Re: Users no longer authenticate on W2k-svr

From: Jutta (tejase1_at_hotmail.com)
Date: 08/11/04 

Date: Tue, 10 Aug 2004 18:20:41 -0700

Thank you Steven, the user rights setting in the Local
Security Policy did it. I don't know why this would have
been blank, since I didn't change it and all used to work
before. Nobody is really using this server other than for
outbound remote access?

Now my PPTP clients authenticate and connect, however my
routed connection from my R9100 Netopia router doesn't. It
authenticates but it seems to fail on IP, when I am trying
to establish the connection from the router. When I am
establishing the connection from the RAS server, all is
working and I can ping LAN to LAN.

Any thoughts on this one?

Thanks,
Jutta

>-----Original Message-----
>Even if the computer is not part of a domain the
suggestion I made about checking lan
>manger authentication level still is appropriate.
Otherwise the error you mention
>relates to a user not having the user right for logon
locally. Open Local Security
>Policy and go to security settings/local policies/user
rights and make sure
>administrators and users are in the "access this computer
from the network" user
>right and that there is no entry in the "deny access to
this computer from the
>network" as entries there will override the allow user
rights. I would also enable
>auditing of logon events on that server and then view the
logs in Event Viewer
>[system and security] which may show that the users are
being denied access and for
>what reason. --- Steve
>
>http://www.microsoft.com/resources/documentation/WindowsSe
rv/2003/datacenter/proddocs/en-us/Default.asp?
url=/resources/documentation/windowsserv/2003/datacenter/pr
oddocs/en-us/518.asp
>-- security log events for logon events.
>
>
>"Jutta" <tejase1@hotmail.com> wrote in message
>news:2cb201c47e2d$ba66e4b0$a501280a@phx.gbl...
>> Thanks for your reply.
>>
>> The W2k server is a standalone server which is used for
>> testing. No Active Directory is configured. I also
>> noticed, that when just using the RUN option [\\IP
address
>> c$] and I get a login prompt, I also cannot logon. The
>> error I get is: Logon failure: the user has not been
>> granted the requested logon type at this computer.
>> When I login with a user locally, the same username and
>> password works. It seems like remote logon is somehow
>> disabled.
>>
>> Thank you,
>> Jutta
>>
>>
>>
>> >-----Original Message-----
>> >If the rras server is a domain computer make sure it
>> still has connectivity to the
>> >domain controller in that it can ping it by fully
>> qualified domain name such as
>> >dc1.mydomain.com. I would also run netdiag on it from
the
>> support tools on the
>> >install cdrom in the support/tools folder where you
will
>> have to run the setup to
>> >install them. Look for any failed tests such as dns, dc
>> discovery, kerberos, or
>> >domain membership/secure channel that would indicate a
>> problem. Usually the problem
>> >may be dns related in that domain members need to point
>> to the domain controllers
>> >only as their preferred dns server. There is also a
>> security option that if changed
>> >on the rras server that can cause a problem. Open Local
>> Security Policy and go to
>> >security settings/local policies/security options and
>> make sure that the "effective"
>> >setting for lan manager authentication level is NOT -
>> "send ntlmv2 responses only -
>> >refuse ntlm and lm". Setting to send ntlmv2 responses
>> only is a good setting in a W2K
>> >domain. --- Steve
>> >
>> >
>> >"Jutta Kullmann" <tejase1@hotmail.com> wrote in message
>> >news:1b7f01c47c1f$6715d150$a401280a@phx.gbl...
>> >> Hi,
>> >>
>> >> I have a W2k-svr configured for VPN using RAS. I
used to
>> >> be able to make PPTP connections, but all of a sudden
>> all
>> >> my users get an error message:
>> >>
>> >> Error 691: Access was denied because the username
and/or
>> >> password was invalid on the domain
>> >>
>> >> I retyped all passwords, but it still fails.
>> >>
>> >> I don't even know where to start looking?
>> >>
>> >> Thanks for any advice.
>> >> Jutta
>> >>
>> >>
>> >
>> >
>> >.
>> >
>
>
>.
>

Relevant Pages

  • Re: remote desktop rights on domain controller
    ... First of for domain controllers user rights must be configured in Domain ... Controller Security Policy - not local policy. ... The user right for logon ... Group on the domain controller if using Windows 2003. ...
    (microsoft.public.windows.server.security)
  • Re: The local policy of this system does not permit you to logon i
    ... group is in the "Deny local logon" or anything like that. ... Is the administrator in any groups other than Administrators and Domain Users? ... The problem has to lie somewhere in your Local Security policy, ... We were asked to look at a SBS 2003 server & found that the group policy ...
    (microsoft.public.windows.server.sbs)
  • Re: Must loosen security screws for vendor
    ... It's quite ridiculous for apps to require that users have local admin ... rights but requiring that they be able to logon on to the server is ... How are you able to restrict users to ONLY logon to ... > Can I give them access to it, then take away all of their rights? ...
    (microsoft.public.windows.server.sbs)
  • Re: How do I disable TS on my SBS 2k3 system and run it on my app
    ... I demoted the Win2k3 server so it is not a DC and removed the changes to ... the domain controller security policy. ... administrators can logon to the SBS server. ...
    (microsoft.public.windows.server.sbs)
  • Re: Permissions issue with users in Domain Users not able to see p
    ... A user always has to have local logon rights on a computer, ... is delete the user profile on the computer when logged ...
    (microsoft.public.backoffice.smallbiz2000)