Re: Users no longer authenticate on W2k-svr

From: Steven L Umbach (n9rou_at_n0-spam-for-me-comcast.net)
Date: 08/09/04 

Date: Mon, 09 Aug 2004 18:36:15 GMT

Even if the computer is not part of a domain the suggestion I made about checking lan
manger authentication level still is appropriate. Otherwise the error you mention
relates to a user not having the user right for logon locally. Open Local Security
Policy and go to security settings/local policies/user rights and make sure
administrators and users are in the "access this computer from the network" user
right and that there is no entry in the "deny access to this computer from the
network" as entries there will override the allow user rights. I would also enable
auditing of logon events on that server and then view the logs in Event Viewer
[system and security] which may show that the users are being denied access and for
what reason. --- Steve

http://www.microsoft.com/resources/documentation/WindowsServ/2003/datacenter/proddocs/en-us/Default.asp?url=/resources/documentation/windowsserv/2003/datacenter/proddocs/en-us/518.asp
-- security log events for logon events.

"Jutta" <tejase1@hotmail.com> wrote in message
news:2cb201c47e2d$ba66e4b0$a501280a@phx.gbl...
> Thanks for your reply.
>
> The W2k server is a standalone server which is used for
> testing. No Active Directory is configured. I also
> noticed, that when just using the RUN option [\\IP address
> c$] and I get a login prompt, I also cannot logon. The
> error I get is: Logon failure: the user has not been
> granted the requested logon type at this computer.
> When I login with a user locally, the same username and
> password works. It seems like remote logon is somehow
> disabled.
>
> Thank you,
> Jutta
>
>
>
> >-----Original Message-----
> >If the rras server is a domain computer make sure it
> still has connectivity to the
> >domain controller in that it can ping it by fully
> qualified domain name such as
> >dc1.mydomain.com. I would also run netdiag on it from the
> support tools on the
> >install cdrom in the support/tools folder where you will
> have to run the setup to
> >install them. Look for any failed tests such as dns, dc
> discovery, kerberos, or
> >domain membership/secure channel that would indicate a
> problem. Usually the problem
> >may be dns related in that domain members need to point
> to the domain controllers
> >only as their preferred dns server. There is also a
> security option that if changed
> >on the rras server that can cause a problem. Open Local
> Security Policy and go to
> >security settings/local policies/security options and
> make sure that the "effective"
> >setting for lan manager authentication level is NOT -
> "send ntlmv2 responses only -
> >refuse ntlm and lm". Setting to send ntlmv2 responses
> only is a good setting in a W2K
> >domain. --- Steve
> >
> >
> >"Jutta Kullmann" <tejase1@hotmail.com> wrote in message
> >news:1b7f01c47c1f$6715d150$a401280a@phx.gbl...
> >> Hi,
> >>
> >> I have a W2k-svr configured for VPN using RAS. I used to
> >> be able to make PPTP connections, but all of a sudden
> all
> >> my users get an error message:
> >>
> >> Error 691: Access was denied because the username and/or
> >> password was invalid on the domain
> >>
> >> I retyped all passwords, but it still fails.
> >>
> >> I don't even know where to start looking?
> >>
> >> Thanks for any advice.
> >> Jutta
> >>
> >>
> >
> >
> >.
> >

Relevant Pages

  • RE: Cant set Local Security policies. They fail to save
    ... predefined Security Template on SBS 2003 to restore security groups ... run "gpupdate.exe /force" under command prompt to force the policy ... reboot the Server to test. ... and then logon to client computer to test if user can save system logs. ...
    (microsoft.public.windows.server.sbs)
  • Re: FOR A SKILLED IT EXPERT - WIN2K SERVER - DOMAIN CONTROLLER
    ... Windows Server 2003 one can, but not from a safe mode boot). ... boots up on cached profile only) The interactive logon problem has applied ... manual security reset. ... If you had not tried the reset we could have pulled you out of this, ...
    (microsoft.public.win2000.security)
  • RE: Logon Issue - could someone explain please
    ... I understand that you get security event 540 ... When a user connects to the shared folder on the SBS server, ... logon auditing, ...
    (microsoft.public.windows.server.sbs)
  • Re: Unknown Domain user - domain authentication appears limited
    ... (using cached login). ... Microsoft MVP (Windows Server System: Security) ... > due to the following error: Logon failure: the user has not been granted ...
    (microsoft.public.windows.server.security)
  • RE: find on which computer is connected a user
    ... You may try to enable the policy "Audit Logon Events" and then audit the ... Write events to the event log of a specified server concerning the status ...
    (microsoft.public.windows.server.general)