09-09-2003 02:27 PM - edited 03-10-2019 07:28 AM
The failed log has the error 'External DB Account Restriction'. I have the Permit dial in permsion enabled which was the only thing i could find on that one. In the auth.log i get the following (see below) there is a line that states 'Windows Authentication Succesful' followed by a line 'LookupAccountSidA failed' followed by 'User 'TESTAD\testguy1' was not authenticated'. I have not been able to figure out what the second call is that failed. LookupAccountSidA and why it says succesful then failed.
AUTH 09/09/2003 12:07:31 I 0425 1180 AuthenProcessResponse: process response for 'TESTAD\testguy1' against Windows NT/2000
AUTH 09/09/2003 12:07:31 I 0360 1180 External DB [NTAuthenDLL.dll]: Starting MSCHAP authentication for user [TESTAD\testguy1]
AUTH 09/09/2003 12:07:31 I 0360 1180 External DB [NTAuthenDLL.dll]: Attempting Windows authentication for user testguy1
AUTH 09/09/2003 12:07:31 I 0360 1180 External DB [NTAuthenDLL.dll]: Windows authentication SUCCESSFUL (by PDC)
AUTH 09/09/2003 12:07:31 E 0360 1180 External DB [NTAuthenDLL.dll]: LookupAccountSidA failed
AUTH 09/09/2003 12:07:31 I 1591 1180 Unknown User 'TESTAD\testguy1' was not authenticated
AUTH 09/09/2003 12:07:31 I 5081 1180 Done RQ1027, client 6, status -2046
AUTH 09/09/2003 12:07:31 I 5094 1180 Worker 6 processing message 43.
AUTH 09/09/2003 12:07:31 I 5081 1180 Start RQ1027, client 6 (127.0.0.1)
AUTH 09/09/2003 12:07:31 I 0425 1180 AuthenProcessResponse: process response for 'TESTAD\testguy1' against Windows NT/2000
AUTH 09/09/2003 12:07:31 I 5081 1180 Done RQ1027, client 6, status -1058
09-09-2003 08:13 PM
My guess is you're running SP4 on this machine, which is not supported by ACS (only up to SP3) and will give you this error. Downgrade to SP3 and it should work fine.
Let me know if you're not running SP4 as we'll have to look elsewhere, but I've seen this a couple of times already and it was due to SP4 and downgrading resolved the problem.
09-10-2003 06:24 AM
both the ACS and AD are running SP3. I installed all the latest critical updates before starting my testing do you have any idea what fix in sp4 causes the problems?
Thank,
Mark
09-12-2003 08:10 AM
The problem was an permissions issue with the ACS servcie account, I didn't troubleshoot it completly. Makeing the ACS server a DC (it was a domain member server) solved the problem. I assume the issue has to do with the permissions given in the 'Local Security Policy', 'Domain COntroler Security Policy', or 'Domain Security Policy'.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide