The computer you are signing into is protected by an authentication firewall. The specified account is not allowed to authenticate to the computer.
1. Login to local domain controller where the resource (workstation) resides. Open AD Users and computers – switch to Advanced Features view.
Find the workstation you are trying to login to – right click – properties – security tab.
2. Under group or Usernames – click Add.
3. Select Locations – select domain that contains the user account trying to login.
4. Enter username – click OK – authenticate with account that has access.
5. Select user – then in permissions for user select “allow” for allowed to authenticate. Finished!
In the past, you could use the IISADMPWD to make a website for your Active Directory users to change passwords. That functionally is no more with Server 2012 and higher. At the time – we didn’t have the funds to buy a password reset solution for our department so I found another way. Using remote desktop services – RD Web Access you can accomplish the same thing for free. Below is my tutorial on how to do this.
Windows Server Active Directory users password change website:
You can safely delete these .errlog files but first you need to investigate the most recent ones and take the appropriate actions. If you need to recover space immediately then copy the most recent few logs to an alternate location and then you delete all of them on the DPM server.
If you want to have a password reset website for your users but don’t want to purchase a 3rd party solution – you can still do this using Microsoft 2012 Server.
How to setup a password reset website using Server 2012 RD Web
Choose a server to install this role. For my environment, I chose to use the print server.
1. Install RD Web Access from the Remote Desktop Services. Remote desktop to your server (I’m installing this on my print server) and open Server Manager. Add Roles and Features – Next – Remote Desktop Services installation – Next.
In my experience, as long as you do not install the RD Licensing then the RD password reset website that we are going to configure next will continue to work after the 119 days.
Setting up the website and related configurations for domain password reset
When someone needs to change their password I now send them this link and they can do it remotely.
From Server Manager – click Manage – Add Roles and Features.
Click Next and Next on Select installation type for Role-based installation.
Select the server you want to install your first domain controller – click next. Place a check in Active Directory Domain Services.
Click Add Features on the box that pops up for ADDS.
Domain Controller Options – choose your forest and domain functional level. In this example, I am going with Windows Server 2016 because I don’t need to add any older DCs. Specify domain controller capabilities – Select DNS and GC is already added if this is your first DC. Choose and enter a DSRM password and click Next.
Verify and click Next on the Paths page. Review your options and click Next. Prerequisites Check – review the results and click Install.
For the purpose of this tutorial we will be using Hyper-V but you can just as easily use VMware. *Note* you should have basic familiarity with creating VM’s for this tutorial.
1. Create your new virtual machine using Hyper-V.
2. Once the new VM is installed, make all the necessary changes and updates for your environment: Time zone, machine name (example dc01) run windows updates, etc. Add Roles to VM to install Domain Controller.
3. From Server Manager – Go to Manage – Add Roles and Features.
4. Click next – next on role based – select your server and click next.
5. Select Active Directory Domain Services.
6. Click “Add Features” on the box that pops up.
7. Click next – click next on features page – click next on AD DS – click install on confirmation page.
8. Click Close after installation has succeeded.
9. You will now notice a yellow triangle at the top right of the Server Manager
Click it to view the Post-deployment Configuration Options and click Promote this server to a domain controller.
10. In deployment configuration – Choose Add a new forest if this is your first DC in a new domain and specify your root domain.
11. Choose your Forest and Domain functional levels, Add DNS and choose your DSRM password.
13. Verify or enter your NetBIOS domain name (in this example it was “steveshoemake”). Click next.
14. Verify your Paths for the AD DS database, log files, and SYSVOL – click next.
15. Review your selections and then click next if they are correct for your environment.
16. After the Prerequisite checks pass – click Install. Wait for it to complete and reboot the server.
17. Login to the new domain controller – open Active Directory Users and Computers and begin setting up your domain users etc.