Strange error during login on Windows Server 2012

Discussion in 'Windows Server' started by kabino, Jul 12, 2016.

  1. kabino

    kabino MDL Member

    Nov 13, 2013
    158
    615
    10
    #1 kabino, Jul 12, 2016
    Last edited by a moderator: Apr 20, 2017
  2. 100

    100 MDL Expert

    May 17, 2011
    1,346
    1,542
    60
    That's not German :p
    Anyway, the error message isn't very specific. See what the event log has to say about the logon attempt.
     
  3. kabino

    kabino MDL Member

    Nov 13, 2013
    158
    615
    10
    #3 kabino, Jul 12, 2016
    Last edited by a moderator: Apr 20, 2017
    (OP)
    Server is located in German but S.O. is in italian because i'm from Italy.

    I check event log and on first login there's this voice:

    Code:
    Privilegi speciali assegnati a nuovo accesso.
    
    
    Soggetto:
        ID sicurezza:        VE1077\Prova
        Nome account:        Prova
        Dominio account:        VE1077
        ID accesso:        0x198E1E4
    
    
    Privilegi:        SeSecurityPrivilege
                SeTakeOwnershipPrivilege
                SeLoadDriverPrivilege
                SeBackupPrivilege
                SeRestorePrivilege
                SeDebugPrivilege
                SeSystemEnvironmentPrivilege
                SeImpersonatePrivilege
    Then this:

    Code:
    Accesso di un account non riuscito.
    
    
    Soggetto:
        ID sicurezza:        NULL SID
        Nome account:        -
        Dominio account:        -
        ID accesso:        0x0
    
    
    Tipo di accesso:            3
    
    
    Account il cui accesso non è riuscito:
        ID sicurezza:        NULL SID
        Nome account:        Administrator
        Dominio account:        WIN-3FOND43065A
    
    
    Informazioni sull'errore:
        Motivo dell'errore:        Nome utente sconosciuto o password errata.
        Stato:            0xC000006D
        Stato secondario:        0xC000006A
    
    
    Informazioni sul processo:
        ID processo chiamante:    0x0
        Nome processo chiamante:    -
    
    
    Informazioni di rete:
        Nome workstation:    WIN-3FOND43065A
        Indirizzo di rete di origine:    -
        Porta di origine:        -
    
    
    Informazioni di autenticazione dettagliate:
        Processo di accesso:        NtLmSsp 
        Pacchetto di autenticazione:    NTLM
        Servizi transitati:    -
        Nome pacchetto (solo NTLM):    -
        Lunghezza chiave:        0
     
  4. 100

    100 MDL Expert

    May 17, 2011
    1,346
    1,542
    60
    Security log events probably aren't that relevant (second one is about a wrong password, if it matters).
    My guess is you'd have to see some errors or warnings in the "system" log.
     
  5. kabino

    kabino MDL Member

    Nov 13, 2013
    158
    615
    10
    #5 kabino, Jul 12, 2016
    Last edited by a moderator: Apr 20, 2017
    (OP)
    there aren't errors in the system log but in the application yes:

    Code:
    Impossibile copiare il file \\?\C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Help.lnk nel percorso \\?\C:\Users\Prova\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Help.lnk. L'errore può essere dovuto a problemi di rete o a diritti di sicurezza insufficienti. 
    
     DETTAGLI - Accesso negato.
    Code:
    Impossibile trovare il profilo locale. Per l'accesso sarà utilizzato un profilo temporaneo. I cambiamenti apportati al profilo andranno persi dopo la disconnessione.
    Code:
    Impossibile eseguire l'accesso perché non è stato possibile caricare il profilo dell'utente. Verificare che il computer sia connesso alla rete e che la rete funzioni correttamente. 
    
    
     DETTAGLI - Richiesta ReadProcessMemory o WriteProcessMemory completata solo parzialmente.
    
     
  6. 100

    100 MDL Expert

    May 17, 2011
    1,346
    1,542
    60
    #6 100, Jul 12, 2016
    Last edited by a moderator: Apr 20, 2017
    Okay, first error indicates that it's unable to copy the file, which is probably an indication of incorrect permissions on either the source or target path (and could therefore fail the creation of the user profile directory).
    If that issue applies to new user accounts, maybe the permissions on the default profile are wrong. What's the output of the following command?
    Code:
    icacls "C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Help.lnk"
    Also, it's generally a good idea to post any error codes or event log IDs that are mentioned, since those are language-independent. It's not particularly easy trying to make sense of foreign-language error messages.
     
  7. LiteOS

    LiteOS MDL Expert

    Mar 7, 2014
    1,433
    547
    60
    delete the profile
    what the error im not sure
     
  8. kabino

    kabino MDL Member

    Nov 13, 2013
    158
    615
    10
    #8 kabino, Jul 12, 2016
    Last edited by a moderator: Apr 20, 2017
    (OP)
  9. 100

    100 MDL Expert

    May 17, 2011
    1,346
    1,542
    60
    #9 100, Jul 12, 2016
    Last edited by a moderator: Apr 20, 2017
  10. kabino

    kabino MDL Member

    Nov 13, 2013
    158
    615
    10
    sorry:

    C:\Users\Administrator>icacls "C:\Users\Default\AppData\Roaming\Microsoft\Window
    s\Start Menu\Programs\System Tools\Help.lnk"
    C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System To
    ols\Help.lnk NT AUTHORITY\SYSTEM:(F)


    BUILTIN\Administrators:(F)


    NT AUTHORITY\SERVIZIO DI RETE:(F)


    Elaborazione completata per 1 file. Elaborazione non riuscita per 0 file


    C:\Users\Administrator>
     
  11. 100

    100 MDL Expert

    May 17, 2011
    1,346
    1,542
    60
    #11 100, Jul 12, 2016
    Last edited by a moderator: Apr 20, 2017
    That's not right, because regular users (not just admins and system) should have access to that file as well.

    However, since that one file's ACL is wrong I'd assume that (for whatever reason) other files/dirs in the default profile may have incorrect ACLs as well, and for that reason I'd consider it appropriate to restore ACLs for the entire default profile from the install image.

    To do that you'll have to obtain the "sources\install.wim" file from the Server 2012 install media (ISO) and mount it, e.g. to c:\_mount:
    Code:
    mkdir c:\_mount
    dism /mount-image /imagefile:install.wim /index:4 /mountdir:c:\_mount /readonly
    Then you can save ACLs from the mounted dir and apply them to your local one:
    Code:
    icacls c:\_mount\users\default /save c:\default.acl /t /c /l /q
    icacls c:\users /restore c:\default.acl /c /l /q
    (may have errors for files/dirs owned by System or TrustedInstaller, but in those cases, chances are that the ACLs are still properly set)

    Unmount image:
    Code:
    dism /unmount-image /mountdir:c:\_mount /discard

    Re-copying the entire default profile from the installation image would probably also work, but would break the WinSxS hardlinks and remove any profile customizations that may be present, so I'd try the ACL restore first.
     
  12. LatinMcG

    LatinMcG Bios Borker

    Feb 27, 2011
    5,392
    1,465
    180
    net user administrator /active:no
    administrator is unused.
     
  13. 100

    100 MDL Expert

    May 17, 2011
    1,346
    1,542
    60
    Disabling the user account that OP is using while unable to create other accounts... yeah, that sure sounds like a great idea. :doh:
     
  14. LatinMcG

    LatinMcG Bios Borker

    Feb 27, 2011
    5,392
    1,465
    180
    ohh thought he was on his account.. not translating well from spanish point of view to italian :p
    windows repair portable in safemode should do the trick.. add new user in safemode.
     
  15. kabino

    kabino MDL Member

    Nov 13, 2013
    158
    615
    10
    #15 kabino, Jul 13, 2016
    Last edited: Jul 13, 2016
    (OP)
    ehmm with this command you can't login anymore with remote desktop connection. Appear an error about a wrong password.

    EDIT: anyway i tried but same error during login with a new account.
     
  16. 100

    100 MDL Expert

    May 17, 2011
    1,346
    1,542
    60
    #16 100, Jul 13, 2016
    Last edited by a moderator: Apr 20, 2017
  17. kabino

    kabino MDL Member

    Nov 13, 2013
    158
    615
    10
    i launched command on CMD but there's this error:

    Microsoft Windows [Versione 6.3.9600]
    (c) 2013 Microsoft Corporation. Tutti i diritti riservati.


    C:\Windows\system32>psexec.exe \\blablabla -s -e -u "ve1077\
    Cacca" net.exe user administrator /active:yes
    "psexec.exe" non è riconosciuto come comando interno o esterno,
    un programma eseguibile o un file batch.


    C:\Windows\system32>
     
  18. 100

    100 MDL Expert

    May 17, 2011
    1,346
    1,542
    60
    The command-line interpreter doesn't know about every single executable file on your machine. You'll have to tell it where to find psexec.exe, e.g. by using its full path instead of only "psexec.exe".
     
  19. 100

    100 MDL Expert

    May 17, 2011
    1,346
    1,542
    60
    #20 100, Jul 13, 2016
    Last edited by a moderator: Apr 20, 2017
    Uh, okay. That would be LocalAccountTokenFilterPolicy blocking access. o_O

    I'm afraid you're going to need remote KVM, if available, and boot to safe mode. Log in with administrator and re-enable the account:
    Code:
    net.exe user administrator /active:yes