Microsoft KB Archive/281648

From BetaArchive Wiki
Knowledge Base


Error Message: The Account Is Not Authorized to Login from This Station

Article ID: 281648

Article Last Modified on 3/1/2007



APPLIES TO

  • Microsoft Windows 2000 Service Pack 1
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Service Pack 1



This article was previously published under Q281648

SYMPTOMS

When you attempt to join a Windows 2000-based computer to a Microsoft Windows NT 4.0-based domain, you may receive the following error message:

The following error occurred attempting to join the domain "domainname": The account is not authorized to login from this station.

CAUSE

This behavior can occur because the Local Group Policy, specifically those in the Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options folder have a restrictive setting.

Some of the policies that may cause this behavior are:

  • Digitally sign client communications (always)
  • Digitally sign server communications (always)
  • Digitally sign server communications (when possible)
  • LAN Manager Authentication Level set to Send LM and NTLM - use NTLMv2 session security if negotiated
  • Secure channel: Digitally encrypt or sign secure channel data (always)
  • Secure channel: Require strong (Windows 2000 or later) session key


RESOLUTION

To work around this behavior, set the values back to what they would be if a clean install had occurred.

Examine the preceding policies and set them back to their default settings.

The default settings of these policies are:

  • Digitally sign client communications (always) - disabled
  • Digitally sign server communications (always)- disabled
  • Digitally sign server communications (when possible) - disabled
  • LAN Manager Authentication Level set to Send LM and NTLM - use NTLMv2 session security if negotiated - (default) send LM & NTLM responses
  • Secure channel: Digitally encrypt or sign secure channel data (always) - disabled
  • Secure channel: Require strong (Windows 2000 or later) session key - disabled

Restart your computer and you should be able to join the domain.

STATUS

This behavior is by design.

Keywords: kberrmsg kbenv kbprb KB281648