Services and scheduled tasks cannot log on if a smart card is not present in Windows Server 2003

Article translations Article translations
Article ID: 889505 - View products that this article applies to.
Expand all | Collapse all

SYMPTOMS

In Microsoft Windows Server 2003, when you click to select the Smart card is required for interactive logon check box in the properties of all the user accounts in Active Directory Users and Computers, you expect that users who log on interactively must supply a smart card to log on. However, services and scheduled tasks that use an account to log on also cannot log on if a smart card is not present.

In this scenario, you see events that are similar to the following when you view the Security log in Event Viewer:

EVENTID: 531
Category: "LOGON/LOGOFF"
Logon Failure:
Reason: Account currently disabled
User Name: Name_Of_Service_Or_scheduled_Task
Domain: Domain
Logon Type: 4
Logon Process: Advapi
Authentication Package: Negotiate
Workstation Name: Computer_Name

This problem can affect client computers that are running Windows Server 2003, Microsoft Windows XP, or Microsoft Windows 2000.

CAUSE

This issue occurs because the Smart card is required for interactive logon account option applies to all logon types except the network logon type. This option does not apply only to interactive logons.

WORKAROUND

To work around this issue, click to clear the Smart card is required for interactive logon check box for the user accounts that services and scheduled tasks use to log on to the network. To do this, follow these steps:
  1. Start Active Directory Users and Computers.
  2. Click Users.
  3. In the right pane, right-click the user account of a service or scheduled task, and then click Properties.
  4. Click the Account tab, and then in the Account Options list, click to clear the Smart card is required for interactive logon check box.
  5. Click Apply, and then click OK.
  6. Repeat steps 3 through 5 for each user account that is used by a service or scheduled task.

MORE INFORMATION

Logon types include the following:
  • Interactive
  • Network
  • Batch
  • Service
  • Proxy
  • Unlock workstation

Properties

Article ID: 889505 - Last Review: October 30, 2006 - Revision: 1.3
APPLIES TO
  • Microsoft Windows Server 2003, Web Edition
  • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
  • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
  • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
  • Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
  • Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
  • Microsoft Windows XP Professional
  • Microsoft Windows 2000 Professional Edition
Keywords: 
kbtshoot kbprb KB889505

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com