Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

"Logon Failure" Help Needed ASAP PLEASE 1

Status
Not open for further replies.

robctech

IS-IT--Management
Oct 12, 2001
114
CA
Situation:

I am running 2000 server is IIS services utilizing the ftp for transfering for my clients. If I attempt to logon under my own account I have no problems as I have administrator access. I have created a group for ftp access and then done the following:

Local Security Policy
- User Rights Assignments
Added FTP Users Group to the following.
- Access this computer from the network
- Log On Locally

But now I am still having a problem when trying to log in from one of the accounts. It fails login and the following message appears in the log. I need help with this ASAP PLEASE

Log Message:
The server was unable to logon the Windows NT account 'blcopoll' due to the following error: Logon failure: the user has not been granted the requested logon type at this computer
 
The domain security policy overrides the local one...
 
Sounds to me like that user ID has not been granted the right of "Log On Interactively" or "Access this computer from the network"
 
vbrocks...how do I set for the local security policy to be the primary or how do I modify the domain security policy?
 
Is it just one account that is messed up or all of them?
If only one account, go into AD (on the DC) users and computers, right click on the user, select properties, then grant the user remote access permission.
 
There are multiple accounts all belonging to a single group
 
Another place to check is your remote access policy, which is in Routing and remote access.
 
What would remote access policy have to do with FTP access. The users are not coming in on terminal services..they are coming in through ftp client? But I'm checking.
 
I thought it might be a VPN....

Right click on the group and goto properties and then to the GPO tab, Local policy is only for logging in locally at the workstation. If you login through the network you have to use the domain policy...
 
I forgot to say go to AD users and computers first...oops
 
If you are in the GPO of the group then you are using domain policy...
 
Ok...vbrock...could you be a little more specific. what is GPO...still don't know all the short forms for this stuff. Man did microsoft ever make things complicated...sheeesh...LOL
 
Try this on one user ...

Make the password the same on both computers for 1 particular user and try that.


Are you using NT?
 
If you go to local security policy on the machine in question, click on local policies and then User rights assignments, then click on Logon Localy, does the effective policy setting match the local policy setting? How about Access the computer from the network?
 
If they do not match then you have to change the Domain Security Policy. Or if the machine is a DC, then you have to change the Domain Controller Security Policy .....

Nothing like a little redundancy ....
 
vbrocks...can really use your help on this...any chance you can e-mail me directly to try and help me through this problem...robc@rncdevelopment.com Going to try your suggestions...here is the system info

Windows 2000 Server
Primary Domain Controller
2 Nics..One internal One Internet
 
vbrocks...never mind solved the problem...thanks alot for all your help
 
LOL...my 2000 server is a primary domain controller. Had to go into Domain Controller Security Policy/Security Settings/Local Policies/User Rights Assignement

Then Gave the group Access this computer from Network as well as log on locally. then ran the force update on active directory...all functions correctly
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top