Select the product you need help with

Error message: Users cannot log on to a workstation

Article ID: 160783 - View products that this article applies to.

This article was previously published under Q160783

SYMPTOMS

You receive the following error message when you use a non-Administrative account on a workstation to log on to a domain.

Windows NT-based client computer

Your account is configured to prevent you from logging on and using this workstation. Please try another workstation.

Other Windows-based client computers

The user is not allowed to log on from this workstation.

Depending on the client, the associated network message number 2240 may also be included with the error message.

Windows 2000-based clients may also receive the following error message during an attempt to map a drive letter to the server:

Unable to impersonate using a named pipe until data has been read from that pipe.

Back to the top | Give Feedback

CAUSE

This issue may occur if the security event log is full, and CrashOnAuditFail is enabled. CrashOnAuditFail may be enabled on a Windows NT 4.0 computer if the C2 Configuration Manager (C2Config.exe) has been run on the computer. When the security log size reaches capacity, only administrators can access the server.

This issue may also occur if the user account is configured to log on from specific workstations.

Note The Logon To option is in the User Properties dialog box.

Back to the top | Give Feedback

RESOLUTION

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:

322756

(http://support.microsoft.com/kb/322756/ )

How to back up and restore the registry in Windows

To resolve this issue, clear the security log and run C2CONFIG to reset the CrashOnAuditFail value. To do this, follow these steps:

Restart the computer and log on using an account in the Administrators group.
Use Event Viewer to clear all events from the security log, archiving the currently logged events. For details, see the "Event Viewer" chapter in the Windows NT Workstation or Windows NT Server System Guide.
Click Start, click Run, type regedit in the Open box, and then click OK.
Locate and then delete the
CrashOnAuditFail
registry entry from the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
Quit Registry Editor, and then restart the computer to cause the change to take effect.

Back to the top | Give Feedback

MORE INFORMATION

For additional information about the

CrashOnAuditFail

registry entry, click the following article numbers to view the articles in the Microsoft Knowledge Base:

149393

(http://support.microsoft.com/kb/149393/EN-US/ )

CrashOnAuditFail activates on shutdown with ProcessTracking

178208

(http://support.microsoft.com/kb/178208/EN-US/ )

CrashOnAuditFail with Logon/Logoff Auditing causes blue screen

140058

(http://support.microsoft.com/kb/140058/EN-US/ )

How to prevent auditable activities when security log is full

Back to the top | Give Feedback

STATUS

Microsoft has confirmed that this is a bug in Windows NT version 3.5x and Windows NT version 4.0. Microsoft is researching this problem and will post new information here in the Microsoft Knowledge Base as it becomes available.

Back to the top | Give Feedback