The customer noticed that their Windows Server 2016 Site Servers tend to lose their [Task] registration. The customer noticed that if they Enable the Anonymous Authentication on the ClientTaskServer object in IIS, it allowed the [2016] Site Server to register itself and also allow clients to register to it. Show Note: Starting with ITMS 8.1 release, the ClientTaskServer web object has its Anonymous Authentication set to Disabled by default. The customer uses an ACC account (Altiris Connectivity Credentials), which is a Local Account to his machines. When we try from the browser to access this page (when anonymous authentication is disabled): he gets a prompt page for credentials, he adds the ACC account and it displayed this page after trying 3 times: HTTP Error 401.1 - Unauthorized You do not have permission to view this directory or page using the credentials that you supplied. If we try using the AppID account, which is a domain account, when IE prompts for credentials, we get the expected registration page. One thing that we saw in the Security Event logs on the Task Server when a client machine is trying to register to the task server is this: An account failed to log on. Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 Account For Which Logon Failed: Failure Information: An account failed to log on. Subject: Logon Type: 3 Account For Which Logon Failed: Failure Information: Process Information: Network Information: Detailed Authentication Information: This event is generated when a logon request fails. It is generated on the computer where access was attempted. The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network). When "Checking Password" on a Windows AD account you receive the following error: Gathering the check details for managed_accountaccount on AD-DC... Checking the password for managed_accountaccount on AD-DC(Windows System) using winad... Error: Win32::OLE(0.1601) error 0x8007052e: "Logon failure: unknown user name or bad password" in METHOD/PROPERTYGET "OpenDsObject" - Logon failure: unknown user name or bad password. The stored password for managed_accountaccount DOES NOT MATCH the managed_account system! Processed the password check for managed_account on AD-DC in 0.640625 seconds or Gathering the check details for managed_account on dc.yourdomain.com... Checking the password for managed_account on dc.yourdomain.com(Windows System) using winad... Checking account object, connecting as yourdomain.com\administrator... Done (0X8007052E) Logon failure: unknown user name or bad password. The stored password for managed_account DOES NOT MATCH the managed_account system! [MM/DD/YYYY HH:MM:SS] Processed the password check for managed_account on dc.yourdomain.com in 6.7246094 seconds You are able to reset the password on the account using the functional account. "Current Status" shows "Test Result: Mismatch" for the Password Check Results. When checking the Security Event logs on the DC (Domain Controller.), you may see a Event 4625 "An account to log on" with the following failure information. "Failure Information: How do I fix logon failure the user has not granted the requested logon type at this computer?To resolve this issue, edit the Access this computer from the network local policy on the desktop to restore the "Users" access group or add one or more user and group values to provide the required access. Alternatively this can be configured using Group Policy.
What is 0XC000015B?0XC000015B. The user has not been granted the requested logon type (also called the logon right) at this machine.
What has not been granted the requested logon type at this computer?To solve “The user has not been granted the requested logon type at this computer” error, you should make sure that the login user and all groups that belong to are allowed to log on locally to this computer.
What is causing event ID 4625?Event ID 4625 (viewed in Windows Event Viewer) documents every failed attempt at logging on to a local computer. This event is generated on the computer from where the logon attempt was made.
|