Re: Authentication Failure

• Previous message: Dueyx: "Password protect / lock MMC"
• In reply to: Steven L Umbach: "Re: Authentication Failure"
• Next in thread: Steven L Umbach: "Re: Authentication Failure"
• Reply: Steven L Umbach: "Re: Authentication Failure"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 08 Sep 2005 02:32:32 -0700

Hi Steven,

We're on the same wavelength - I'd already saved and cleared the logs.
There is nothing showing in the event logs on the DC. I'm really
confused! I'm going to re-image the two affected machines today (yes, a
4th one has gone now!) then I'll turn on MORE auditing to see if I can
discover what's causing this VERY annoying problem!

Thanks for the advice so far....

Sam.

"Steven L Umbach" <n9rou@nospam-comcast.net> wrote in
news:OKm1$H8sFHA.908@tk2msftngp13.phx.gbl:

> This may be a longshot but next time try logging on as a local
> administrator and clearing the security log. The reason being if you
> have crashonauditfail security option enabled in the security policy
> it could prevent any user other than a local administrator from
> logging onto the computer when the security log becomes full but
> usually the computer blue screens when this is enabled and the
> security log becomes full. Also look in the security logs of your
> domain controllers to see if any failed logon events are recorded for
> those domain users that may provide more information. You would want
> to make sure that auditing of "account logon" events and account
> management are enabled in Domain Controller Security Policy and that
> the security logs have been increased in size from default quite a bit
> to say at least 20MB. --- Steve
>
>
> "Sam Spade" <sams@not.real.actually.fake> wrote in message
> news:Xns96CA9DF3C35F7Samisnotactuallyreal@207.46.248.16...
>> Steven,
>>
>> Thanks for the reply. Netdiag shows no problems except no default
>> gateway is defined - not a problem as all Internet traffic is forced
>> through the ISA Server.
>>
>> I can log onto the affected workstations as Local Administrator _OR_
>> as Domain administrator. As Domain Admin. I have full connectivity.
>>
>> I am perplexed. Any other suggestions?
>>
>> Sam.
>>
>>
>> "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in
>> news:#j8kGQ2sFHA.3088@TK2MSFTNGP12.phx.gbl:
>>
>>> Next time that happens see if a local administrator can logon to the
>>> computer and then run the support tool netdiag on it to see if it
>>> reports any problems with dns, dc discovery, kerberos, secure
>>> channel/computer account, etc. Make sure your domain computers
>>> point only to domain controllers as their preferred dns servers.
>>> --- Steve
>>>
>>>
>>> "Sam Spade" <sams@not.real.actually.fake> wrote in message
>>> news:Xns96C97390F2B18Samisnotactuallyreal@207.46.248.16...
>>>> Group,
>>>>
>>>> Bit of a weird one here....
>>>>
>>>> I have set up an entirely Win2K network and locked the permissions
>>>> down hard.
>>>>
>>>> Occasionally, and this has now happened on three of the
>>>> workstations, when a user tries to logon we get:
>>>>
>>>> security event 533
>>>> Reason: User not allowed to logon at this computer
>>>> Logon process User32
>>>>
>>>> Nothing has changed on the users permissions or group policy, they
>>>> are all domain users and can log on to any other workstations.
>>>>
>>>> I have cured this in the past my re-imaging the drive - a fairly
>>>> simple process but I'd actually like to know what is going wrong.
>>>>
>>>> Any ideas anyone?
>>>>
>>>> TIA,
>>>>
>>>> Sam.
>>>
>>>
>>>
>>
>
>

• Previous message: Dueyx: "Password protect / lock MMC"
• In reply to: Steven L Umbach: "Re: Authentication Failure"
• Next in thread: Steven L Umbach: "Re: Authentication Failure"
• Reply: Steven L Umbach: "Re: Authentication Failure"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]