Users fail to log into RWW with Password error.

Symptoms

Some users are unable to log into Remote Web Access. When reviewing the RemoteAccess.log in C:\Program Files\Windows Small Business Server\Logs\WebApp you will see the following Exception

[7048] 110223.145509.5871: RemoteAccess: [Identity] Login failed; Error Code: 0x80131500
[7048] 110223.145509.5880: Exception:
---------------------------------------
An exception of type 'Type: Microsoft.WindowsServerSolutions.Web.Security.LogonException, Wssg.Web.Internal, Version=6.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' has occurred.
Timestamp: 02/23/2011 14:55:09
Message: Unknown logon failure
Stack:    at Microsoft.WindowsServerSolutions.Web.Security.SBSMembershipProvider.OnLogin(String username, String password)
    at Microsoft.WindowsServerSolutions.Web.Security.WssgMembershipProviderBase.Login(String username, String password)
    at Microsoft.WindowsServerSolutions.Web.RemoteAccessSite.LogOnHelper.LoginUser(String name, String password)


You should also see the following event in the security log.

Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          2/23/2011 4:33:06 PM
Event ID:      4625
Task Category: Logon
Level:         Information
Keywords:      Audit Failure
User:          N/A
Computer:      SBS2011.tailspintoys.local
Description:
An account failed to log on.

Subject:
 Security ID:  NETWORK SERVICE
 Account Name:  SBS2011$
 Account Domain:  TAILSPINTOYS
 Logon ID:  0x3e4

Logon Type:   8

Account For Which Logon Failed:
 Security ID:  NULL SID
 Account Name:  Username
 Account Domain:  tailspintoys.local

Failure Information:
 Failure Reason:  User not allowed to logon at this computer.
 Status:   0xc000006e
 Sub Status:  0xc0000070

Process Information:
 Caller Process ID: 0x3f0
 Caller Process Name: C:\Windows\System32\inetsrv\w3wp.exe

Cause

This error can occur If you have set up Log on to restrictions on the user account you are attempting to log in with AND you do not have the SBS server listed as a machine they are allowed to log on to.

Resolution

Add the SBS server in the Log on to rights on the properties of the user account in AD

More Information

RWA will return proper messages for 4 Logon failures: Password has expired, Password Must be changed, Wrong Password, and Account is Disabled. For all other logon failures it will return unknown.
Properties

Article ID: 2514286 - Last Review: Mar 18, 2011 - Revision: 1

Feedback