Solved

Unable to log into Windows 2012 server from console

Posted on 2016-08-01
8
60 Views
Last Modified: 2016-08-06
In the last week one of my clients servers has stopped the Administrator account from logging in from the console, you can however log in from a remote desktop session.

Nothing has changed on the domain other than the addition of a Hyper-V remote desktop server onto the domain, I've checked all the group policy settings and they all allow login from local device.

Spent most of the day today trying to resolve the problem, hopefully an expert can help, the error is :

The sign in method you're trying to use isn't allowed. For more info, contact your network administrator.
0
Comment
Question by:niesmann
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 4

Expert Comment

by:Alexandre Michel
ID: 41737567
Hi

Try to create a new Group Policy & add Domain users and administrator to the Allow Logon Locally in GPO,

Group Policy Management--> Computer Configuration --> Windows Settings --> Security Settings --> Local Policies -->

User Rights Assignment --> Allow Log on Locally  

Alex
0
 
LVL 39

Expert Comment

by:Philip Elder
ID: 41737639
Compare the Default Domain Policy and the Default Domain Controllers Policy against an untouched version set.

As a rule, one should not edit those two GPOs ever.

It sounds like a smart card policy or the like has been implemented at a global scope.
0
 
LVL 41

Expert Comment

by:Adam Brown
ID: 41737686
Alexandre's recommendation should work for you. Sounds like the user rights assignment was modified.
0
Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

 

Author Comment

by:niesmann
ID: 41737696
Hi  
Many thanks for your advice, I have created a new GPO and applied and I still have the same problem, I've also compared the default domain policy's against another server on another domain and everything seems the same.

Is there a registry entry on the server itself that could restrict the login and if so which would take precedent the GPO or a local registry entry.

Never had this problem before

Thanks again
0
 
LVL 41

Assisted Solution

by:Adam Brown
Adam Brown earned 500 total points
ID: 41737705
run rsop.msc on the server and go to the user rights assignment section. That should tell you what the effective settings are and which GPO is "winning".
0
 

Author Comment

by:niesmann
ID: 41737712
Hi Adam

Just checked via rsop and the new policy I just created is winning and the allow local logon is set correctly , really odd.
0
 

Accepted Solution

by:
niesmann earned 0 total points
ID: 41738599
Hi all

Managed to find the solution eventually there was a local deny policy in place that had random characters as the user name, I removed the policy and was now able to logon, thanks for all your help on this and confirming I wasn't going bonkers, sometimes you can't see the wood for the trees !
0
 

Author Closing Comment

by:niesmann
ID: 41745364
After Adam confirming I was on the right track with GPO eventually I managed to work out the solution
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The following article is comprised of the pearls we have garnered deploying virtualization solutions since Virtual Server 2005 and subsequent 2008 RTM+ Hyper-V in standalone and clustered environments.
Every now and then, Microsoft does something that totally impresses me. It doesn't happen often, but in this case I must say I am thoroughly impressed with Windows Server Backup. One of the long time issues with Windows Backup has been the ability t…
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question