Error 530 User cannot log in

From: Scott Turchin (tngbbs@SINCLAIR.NET)
Date: 10/28/01 

Message-ID:  <000201c15f7c$ec0d69d0$030aa8c0@TNGBBS.tngbbs.com>
Date:         Sat, 27 Oct 2001 23:51:07 -0700
From: Scott Turchin <tngbbs@SINCLAIR.NET>
Subject:      Error 530 User cannot log in
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

Someone posted the error message about error 530, and I have not really
found a FIX for it but I have it working now...
Which brings me to YET another post, so I hope to wrap these both up in one
short post....
First, I was taking the MOC 1561 course last week at Paladin
(www.paladindata.com) on designing a DS Infrastructure (GREAT Class!).

However, upon learning about Global Policies and still thinking about that
FTP Error 530, I was modifying the Log On Locally Right, adding and removing
my LOCAL group and local policy....Well, I inadvertantly REMOVED that right
from the Domain Controller policy....Yup, administrators, everyone...
And as I found out very shortly I could no longer log back into the
box....One click of the mouse was all it took...(Well OK There WAS a confirm
dialog box)

Well, that was not good, so I rebooted my Win2k pro box as well, DOH! Now I
have completely locked myself out of the server, except for the Win98
box....but since it is not really AD compatable all I could do was to
transfer files....Now, I could not even log in locally to the Win2k pro box
at this point in time...That part I did not understand yet, it should have
let me but the account was a domain account and the local admin group was in
that domain admin group...so no go, had to rebuild....

I don't mind admitting I made a huge mistake, we all learn from them, and
this was an awesome learning experience!
Luckily this is a home webserver/fileserver and I learned the easy
way.......

In essence, and to make a long story short, I spent a day and a half
troubleshooting this, and 2 hours rebuilding both boxes...Maybe there was
another way, but it was not known to me (at the time). Now I can have this
fixed in 5 minutes flat....

So, back to the FTP issue:
#1, Error 530 went away after creating a new global group, dropping users in
(Without remote access or TS access), and now they can log in all day long..
#2, Error 530 *MAY* be caused by the FP Server extentions, I did nothing to
them this time around, and my IIS is set up IDENTICAL to the way it was last
time...
Also the file permissions remain the same (They were on D drive and I reset
permissions exactly as they were)...
#3, The only change in my setup this time around was that I did NOTHING to
the FP server extentions other than click the checkbox to install them.
A year or so ago I played around with the various settings, and that is
when I noticed 530. So, there could be something there and I would pursue
that...

Also, the class had module 16, damage control, I *STRONGLY*, can't stress it
enough, Use WIn2k backup and back up that SYSTEM STATE so you can do the
non-authoritative restore, and then learn how to do that authoritative
restore...Microsoft has a great discussion of disaster recovery,
authoritative restores etc:
http://support.microsoft.com/servicedesks/webcasts/wc101999/WCT101999.asp

Scott Turchin
MCSE,MCP+I
Computer Creations Software/The Night Gallery BBS
http://www.tngbbs.com:8080

============================================================================
Delivery co-sponsored by Trend Micro, Inc.
============================================================================
BEST-OF-BREED ANTIVIRUS SOLUTION FOR MICROSOFT EXCHANGE 2000
Earn 5% rebate on licenses purchased for Trend Micro ScanMail for
Microsoft Exchange 2000 between October 1 and November 16. ScanMail
ensures 100% scanning of inbound and outbound traffic and provides
remote software management. For program details or to download your
30-day FREE evaluation copy:
http://www.antivirus.com/banners/tracking.asp?si=53&bi=245&ul=http://www.a
ntivirus.com/smex2000_rebate