Microsoft KB Archive/281648

= Error Message: The Account Is Not Authorized to Login from This Station =

Article ID: 281648

Article Last Modified on 3/1/2007

-

APPLIES TO


 * Microsoft Windows 2000 Service Pack 1
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Service Pack 1

-



This article was previously published under Q281648



SYMPTOMS
When you attempt to join a Windows 2000-based computer to a Microsoft Windows NT 4.0-based domain, you may receive the following error message:

The following error occurred attempting to join the domain &quot;domainname&quot;: The account is not authorized to login from this station.



CAUSE
This behavior can occur because the Local Group Policy, specifically those in the Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options folder have a restrictive setting.

Some of the policies that may cause this behavior are:


 * Digitally sign client communications (always)
 * Digitally sign server communications (always)
 * Digitally sign server communications (when possible)
 * LAN Manager Authentication Level set to Send LM and NTLM - use NTLMv2 session security if negotiated
 * Secure channel: Digitally encrypt or sign secure channel data (always)
 * Secure channel: Require strong (Windows 2000 or later) session key



RESOLUTION
To work around this behavior, set the values back to what they would be if a clean install had occurred.

Examine the preceding policies and set them back to their default settings.

The default settings of these policies are:
 * Digitally sign client communications (always) - disabled
 * Digitally sign server communications (always)- disabled
 * Digitally sign server communications (when possible) - disabled
 * LAN Manager Authentication Level set to Send LM and NTLM - use NTLMv2 session security if negotiated - (default) send LM & NTLM responses
 * Secure channel: Digitally encrypt or sign secure channel data (always) - disabled
 * Secure channel: Require strong (Windows 2000 or later) session key - disabled

Restart your computer and you should be able to join the domain.



STATUS
This behavior is by design.

Keywords: kberrmsg kbenv kbprb KB281648

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.