Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Win2K Server-Logon Type failure. 2

Status
Not open for further replies.
prepresshelp

prepresshelp

IS-IT--Management
Oct 28, 2002
2
US
When trying to connect to a windows 2000 server shared directory from a windows 2000 professional, a window appears:

"Workgroup

\\server-18 is not accessible

Logon Failure: the user has not been granted the requested logon type at this computer.

OK."

Previously this connection worked and until recently became a problem.

I am logged on to the server (locally) as an administrator and my user account is defined as an administrator. I even tried deleting and re-creating an account and the same error occurs.

After some time, i happened to come across programs: administrative tools:local security policy: local policies: user rights assignment: access this computer from the network.

I double click this and no users or groups are listed. I click add and add administrators, users etc.. I click ok. I go to a remote station and i try to connect and it is successful.

Kicker: If i restart the server (where the accouts are located) then all remote access is denied again. I go back to "user rights assignment" and my entries are empty. I reenter the accounts and access is reestablished.

To sum it all up, why are my security or accounts policies deleted?

There is no domain server in this network. I am running this server for accounting software (server-client). FTP service, using microsoft IIS and software to do tape backups. Network options include, appletalk, netbeui and tcp/ip. OS has been update with all of the most recent windows updates including service pack 3.
 
Sort by date Sort by votes
It turns out that my server was infected with a number of viruses and trojan horses. One in particular was that a bot apparently installed and IRC (internet relay chat) application that can be automatically updated remotely by hackers and such.

I ran norton antivirus but it only found some viruses, it wasn't until i went to and ran the free virus scan on my server and it pointed out that there was a trojan on my server.
 
Upvote 0 Downvote
Hey there PREPRESSHELP, I have this same problem. I found and removed the trojan a while back but am still having this security problem did you find a way to fix it? Or did it seem to fix when you removed the Trojan?

Also, I have a number of folders named with invalid names such as "." or ".." or " ". Do you have any idea how to delete these? Did you have to rebuild your machine?

Thanks for the help.
Scott
 
Upvote 0 Downvote
I am having the same problem. I have deleted the infected files, and updated the registry, but the Trojan Horse keeps coming back. I did a format and reinstall and as soon as i put Norton AV back on it found the Trojan again. How did you guys solve this problem?
 
Upvote 0 Downvote
Hmmm,
I resemble this thread in two areas, the Message 534 and a Trojan/Worm/Zombie bot in my IIS.
1. Yesterday, my Intranet users lost access to an IIS5 SQL2K Ado driven application, with the app returning security event 534 and the out of process .\IWAM_servername being the victim. The security & net guys have been pushing domain level policies...
2. a. Ony my home development box, I was running IIS5 on W2KPro, with Norton OEM AV 2000. (I thought I was safe.... ha ha). I surfed via dial up, for gaming development stuff, etc., as well as web and windows development stuff. No Warez sites or such, mainly tip & advice sites like this and MFG or top line game sites.
b1. I stumbled across a good price (lt $10) for Ontrack (now V-Communications) System Suite 4.0. Got it, installed it and updated to the current patch level. Kept on surfing for a while. AND THEN...
b2. SS4 is bundled with Oem versions of Trend Micro AV and Sygate firewall. One day, The firewall went off with an alarm. I hadn't shut down IIS before going online, and IIS was trying to talk to an external site! The site was in a block assigned to a Chinese site, and had Nimda_JS all over the IP address only (no domain name could be found)...
b3. No scanner, spyware or any other product found the Nasty application or whatever. I got rid of it by uninstalling IIS and wiping all the relevant directories and browser caches.... The only thing I kept was pure HTML and graphics, and those were in my site development library.

So, who knows what's going on with the 534??

Hal
 
Upvote 0 Downvote
[thumbsup2] Hooray!!
After begging security and net admin bosses to have someone look at the problem, and being put on the back burner, I found the problem after 5+ hours of trolling the net:

. . . it looks like the IWAM account is out of sync in the following locations, all on the webserver
IIS Metabase
Local Users and Groups
Component Services

this is described in KB 297989
PRB: Configured Identity Is Incorrect for IWAM Account at

A related problem on high protection out of process sites is: KB 296851
PRB: Error "User Password/Validation Failed" When You Set IIS 5.0 Application to High (Isolated)at

Now all I gotta do is the Config management docs to give to THOSE WHO APPROVE....

-h [hourglass]
 
Upvote 0 Downvote
this error may be display when trying to connect to network share 'The user has not been granted the requested logon type at this computer' as a result of the TROJ_NENET.A virus, basically it makes changes to the local security policy in w2k.

To resolve this problem: on the remote computer, select
Administrative Tools>Local Security Settings>Local Policies>user rights assignment, right-click on 'Access this computer from the network>Properties>Add Users or Groups, add everyone or any users you want to be able to access the computer from the network.
 
Upvote 0 Downvote
I'm having the exact same problem with a similar network (e.g. no domain server). Has anyone found a solution to this problem?
 
Upvote 0 Downvote
I still have the problem with my database in the original configuration. We are currently pointing the ASP pages to another server that does work with a copy of the original SQL 2K database.
I have a suspect that there could be some MDAC issues that would be at the root of this, but haven't been granted "permission" to take the box down with our best network tech and diagnose it. I just keep hoping and praying....
A couple more MS KB articles (I found recently) that are somewhat relevant to this login issue are:

Server Application Error Message: "The server failed to load application"
(297519) - When you attempt to browse the Active Server Pages (ASP) content of an Internet Information Services (IIS) version 5.0 Web server, you may receive the following error messages in the Event Viewer System log: Event ID: 10004; Source: DCOM DCOM got...
FP: Error Messages When You Try to Open Webs While IUSR Account or IWAM Account Is Turned Off
(321448) - If you try to open a Web site on a Microsoft Internet Information Services (IIS) Web server by using the FrontPage client while either the IUSR_computer or IWAM_computer account is turned off, you may receive error messages in the FrontPage client...
[yoda]
-hal
- Feel the Farce, Luke!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Russtoleum
  • Locked
  • Question
Windows client can't connect to sonicwall l2tp server
Replies
0
Views
84
Russtoleum
Russtoleum
xwray
  • Locked
  • Question
PIX 501 DHCP Server function
Replies
0
Views
61
xwray
xwray
HopnDude
  • Locked
  • Question
Forefront on Server 2008, External IP Issue.
Replies
1
Views
63
HopnDude
HopnDude
Spork52
  • Locked
  • Question
Is this secure? Serving content from two servers with SSL
Replies
3
Views
87
ChrisHirst
ChrisHirst
katheer4u
  • Locked
  • Question
Pix 501 authenticate data server config
Replies
0
Views
38
katheer4u
katheer4u

Part and Inventory Search

Sponsor

Back
Top