Unable to logon interactively

By jeff ·

New here but need some help, hope someone can as this is doing my head in ever so slightly.

I have a 2003 SBS Domain, yesterday everything was fine and dandy, today however is a different matter.

The problem is this, when I attempt to logon locally to the DC I get the error "A local policy on this system does not permit you to logon interactively".
Now while this message in itself is not a big deal, it just so happens that it is a message that is being displayed from the local console.
I can not logon remotely to it either, yesterday I could do both.

The only thing that has changed since yesterday and today is that I had to uninstall Sharepoint Server 2007 and v3 as they were not working properly.

To add to the confusing circumstances surrounding this, this morning I logged on locally to the DC to check the backup, I managed to login fine, I then logged out.
After which I needed to log in again because I could not log in remotely and I intended to find out what the problem was.
This was when I got this message, I therefore logged into the server locally as my backup domain admin account and got it fine, I checked the policies etc, nothing wrong, I logged out then back in again, I got the message again using my backup Domain Admin account, this now means that both my Domain Admin accounts are unable to log onto the server either remotely or locally, which presents a little bit of an issue really!

I have found a way set the policies back to when the server was first installed by using the Security analyser and configuration snap in for the MMC, but I'm not ready to reset everything just yet.
I have tried ntrights, but it looks as if you can no longer use the SelInteractiveLogon parameter any more, I did try to give an account Backup Operators rights just so I could log in but that never worked, I just got an error.

I have just installed this server only at the begining of this month and the backup tapes have not been working that well so I'm not really sure if I can rely on those.

The worst thing that could happen is that I have to reinstall the server and set it up again from scratch, I'm hoping not to do this however and hoping that one of you nice people out there may have come across this and found a way out of it rather than performing a rebuild.

Any and all help is most gratefully received and welcome.

With thanks in advance


This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

A thought

by HomusOnline In reply to Unable to logon interacti ...

I am not great with domains and rights, but can you view the domain admin account with the backup operator account? Even if it is read-only, maybe see if something is still attached to the domain admin from the sharepoint you removed.

It just seems like the removal of sharepoint may have left some policy or connection residue that may be affecting accounts that were associated with it. Hence you do not get the error when you log in as backup operator because it would not have been a part of the installation/removal.

Collapse -

Backup operator

by jeff In reply to A thought

Hi HomusOnline,

Thanks for the reply but I do not have an account that has been given Backup Operators permissions applied to it I'm afraid.

I think you maybe misread my original post.
I attempted to use ntrights to give an account Back Operators permissions to do just this as I can't logon using the Admin acount, but ntrights just throws up an error and can't perform the action, I can provide the rather long error code if anyone wants it.

The reason why there is no Backup Operator is that I am the only person that has access to the server in this way.
I do have backup Admin accounts in the event that something happens to my primary but alas this has affected both these accounts leaving me high and dry so to speak.

the server in all other resects is operational, all users can logon etc, I can't however.

Any other thoughts?

Collapse -


by doepain In reply to Backup operator

Have you tried to install all of the user CALs?

Though I think this is more of an issue with trust relations. Was this a clean build SBS server with a branfd new domain etc? Or, did you attempt to restore an SBS server/domain by recreated an identical domain (same name, same server name)?

Collapse -

remote admin is restricted to 1 session per account.

by CG IT In reply to Unable to logon interacti ...

and if you don't disconnect the session, you can't log in again. There is a 2 session limit for all remote admin sessions. So if you logged in on 1 account, didn't disconnect it, log in on another account, you've reached the session limit.

try telneting in, then force a logoff of all sessions.

then you should be able to log in. Rebooting the server has the same effect.

Related Discussions

Related Forums