Cannot logon to domain or local computer

[dspeciale]

I have two computers on the domain (windows xp pro) that cannot connect and cannot logon to the domain or local computer by either using the persons account or the Admin account.

The error I get is:
"The local policy of this system does not permit you to logon interactively"

I cannot manage the computers from computer management.
I cannot figure this one out!

In domain security policy:
log on locally - Account Operators,Administrators,Authenticated Users,Server Operators,Users

Deny logon locally - not defined

In local security policy:
Log on locally - Authenticated Users,WESTHILLS\TsInternetUser,WESTHILLS\Guest,Users,Power Users,Backup Operators, Administrators, WESTHILLS\IUSR_SERVER Account Operators,Administrators,Authenticated Users,Backup Operators,IUSR_SERVER,Print Operators,Server Operators,TsInternetUser,Users

Deny logon locally - nothing


With the second one i get an error trying to logon (locally / domain) that the domain controller cannot be found.

 

[linney]

Anything here?

841188 - "The local policy of this system does not permit you to logon interactively" error message when you try to log on to a computer that is running Windows Small Business Server 2003 by using an Administrator account

http://support.microsoft.com/?kbid=841188

245172 - Err Msg: Could Not Find Domain Controller for This Domain

http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q245172

 

[dspeciale]

First link i think doesn't apply - I don't have windows 2003 and the Administrator does not belong to remote group.

There is only one server in our network with windows 2000.

There were 20 other machines with this error and i put not defined in deny logon locally and everyone else was able to log back on except two machines.

 

[dspeciale]

On one computer,

This is the exact message I get when trying to logon to the Domain with the Administrator acct:

"Windows cannot connect to the domain, either because the domain controller is down or otherwise unavailable or because your computer account is not found. Please try again later."

The other one, all i get is
"The local policy of this system does not permit you to logon interactively"

I cannot get to either machine remotely.

 

[linney]

Here's everything Google has on those messages.

http://www.google.com/search?source...ccount+is+not+found.+Please+try+again+later."

http://groups.google.com/groups?sou...ccount+is+not+found.+Please+try+again+later."

http://www.google.com/search?source...m+does+not+permit+you+to+logon+interactively"

http://groups.google.com/groups?sou...m+does+not+permit+you+to+logon+interactively"

 

[1101001100110101]

Have you tried booting to safe mode, logging in as the local admin and removing the computer from the domain? Once you do that you should be able to restart, login to the local machine again as the local admin and rejoin the domain.

 

[theguru97321]

I have had this issue in the past.

The "Local Login denied" error. On the server you need to run NTRIGHTS (comes with the resource kit) with the following command line..

ntrights -m \\[PC's NAME] -u [USER or GROUP (EVERYONE)] +r SeInteractiveLogonRight

if you need ntrights email me at admin at caddadvantage dot com.

As far as the can't find the domain, it's an IP issue I'd suspect.

 

[dspeciale]

When I try to use the ntrights command i get this error:

'NTRIGHTS' is not recognized as an internal or external command, operable program or batch file.

I have the program in the Resource Kit folder.
Is it supposed to be somewhere else?

 

[dspeciale]

Ok I put it in the WINNT folder and got this:

C:\DOCUME~1\ADMINI~1>ntrights -m \\[GATEWAYSER] -u [danielle] +r SeInteractiveLogonRight
Granting SeInteractiveLogonRight to [danielle] on \\[GATEWAYSER]OpenPolicy:

***Error*** OpenPolicy -1073610729

 

[theguru97321]

Just make sure you're in the same folder as the executable when you run it from the command prompt on the server.

 

[theguru97321]

remove the ['s from the command line.

 

[dspeciale]

Still get the same error with out the [

My last option was to reformat - guess that's next.