Re: Logon failures reported by RSOP

"Roger Abell [MVP]" <mvpNoSpam@xxxxxxx> wrote in message
news:OFlySOAfHHA.5052@xxxxxxxxxxxxxxxxxxxxxxx
Have you asked that main admin ?

Err... I'd say he's likely to know less about it than I am! I'll see
what I can do, though.

I am at a toss-up as to whether this is an access problem
for your account when running rsop but some other problem
that leads to the issue you were attempting to triage.

That's what I'm worried about too. A false lead.

Check that Authenticated Users has read access on the
domain's sysvol shared policies to narrow down the
rsop issue.

Yes, Authenticated Users has Read and Execute access to the policies.

What are the symptoms you see on the clients, or is it only
that on some of them some services are not starting ??

The problem is starting to show up on other clients now.

The problem is first noticed when a user complains that he cannot access
a mapped network drive. We check and find that a bunch of services,
especially network-related have failed to start, including Browser,
Server, Automatic Updates, and Secondary Logon (I don't have a complete
list with me, but it's the same set of services every time).

When the machine's computer object in Active Directory is moved into an
OU whose policy inheritance has been blocked, and the computer rebooted,
all of these services will have started normally.

If I add policy links to this inheritance-blocked OU one at a time, and
reboot the client after each one, the machine starts all of its services
normally. This continues until all four of the policies it was receiving
in its original OU are being obtained, without any problem.

If I then move the computer object back to its original OU, the problem
returns.

Disjoining the computer from the domain, deleting its computer object,
then re-adding it to the domain and moving its object into the OU fixed
the problem for about a day, but then it returned.

I've learned the above through testing since I posted my original
message. I've also found that the strange RSOP warnings only appear when
the problem occurs.

We're all stumped here, and appreciate your thoughts on the matter.

--
David
Stardate 7276.7

"David Trimboli" <trimboli@xxxxxxxx> wrote in message
news:OL6R855eHHA.1960@xxxxxxxxxxxxxxxxxxxxxxx
Scratch that. I do have access to the Event Viewer security log
remotely, but I don't know what to look for. I think the main admin
is auditing logon/logoff events, but nothing else.

David
Stardate 7273.8

"David Trimboli" <trimboli@xxxxxxxx> wrote in message
news:ukiRlq5eHHA.4868@xxxxxxxxxxxxxxxxxxxxxxx
I'm afraid I don't have login access to the DCs to check.

David
Stardate 7273.7

"Roger Abell [MVP]" <mvpNoSpam@xxxxxxx> wrote in message
news:O%23mOkbEeHHA.2332@xxxxxxxxxxxxxxxxxxxxxxx
Assuming you are logging Logon failure on the DCs, what
account is being seen as attempting these failed accesses?


"David Trimboli" <trimboli@xxxxxxxx> wrote in message
news:eZcD$44dHHA.596@xxxxxxxxxxxxxxxxxxxxxxx
We've got several group policies applied to our domain computers.
Recently we've been seeing some odd problems, like policies
causing many network-related services to fail to start on a couple
of clients.

I've just run rsop.msc on a few machines (clients are Windows XP
Professional, servers are Windows Server 2003), and they're all
getting the same error:




wmplayer.adm
Location -
"\\cshl.edu\SysVol\cshl.edu\Policies\{934E85AD-1D0E-40D9-8495-737800C85CBC}\Adm\wmplayer.adm"
Error - Logon failure: unknown user name or bad password.
wuau.adm
Location -
"\\cshl.edu\sysvol\cshl.edu\Policies\{7F71AFC2-939C-4975-BDFE-F632DA35B076}\Adm\wuau.adm"
Error - Logon failure: unknown user name or bad password.
system.adm
Location -
"\\cshl.edu\sysvol\cshl.edu\Policies\{7F71AFC2-939C-4975-BDFE-F632DA35B076}\Adm\system.adm"
Error - Logon failure: unknown user name or bad password.
conf.adm
Location -
"\\cshl.edu\sysvol\cshl.edu\Policies\{7F71AFC2-939C-4975-BDFE-F632DA35B076}\Adm\conf.adm"
Error - Logon failure: unknown user name or bad password.
inetres.adm
Location -
"\\cshl.edu\sysvol\cshl.edu\Policies\{7F71AFC2-939C-4975-BDFE-F632DA35B076}\Adm\inetres.adm"
Error - Logon failure: unknown user name or bad password.





It looks like two of our policies are mysteriously not loading
fully. I've looked through the policies, and I've examined the
file permissions of the files listed, but I can find nothing
wrong. Is there something else I can do to figure out what the
problem is?

--
David
Stardate 7259.6











.

Relevant Pages

  • Re: Logon failures reported by RSOP
    ... I do have access to the Event Viewer security log ... Recently we've been seeing some odd problems, like policies causing ... Error - Logon failure: unknown user name or bad password. ...
    (microsoft.public.windows.group_policy)
  • Re: Logon failures reported by RSOP
    ... for your account when running rsop but some other problem ... Recently we've been seeing some odd problems, like policies causing ... Error - Logon failure: unknown user name or bad password. ...
    (microsoft.public.windows.group_policy)
  • Re: Logon failures reported by RSOP
    ... Stardate 7273.7 ... Error - Logon failure: unknown user name or bad password. ... It looks like two of our policies are mysteriously not loading fully. ...
    (microsoft.public.windows.group_policy)
  • Logon failures reported by RSOP
    ... We've got several group policies applied to our domain computers. ... Recently we've been seeing some odd problems, ... Error - Logon failure: unknown user name or bad password. ...
    (microsoft.public.windows.group_policy)
  • Re: folder redirection for 1 out of 70 users is not working... why
    ... Error - Logon failure: unknown user name or bad password. ... Group Policy Infrastructure failed due to the error listed below. ... Everything works great except this folder redirection. ...
    (microsoft.public.windows.server.general)