Microsoft KB Archive/889505

= Services and scheduled tasks cannot log on if a smart card is not present in Windows Server 2003 =

Article ID: 889505

Article Last Modified on 10/30/2006

-

APPLIES TO


 * Microsoft Windows Server 2003, Web Edition
 * Microsoft Windows Server 2003, Standard Edition (32-bit x86)
 * Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
 * Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
 * Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
 * Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
 * Microsoft Windows XP Professional
 * Microsoft Windows 2000 Professional Edition

-





SYMPTOMS
In Microsoft Windows Server 2003, when you click to select the Smart card is required for interactive logon check box in the properties of all the user accounts in Active Directory Users and Computers, you expect that users who log on interactively must supply a smart card to log on. However, services and scheduled tasks that use an account to log on also cannot log on if a smart card is not present.

In this scenario, you see events that are similar to the following when you view the Security log in Event Viewer: EVENTID: 531

Category: &quot;LOGON/LOGOFF&quot;

Logon Failure:

Reason: Account currently disabled

User Name:

Domain:

Logon Type: 4

Logon Process: Advapi

Authentication Package: Negotiate

Workstation Name: Computer_Name

This problem can affect client computers that are running Windows Server 2003, Microsoft Windows XP, or Microsoft Windows 2000.



CAUSE
This issue occurs because the Smart card is required for interactive logon account option applies to all logon types except the network logon type. This option does not apply only to interactive logons.



WORKAROUND
To work around this issue, click to clear the Smart card is required for interactive logon check box for the user accounts that services and scheduled tasks use to log on to the network. To do this, follow these steps:
 * 1) Start Active Directory Users and Computers.
 * 2) Click Users.
 * 3) In the right pane, right-click the user account of a service or scheduled task, and then click Properties.
 * 4) Click the Account tab, and then in the Account Options list, click to clear the Smart card is required for interactive logon check box.
 * 5) Click Apply, and then click OK.
 * 6) Repeat steps 3 through 5 for each user account that is used by a service or scheduled task.



MORE INFORMATION
Logon types include the following:
 * Interactive
 * Network
 * Batch
 * Service
 * Proxy
 * Unlock workstation

Keywords: kbtshoot kbprb KB889505

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.