The user has not be granted the requested logon type at this machine
From: Beverly Treadwell (prgmrblu_at_newsgroup.nospam)
Date: 11/09/04
- Next message: Roland Hall: "Re: Demoting DC broke IIS security"
- Previous message: Adriaan Vermeersch: "DenyUrlSequences"
- Next in thread: WenJun Zhang[msft]: "RE: The user has not be granted the requested logon type at this machine"
- Reply: WenJun Zhang[msft]: "RE: The user has not be granted the requested logon type at this machine"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 8 Nov 2004 16:49:04 -0800
Folks -
I have am experiencing a problem with changing the user
for several pages on my web site.
We have used this setup for quite a while and this problem only
began after a massive change in security policies at the corporate level.
What we do:
In order to allow for downloads of a file from a shared directory we
change the security of the required web site files in the IIS management
console
to run the anonymous user as <Domain>/<Domain User>.
When I tried this on the new server configuration I received the following
errors
in the System and Security logs:
Event Type: Warning
Event Source: W3SVC
Event Category: None
Event ID: 100
Date: 11/8/2004
Time: 4:34:16 PM
User: N/A
Computer: <My Web Server>
Description:
The server was unable to logon the Windows NT account 'domain\domainuser'
due to the following error: Logon failure: the user has not been granted the
requested logon type at this computer. The data is the error code.
---------------------------------------------
Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 534
Date: 11/8/2004
Time: 4:34:16 PM
User: NT AUTHORITY\SYSTEM
Computer: <My Web Server>
Description:
Logon Failure:
Reason: The user has not been granted the requested
logon type at this machine
User Name: domainuser
Domain: domain
Logon Type: 2
Logon Process: IIS
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Workstation Name: <My Web Server>
-----------------------------------------------
Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 534
Date: 11/8/2004
Time: 4:34:16 PM
User: NT AUTHORITY\SYSTEM
Computer: <My Web Server>
Description:
Logon Failure:
Reason: The user has not been granted the requested
logon type at this machine
User Name: domainuser
Domain: domain
Logon Type: 4
Logon Process: IIS
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Workstation Name: <My Web Server>
-------------------------------------------------
I have given the user the following permissions in the local GPO.
logon locally (which is all it should need).
logon as batch
Access this computer form the network
I also tried "Impersonate"
I still get the above errors. What I did find was that I could make this
work after
I had given the user local admin permissions and actually logged in locally
and
created a profile. Once done I could remove the admin permission for the
user.
We have never had to login as the user previously to make this work. I have
quite a few
servers and do not want to have to login to each one!
Did I miss something? Any ideas?
Thanks!
- Next message: Roland Hall: "Re: Demoting DC broke IIS security"
- Previous message: Adriaan Vermeersch: "DenyUrlSequences"
- Next in thread: WenJun Zhang[msft]: "RE: The user has not be granted the requested logon type at this machine"
- Reply: WenJun Zhang[msft]: "RE: The user has not be granted the requested logon type at this machine"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
