Problem solve Get help with specific problems with your technologies, process and projects.

Active Directory domain logon error

We have an Active Directory domain MAIN and its child domain CHILD. The domain controller for CHILD is CHILD1, which acts as a gateway to MAIN. The CHILD domain computers are not always booted, including the CHILD1 domain controller. Occasionally, when you logon as CHILDadministrator to CHILD1 or any of the computers in that domain, you receive a message box "Error Message: The Local Policy of this system does not permit you to logon interactively." You can logon as MAINadministrator, but not even at the local computer -- there's no other choice in the dropdown.

Can you explain this error? Can you suggest how to avoid this altogether and how to repair it when it happens?

It sounds like an issue with machine accounts. Domain member computers authenticate to the domain when they boot. The computer password is changed periodically and automatically. If computers aren't in touch with their DC frequently, the passwords get out of synch. You may be able to fix this by removing the computer and then rejoining it to the domain. There is also a security option setting in group policy that will prevent the computer password from changing. The problems at the DC of the child domain may occur because of the issues with replication. DCs should never be off the network for any significant amount of time.

Start your research there -- with the DC issue. You might end up having to redo the domain to fix the issue. And then, remember that DCs should not be out of touch with other DCs or other domains in their forest.

This was last published in September 2004

Dig Deeper on Network intrusion detection and prevention and malware removal

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.