Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations John Tel on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Intermittent Issue - Cannot Login Interactively

Status
Not open for further replies.
klamb

klamb

IS-IT--Management
Mar 30, 2001
55
GB
Hello,

We are experiencing a few issues where some of our users cannot login in the morning, the PCs display the error 'cannot login interactively.....' - the resolution for us is to login with an workstation admin account, force gpupdate, restart and get the user to login - this works fine and the user can login the next day, etc.

It's just that this is happening every morning with different users - usually around 20 users per morning.

We have around 400 users with 3 domain controllers - any advice would be appreciated.
 
Sort by date Sort by votes
Is there a GPO being applied to a certain group of users which disables this right? it seems that when you run gpudate goes away.. therefore sounds like another policy that is causing this.
 
Upvote 0 Downvote
thanks for the reply...

The issue is not confined to one group of users (department OU), but is apparently random throughout the network. Group policy is fairly standard for all users, member of Permanent Staff group, allowed login access on all PCs. The only deviation is restricted access to Directors PCs and IT Admins PCs.

We don't think it's group policy as such but more the mechanism between the PC and AD - that person can't update the PC, admin can, then the user gets logged in. This seems to show that the PC is talking with AD but the user can't update group policy for the PC so the user doesn't get verified. Once the admin logs in, group policy is downloaded for the PC, user logs in and all is OK. We can't seem to pinpoint any issue on the PC, user account, AD or group policy.

The DC's aren't under any stress at the time, and nothing shows any specific errors.

 
Upvote 0 Downvote
They the users with issues, are they local LAN to the DC or are they on the other side of a WAN? Just wondering about slow links, network congestion, everyone logging in at the same time on a slow link can cause GP to fail to update in a timely fashion and fail.

RoadKi11
 
Upvote 0 Downvote
Thanks for your time...

They are all on the same LAN - different IP subnet, 1 L3 switched interface in between..... No slow links.

The people with issues are never the same, once gpupdate has been forced by admin the user is fine going forward (for the time being).

Thanks,

Kenny




 
Upvote 0 Downvote
I use the 'Deny logon locally' extensively with in my school and it works well, but it has to be set in the GPO of the computer OU. Might be worth checking the OUs for the computers on the various DCs, sounds like they are conflicting.
Could well be worth running a gpresult to highlight what policy is being applied from where.
 
Upvote 0 Downvote
Many thanks - I will ask the server guys about what you have highlighted.

Cheers,

Kenny
 
Upvote 0 Downvote
The server guys moved the allow users login locally policy to the top level group policy as it appeared that the default was being applied but not all GPO's...

Thanks for all who answered the initial query.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

techbrain1
  • Locked
  • Question
Trust relationship issue 1
Replies
3
Views
709
araheusaff
araheusaff
pomazip
  • Locked
  • Question
Windows Server 2019 mac address issue
Replies
2
Views
848
pomazip
pomazip
andyferris
  • Locked
  • Question
DC Event logs auditing cannot be set by GPO
Replies
1
Views
312
RRankin355
RRankin355
StevenFromSouth
  • Locked
  • Question
VPN Connects but cannot access remote network computers or folders
Replies
1
Views
295
StevenFromSouth
StevenFromSouth
telecotek1
  • Locked
  • Question
strange DNS issue
Replies
1
Views
393
telecotek1
telecotek1

Part and Inventory Search

Sponsor

Back
Top