 2
1 Solution
are other EntAdmin accounts able to RDC into the child domain?

you can RDC into machines in the root domain just fine correct?
piedrahitfAuthor Commented:
it is the same for all my enterprise admin accounts, , I can RDP just fine to all the root machines, and to the child DC but none of  the child's servers, I also ran a dc diag and everything passed as tested
by name or by IP?
i'm assuming you can rdc into server.child.local using the child domain Administrator(s) accounts.  if yes, have you checked your domain trust?  
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

piedrahitfAuthor Commented:
they validate from both sides, and yes I get the same results by IP or by FQDN, I can RDP using the child domains admin but not the enterprise admin (root)
piedrahitfAuthor Commented:
Anyone? I still need help, please?
piedrahitfAuthor Commented:
OK, after some research, I found that enterprise admins are local admins on a child domain's Domain controller only, so I just created a global group called GRP_CHILDLocalAdmins on the root domain and added that group to the local administrator group and presto, all root admins can rdp and be administrators on the child domain
piedrahitfAuthor Commented:
Found the answer by visiting other outside forums.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

  • 5
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now