Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

URGENT Interactive login issue

Status
Not open for further replies.
sgscit

sgscit

Technical User
Nov 18, 2002
134
0
0
AU
Hi folks,

We have a problem onsite where today we have started getting the following error:

"The local policy of this system does not permit you to logon interactively."

Nothing on the systems that are affected has been changed for a while.

Systems affected are 2k/XP.

It essentially means the users cannot login to the computers!

This is very annoying when they need to work and are unable to.

We have gone through looking for settings that stand out but as both workstations, servers and Domain Servers are effected we are finding difficulties.

Different users are locked out of different machines. IE one of my admins cannot get onto her own machine but the domain admin account can, yet on a server that normally logs in with the domain admin account, she can login but the domain admin account cannot.

Power Users, administrators and standard users are affected.

I think it is a conflict between domain settings and local settings but why it would pop its head up now has me stumped.

All I can really say is.....

HEELLLPPP!

Pete
[morning]


 
Sort by date Sort by votes
What has changed? How long has this been going on?

Glen A. Johnson
Johnson Computer Consulting
"I only know that I know nothing."
Socrates (47-399 BC); Greek philosopher

Want to get great answers to your Tek-Tips questions? Have a look at FAQ219-2884
 
Upvote 0 Downvote
We found some similar items on the Internet with the same sort of issue happening. Extrapolation of these findings helped us work out that the "deny local login" and "allow local login" policies were not functioning properly or the "users" group for some reason was required/excluded etc.

We added the users group to the allow local login policy and pushed a policy refresh to the network.

Problem resolved. Now we have to work out where the hell the problem came from.

There are only 2 IT working here and neither of us has made any policy changes. Neither of us has even done any server work in the last couple of weeks.

It only started on Friday.

None of the 3 Domain servers are set to recieve automatic updates but some of the domain PC's are.

Is it possible that an MS patch has altered the network policies somehow?
ie a patch to fix one thing has busted another?

Thanks.

Pete
[morning]
 
Upvote 0 Downvote
Don't rule it out. I have seen patches cause more problems than they were supposed to fix. Terminal services come to mind. You're sure nothing changed?

Glen A. Johnson
Johnson Computer Consulting
"I only know that I know nothing."
Socrates (47-399 BC); Greek philosopher

Want to get great answers to your Tek-Tips questions? Have a look at FAQ219-2884
 
Upvote 0 Downvote
I had that problem with my clients before too.. and nothing was changed either... all of a sudden some of my clients where deny access to logon. And my clients are all running win2K and XP too.

The only change that was made was that I copy a local user profile to the DC and then logon from the client using the roaming profile instead of the local profile and then the next day some of my clients were deny access to logon.

I still don't know why that happened.

If anyone has any info on why, please share. I would like to know for the future.

thanx,
LoJACK
 
Upvote 0 Downvote
Not sure however this suggestion might help you in the future. Change the appropriate group policy to NOT DEFINED and then from a DOS prompt run:

secedit /refreshpolicy user_policy

Then wait around 5 minutes. It wouldn't hurt to then restart the server. THEN... change the policy back to whatever it should be according to your network security standards. Repeat policy with secedit etc...

Tell users to restart their computers (or you do this at night when they have all gone home and when they log on the next morning they should pick up all the corrected policies.

Hope this has helped in some way.
GOOD LUCK :)
 
Upvote 0 Downvote
This is a long shot, but I had the same type problem YEARS ago with a brand new server. Brought it online, and after a couple of weeks, some users couldn't authenticate. Problem got worse and worse, until users could only authenticate to our novell side of the network. One user did manage to log on to the domain, (2 dc's running ms, one server was novell), while I was re-booting the new server. Turned off the new server, all users could authenticate to the domain. Turns out the new server had a nic going bad, and was sending out bad packets. Replaced the nic, all users authenticated. Check your nics for sending/recieving good/bad packets.

Glen A. Johnson
Johnson Computer Consulting
"I only know that I know nothing."
Socrates (47-399 BC); Greek philosopher

Want to get great answers to your Tek-Tips questions? Have a look at FAQ219-2884
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

techbrain1
  • Locked
  • Question
Trust relationship issue 1
Replies
3
Views
136
araheusaff
araheusaff
pomazip
  • Locked
  • Question
Windows Server 2019 mac address issue
Replies
2
Views
146
pomazip
pomazip
telecotek1
  • Locked
  • Question
strange DNS issue
Replies
1
Views
76
telecotek1
telecotek1
Till
  • Locked
  • Question
Domain Admin Login Mail Notification
Replies
1
Views
39
technome
technome
DrB0b
  • Locked
  • Question
Terminal Server issues doing anything network related after RDPing into
Replies
3
Views
74
DrB0b
DrB0b

Part and Inventory Search

Sponsor

Back
Top