Re: Group Policy Errors 1030 and 1058
From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 03/30/05
- Next message: Roger Abell: "Re: Reporting a Microsoft bug"
- Previous message: Hank Arnold: "Re: block a user from deleting their temp internet files"
- In reply to: Edward Meyer: "Re: Group Policy Errors 1030 and 1058"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 30 Mar 2005 08:09:10 -0700
Let me try to unravel this.
You had a domain Domain1.
You now brought up a new domain, Domain2, in a new
forest (if it was in the same forest there was no need to
make a trust, as you mention doing).
You then removed upn suffix xyz.com from Domain1
and defined it for use in Domain2
Since the accounts are defined in Domain1, but the upn
is now associated with Domain2 accounts, when trying
to log in with username@xyz.com the account is not found
(account "username" exists in Domain1 not Domain2, but
use of the upn causes login to be attempted against Domain2)
So, why can you not just log in with "username" and use the
dropbox to say Domain1 and just avoid using the upn ??
-- Roger Abell Microsoft MVP (Windows Security) MCSE (W2k3,W2k,Nt4) MCDBA "Edward Meyer" <EdwardMeyer@discussions.microsoft.com> wrote in message news:367EAFB7-CE32-4D5C-949C-A49F7465947C@microsoft.com... > This is a Win 2003 Server. > Here is a more detailed description of what exactly happened. > We created another Domain Controller say called Domain2 setup a trust with > Domain1 on Domain1 users were logging in as user@xyz.com and user@xyz.net, > so we moved the upn suffiix xyz.com from Domain1 to Domain2, then we > realized our mistake and tried to put it back, but of course we already knew > that would not work, so know logging into Domain1 we get the 1058 error that > this account is not allowed to login from this computer. > we removed the trust but of course makes no different. > the system is still operating i just can't make any changes . > Thanks in advance > > "Edward Meyer" wrote: > > > No test was used for the DNS except the fact that they are right here and > > have not been moved or changed in any way. > > But you are right regarding the locally User Right in GPO. > > i am logging on with the administrator account into the DC. > > > > "Roger Abell" wrote: > > > > > Sometimes DNS is supposed to have changed. > > > How is it that you know it is alright? What test was used? > > > > > > Anyway, I doubt you issue is DNS. > > > > > > The setting is the Log on locally User Right in GPOs that have > > > effect on that machine. > > > > > > You have not provided info as to what account you are using > > > when seeing this. It sounds like you are logging into a DC with > > > a Domain Admin account of the domain of that DC?? > > > > > > > > > -- > > > Roger Abell > > > Microsoft MVP (Windows Security) > > > MCSE (W2k3,W2k,Nt4) MCDBA > > > "Edward Meyer" <EdwardMeyer@discussions.microsoft.com> wrote in message > > > news:AF779703-9692-4C69-A667-02C00CE76905@microsoft.com... > > > > I am having a problem with accessing GPO. the rror is: this account is not > > > > authorized to logon from this station. > > > > Now this all happened aftter a trust relation ship was setup with another > > > > Domain and then the trust was removed. > > > > so now logging on to the original domain controller i can logon but cannot > > > > change anything. > > > > any suggestions on how to reset this will be greatly appreciated. > > > > and yes DNS an all that is fine and has not changed. > > > > -- > > > > Edward > > > > Mojave Valley > > > > > > > > >
- Next message: Roger Abell: "Re: Reporting a Microsoft bug"
- Previous message: Hank Arnold: "Re: block a user from deleting their temp internet files"
- In reply to: Edward Meyer: "Re: Group Policy Errors 1030 and 1058"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
