Failed Logins - Token Based Server Access Validation Failed

Hi All-
I am trying to track down, well for lack of a better word (an annoyance).  I have a VM running a proprietary utility (VMware update manager) that connects to a remote SQL VM.  This connection is via a service account that from the surface has the
appropriate permissions.  The setup and utility has been in and is working as it should.  However in our logs we are constantly seeing.
SQL Event Viewer - Login failed for DOMAIN/REMOTESERVERNAME$ Reason: Token-based server access validation failed with an infrastructure error.  Check for previous errors [CLIENT: REMOTEIP OF REMOTESERVERNAME]
Then in the SQL Logs I am seeing the same error and also - ERROR 18546, Severity 14, State 11
I have read dozens of threads - pointing to UAC.  I have elevated SSMS via UAC and allowed it to run as administrator.  Also ran as admin, and reapplied the permissions to that service account, db_owner
What I have read is about AD/user account.  However in this case I am seeing the remote server name, not service account.  Got me thinking a service is running as network or local system, and phoning home to SQL.  However everything I see
is using the service account for that utility.  Also in the event viewer in the security portion for that same time, I see the login and log off as successful.  Could anyone try to point me in the right direction, without flat out adding the servername
to the local SQL VM administrators group.
Thank you in advance for any assistance.

Rather than adding the machine account to the admin group, you could do:
  GRANT CONNECT TO [Domain\Remoteservername$]
And then you could set up a logon trigger that captures information about the login. That would include app_name() as well as the Windows process id. This could help you track exactly which process that is knocking on the door.
Erland Sommarskog, SQL Server MVP, [email protected]

Similar Messages

  • Non-SysAdmins get error 18456 Severity 14 State 11 Login Failed for user _ Reason Token-based server access validation failed with an infrastructure error.

    I have a SQL 2008 R2 system (10.50.4000) where I'm having problems connecting any user that is not a SysAdmin.  Example: I setup a new SQL Login to use Windows Authentication and grant that user db_datareader on the target database.  The user attempts
    to connect using Excel client or Access or SQL Management Studio and receives Error 18456.  The SQL Server Logs shows Error 18456 Severity 14 State 11 Login Failed for user _ Reason Token-based server access validation failed with an infrastructure error.
    The strange part is that if I temporarily grant the user the sysadmin server role then the user can connect successfully and retrieve data.  But, if I take away that sysadmin server role then the user can no longer connect but again receives the Error
    18456 Severity 14 State 11 Login Failed for user _ Reason Token-based server access validation failed with an infrastructure error.
    We've turned off UAC on the client machine to see if that was the problem, but no change.
    I have dropped and re-added the user's SQL Login (and the related database user login info).  No success.
    The Ring Buffers output shows:
    The Calling API Name: LookupAccountSidInternal
    API Name: LookupAccountSid
    Error Code: 0x534
    Thanks for any help.
    -Walt

    Yes, you understand correctly.  The user is logging onto a workstation (not the server) with a Windows Authenticated id.  The user is using either Excel or Access or SSMS and connecting to the server using a Windows Authenticated SQL Login account.
     If the account has sysadmin role (which is only for testing) then the connection is successful.  If I take away sysadmin role from the account then the connection is unsuccessful and the SQL Server Log shows Error
    18456 Severity 14 State 11 Login Failed for user _ Reason Token-based server access validation failed with an infrastructure error.
    (SQL Authentication is not an option here.  I must use Windows Authentication).
    Any other troubleshooting assistance you can offer would be appreciated.  Thanks.
    -Walt 

  • Token-based server access validation failed with an infrastructure error

    Hi
    We have a new Win 2008 Enterprise x64 server running SQL 2008
    When we try to connect to the server using Windows Authentication, from a user account which is a domain administrator, we get the following message:
    "Token-based server access validation failed with an infrastructure error"
    What needs to be configured here for this to work ?
    Thanks
    Bruce

    Hi,
    I am encountering the same error message but it is more around the login, this problem happens only on one server but it is fine on another three, my investigation show it is a ghost SID associated with AD user account
    Background
        1- An Active Directory (AD) account was created for a user [Domain\UserA]
        2- A SQL login was created for the account above and then granted access to a number of databases
        3- The AD account was renamed/modified to [Domain\UserB]
        At this stage the user would encounter an error when connecting to the server
        The sql log show this error message
        Error: 18456, Severity: 14, State: 11.
        Message
        Login failed for user 'domain\user'. Reason: Token-based server access validation failed with an infrastructure error. Check for previous errors.     [CLIENT: xxx]
    Action on Server 1 SQL (the one with the problem)
        1- Dropped the user from the databases
        2- Re-Created the login from the windows account [Domain\UserB]
        3- Created the user in the respective databases
        But the user still unable to connect to the server
    Investigation
        On server 1, the SID of the user in SYSUSERS was Matching SYSLOGINS and matches with result of SUSER_SID(Domain\UserA)
        But it does not match the SID in the AD
        The rest of the servers all have the correct SIDs
        When I use SUSER_SNAME(Incorrect-Sid) and SUSER_SNAME(Correct-Sid) on this server they both return [Domain\UserB]
        The problematic server is always returning the incorrect SID when recreating the user login and when using SUSER_SID(Domain\UserA) as if it is cached somewhere.
    I can't specify the SID when creating the SQL login because it is using the Windows account
    Your ideas on how to fix this problem are much appreciated
    Regards,
    DGL

  • Computer account error, token-based server access validation failed with an infrastructure error

    I see many issues regarding this error referencing user accounts but our error is generated from the computer account, "DOMAIN NAME\COMPUTER NAME$". They are created frequently. The error does not list a database so we are not sure what is going
    on or what it's trying to do. The computer account in question is a web sever. This is occurring on two separate SQL servers that the web server connects to.

    The error message often indicates a mismatch between the login in SQL Server and the AD. Dropping and readding the login in SQL Server helps in those cases.
    The error can also occur if the account lacks CONNECT SQL permission or CONNECT permission on the endpoint.
    Erland Sommarskog, SQL Server MVP, [email protected]

  • Login failed for user 'domain\laptopid$'. Reason: Token-based server access validation failed with an infrastructure error

    This one has me banging my head against the wall ... Login fails once every second as long as my laptop is logged in (docked or VPN'd) ... Login attempts stop once machine is shut down ... It's a state 11 error ... We have 60+ sql servers (single nodes,
    virtuals, and clusters) and it's only happening on this one box that I have found so far ... What would be attempting a login using my laptop id? When I query ring buffers it says it's a call from NLShimImpersonate but I can't track it down ... We access servers
    via a windows group with sysadm permissions ...  

    No, your laptop is trying to log in. The account domain\laptopid$ is the machine account for your computer. This is a service that runs under Local System, Local Service, Network Service or a service SID.
    I have no idea what you have running on your laptop, but I would place my bets on IIS. But open the Services dialog in Manage Computer and stop once service at a time, until the errors go away.
    Erland Sommarskog, SQL Server MVP, [email protected]

  • BizTalk Published Web Service unable to consume, Token-Based Server access validation error

    Hi, We have developed a BizTalk application and we have published as web service, but when we are trying to consume the application we are getting the an error and its logged
    in event log.
    While deploying we have allowed Anonymous user access for the web services as well.
    Following are the errror details -
    "Login failed for user 'IIS APPPOOL\ASP.NET v4.0 Classic'. Reason: Token-based server access validation failed with an infrastructure error. Check for previous errors. [CLIENT: <local machine>]"
    I tried to change it other App pool as well. It seems an issue with permissions related to BizTalk user's/Group,
    Please suggest which app pool should we select or should we give permissions to App Pools.

    The User of App Pool should be part of "BizTalk Isolated Host Users Group".
    In your case user is "IIS APPPOOL\ASP.NET v4.0 Classic", so either you add this user to BizTalk Isolated Host Users
    Group or create a new App Pool with new user. I would suggest to go for new user specific to BizTalk.
    This permission is required because IIS(App Pool(w3wp.exe)) will be publishing new messages to BizTalk Databases. So they should have required permissions to do that and in BizTalk we have a default group for the same, as suggested by Shankycheil.
    BizTalk Isolated Host Users
    The default name of the first Isolated BizTalk Host Group created by Configuration Manager. Isolated BizTalk hosts not running on BizTalk Server, such as HTTP and SOAP.
    Use one BizTalk Isolated Host Group for each Isolated Host in your environment.
    Contains service accounts for the BizTalk Isolated host instance in the host that the Isolated BizTalk Host Group is designated for.
    BTS_HOST_USERS SQL Server Database Role in the following databases:
    BizTalkMgmtDb
    BizTalkMsgBoxDb
    BizTalkRuleEngineDb
    BizTalkDTADb
    BAMPrimaryImport
    Thanks,
    Prashant
    Please mark this post accordingly if it answers your query or is helpful.

  • Facebook Fail Error 1502 No Server Access

    After getting the new update from RIM v3.0.0.17 everthing worked perfectly till yesterday, i tried goin on facebook in the morning and all i got was a 1502 error. i waited a while to see if time might heal the whole problem but still nothing. After doing nothing the whole day i went to check it out and still it gave me the same 1502 Error. i deleted the new facebook and reinstall but still the 1502 error was still there. i went to RROYY archive to look for the old version of facebook but it wasnt there,. the only thing i found there was the latest version of Facebook which i didnt want. somebody please help me!! Now facebook works and then stops working and then it works for like 5 seconds and then goes back to being problematic... feeling like trashing the **bleep** thing and getting a decent Android phone sometimes...

    Hello all,
    For those wishing to find a way to fall back to a prior AW version, be aware that officially there are typically two versions available to you:
    The most recent version, available at (from your BB Browser) http://blackberry.com/appworld/download
    The version originally packaged with your OS:
    KB14473 How to install an application on a BlackBerry smartphone using the BlackBerry Desktop Software
    Anything between those two would require some 3rd party hosting something "out there" on the Internet.
    For those wishing that, by posting in this forum, RIM will see and respond to your pleas, please re-read the Ts and Cs of this site. This site is not a channel for any formal communication to/from RIM. Rather, this site is a user-to-user community of volunteers helping other users to the best of their abilities. RIM desires, I am sure, to read everything posted here, but I have my doubts as to their ability to do so. But, for certain, you should expect no formal response from them on this site, for that is contradictory to the charter of this site.
    Rather, if you wish to create a groundswell of pressure on RIM, then using the formal support channels, to which you agreed when you obtained your BB services, would be the way to go -- formal escalation from your mobile service provider. They are 100% responsible for all of your formal support, and can escalate into RIM for things they cannot resolve. The more complaints that arrive at the carriers, the more likely the carriers are to put pressure on RIM. That is how the formal support channel works, and you agreed to that model when you signed up for BB services from your carrier.
    Good luck!
    Occam's Razor nearly always applies when troubleshooting technology issues!
    If anyone has been helpful to you, please show your appreciation by clicking the button inside of their post. Please click here and read, along with the threads to which it links, for helpful information to guide you as you proceed. I always recommend that you treat your BlackBerry like any other computing device, including using a regular backup schedule...click here for an article with instructions.
    Join our BBM Channels
    BSCF General Channel
    PIN: C0001B7B4   Display/Scan Bar Code
    Knowledge Base Updates
    PIN: C0005A9AA   Display/Scan Bar Code

  • Failed Login Notification via SMTP

    Hello,
    I am looking for a way to generate an SMTP message in response to a failed login attempt (admin interface access or failed user login attempt). Any suggestion on how I might make this happen is appreciated.
    Thanks.

    Hi.
    I'm not sure what device type you're talking about, but if it's SNMP capable, most IOS devices support traps on failed logins, or if that's not supported, and syslogging is, the device (again, if running IOS) can send a syslog trap for the failed login attempt to a NMS server that supports email notification of events (such as Ciscoworks (LMS)-Device Fault Manager).
    Is this the kind of thing you're looking for?
    HTH,
    -Joe

  • Inventory service does not start 610 failed login

    L.S.
    Netware 6.5, SP6
    ZEN 7.01SP1IR1
    Sybase database
    Standalone server
    My inventory service does not start. I've looked around but did not yet find the solution. I did have an error I've read nothing about:
    logger screen: java:Class com.novell.....ZENWorksInventoryservicemanager exited with status -1
    C1, Inventory service object shows 610: database location policy is not configured (but it is)
    NRM: health, failed login: user: .CN=Server package_ZENSERVER:Netware:ZENDateBase.O=context.T= tree
    Any suggestions
    Thomas Roes

    Thomasroes,
    either of these help?
    http://www.novell.com/support/php/se...1%200%20506894
    http://www.novell.com/support/php/se...1%200%20506894
    Shaun Pond

  • SADMIN User-Id failed logins while running srvrmgr

    Hi All,
    Need help with one of my Customers running srvrmgr command against gateway.
    Customer had installed siebel environment 15 days back and it was working fine. Suddenly, from easter week end seeing sadmin id failing and locking out. Customer is running srvrmgr and see sadmin user-id failed logins with ONLY siebel gateway up, and siebel server down.
    1.He is able to run odbcsql with sadmin id/pwd fine
    2.With sadmin/pwd srvrmgr connects fine, all command line operations are fine. But see sadmin failing in nameserver log file.
    3.I see 2 separate sadmin connections in name server log file which is weird, one with 'sadmin' works fine no failed logins and second with 'SADMIN' which fails. Below are log snapshots. Has anyone seen this issue before
    1. Below error messages suggest login with SADMIN is failing:
    SecAdptLog Debug 5 000000034dbf2a6c:0 2011-05-03 15:18:35 Invoking SecurityLogin with username=SADMIN ...
    SecAdptLog Debug 5 000000034dbf2a6c:0 2011-05-03 15:18:35 ODBC security adapter configured: connectstring='SBA_81_DM1_DSN', tableowner='siebel', GlobalConnections=.
    DBCLog DBCLogDetail 4 000000034dbf2a6c:0 2011-05-03 15:18:35 Dynamically loading ODBC library functions
    DBCLog DBCLogDetail 4 000000034dbf2a6c:0 2011-05-03 15:18:35 Successfully loaded ODBC library functions
    SQLTraceAll SQLTraceAll 4 000000034dbf2a6c:0 2011-05-03 15:18:35 (SQLAllocEnv) Env Handle: 150212040, Time: 0.140ms
    SQLTraceAll SQLTraceAll 4 000000034dbf2a6c:0 2011-05-03 15:18:35 (SQLAllocConnect) Env Handle: 150212040, Conn Handle: 150215192, Time: 0.044ms
    SQLConnectOptions Allocate Connection 4 000000034dbf2a6c:0 2011-05-03 15:18:35 (SQLAllocConnect) Conn Handle: 150215192, Time: 0.044ms
    SQLTraceAll SQLTraceAll 4 000000034dbf2a6c:0 2011-05-03 15:18:46 (SQLConnect) Conn Handle: 150215192, Time: 10.184s
    DBCLog DBCLogError 1 000000034dbf2a6c:0 2011-05-03 15:18:46 [DataDirect][ODBC 20101 driver][20101]ORA-01017: invalid username/password; logon denied
    SecAdptLog Debug 5 000000034dbf2a6c:0 2011-05-03 15:18:46 username=SADMIN : authentication failed due to :
    [DataDirect][ODBC 20101 driver][20101]ORA-01017: invalid username/password; logon denied
    2. Below messages confirm login with sadmin user-id is working fine.
    SecAdptLog Debug 5 000000074dbf2a6c:0 2011-05-03 15:19:06 Invoking SecurityLogin with username=sadmin ...
    SecAdptLog Debug 5 000000074dbf2a6c:0 2011-05-03 15:19:06 ODBC security adapter configured: connectstring='SBA_81_DM1_DSN', tableowner='siebel', GlobalConnections=.
    SQLTraceAll SQLTraceAll 4 000000074dbf2a6c:0 2011-05-03 15:19:06 (SQLAllocEnv) Env Handle: 150006904, Time: 0.062ms
    SQLTraceAll SQLTraceAll 4 000000074dbf2a6c:0 2011-05-03 15:19:06 (SQLAllocConnect) Env Handle: 150006904, Conn Handle: 151411016, Time: 0.011ms
    SQLConnectOptions Allocate Connection 4 000000074dbf2a6c:0 2011-05-03 15:19:06 (SQLAllocConnect) Conn Handle: 151411016, Time: 0.011ms
    SQLTraceAll SQLTraceAll 4 000000074dbf2a6c:0 2011-05-03 15:19:06 (SQLConnect) Conn Handle: 151411016, Time: 0.046s
    SQLTraceAll SQLTraceAll 4 000000074dbf2a6c:0 2011-05-03 15:19:06 (SQLGetInfo) Conn Handle: 151411016, Time: 0.040ms
    SQLTraceAll SQLTraceAll 4 000000074dbf2a6c:0 2011-05-03 15:19:06 (SQLSetConnectOption) Conn Handle: 151411016, Time: 0.034ms
    SQLConnectOptions Set Connection Option 4 000000074dbf2a6c:0 2011-05-03 15:19:06 (SQLSetConnectOption) Handle: 151411016, Time: 0.034ms
    SQLConnectOptions Set Connection Option Detail 5 000000074dbf2a6c:0 2011-05-03 15:19:06 (SQLSetConnectOption) Option: 1041, Param: 1090553352
    SQLTraceAll SQLTraceAll 4 000000074dbf2a6c:0 2011-05-03 15:19:06 (SQLSetConnectOption) Conn Handle: 151411016, Time: 0.013ms
    SQLConnectOptions Set Connection Option 4 000000074dbf2a6c:0 2011-05-03 15:19:06 (SQLSetConnectOption) Handle: 151411016, Time: 0.013ms
    SQLConnectOptions Set Connection Option Detail 5 000000074dbf2a6c:0 2011-05-03 15:19:06 (SQLSetConnectOption) Option: 1042, Param: 1090553361
    SecAdptLog Debug 5 000000074dbf2a6c:0 2011-05-03 15:19:06 username=sadmin : authentication succeeded.
    SecAdptLog Debug 5 000000074dbf2a6c:0 2011-05-03 15:19:06 username=sadmin : retrieving responsibilities...
    Many Thanks,
    Chaitanya

    Hi Chaitanya,
    Exactly.
    Check for some scheduled batch processes or some repeating jobs which may use this SADMIN Id & Pwd.
    Even I have the experienced this SADMIN account locking and I found that one of my repeating job using the SADMIN Id and its locking the ID frequently, even I unlocked the account.
    Try cancelling the job and create new one.
    Regards,
    Guna M

  • SQL Failed login Report - SSRS or HTML

    Working on to create SSRS or HTMl Report for Failed Login from more then one server. 
    1) Get all Failed login information with server name and store it into one table 
    2) Create SSRS report. 
    Or If anyone has better script and Idea..
    Thanks 
    Please Mark As Answer if it is helpful. \\Aim To Inspire Rather to Teach A.Shah

    Hi,
    You can use the sp_readerrorlog to get the current error log and only return failed logins. See:
    Auditing Failed Logins in SQL Server
    Simply, you can add multiple data sources and datasets with sp_readerrorlog stored procedure. The number of them depends on the number of SQL Servers which you want to audit. And add multiple tables in your report with the corresponding datasets in your
    report.
    You can use PowerShell to retrieve the information from multiple servers. It is similar to the method which mentioned in the following articles:
    Check the Last SQL Server Backup Date using Windows PowerShell
    http://www.mssqltips.com/sqlservertip/1784/check-the-last-sql-server-backup-date-using-windows-powershell/
    Retrieve a List of SQL Server Databases and their Properties using PowerShell
    http://www.mssqltips.com/sqlservertip/1759/retrieve-a-list-of-sql-server-databases-and-their-properties-using-powershell/
    Automate collection and saving of failed logins for SQL Server
    http://www.mssqltips.com/sqlservertip/1750/automate-collection-and-saving-of-failed-logins-for-sql-server/
    Hope the information helps.
    Tracy Cai
    TechNet Community Support

  • Serial records:Lot/Serial validation failed.  Please check log for details

    Hi,
    Received error while performing Quantity On Hand Conversion at MTL_TRANSACTIONS_INTERFACE table,
    "Serial records:Lot/Serial validation failed. Please check log for details."
    Perfomred following steps,
    1) Inserted data at MTL_TRANSACTIONS_INETRFACE table
    2) Executed "INV_TXN_MANAGER_PUB.process_Transactions"
    Working on Oracle EBS R12..
    Inventory Items having above mentioned error are not Lot Controlled and Serial Number generation is set to "At Receipt" . Can anyone tell, what is the cause of the error and where log file is created ?

    Hi;
    What is EBS version? Please see:
    ROI Fails with WMSINB-23840:Lot/Serial Validation Failed. Please Check Log for Details [ID 352570.1]
    Regard
    Helios

  • SQL Server Agent running SSIS package fails Unable to determine if the owner of job has server access

    I have a web application developed through VS 2012 which has a button on a form that when operated starts a SQL Server agent job on the server that runs an SSIS package.  The website and the instance of SQL Server with the agent and SSIS package are
    on the same windows 2008 r2 server.  When the button is operated no exceptions are raised but the SSIS package did not execute.
    When I look in the logfileviewer at the job history of the sql server agent job I see that the job failed with message...
    The job failed.  Unable to determine if the owner (DOMAINNAME\userid) of job runWebDevSmall has server access (reason: Could not obtain information about Windows NT group/user 'DOMAINNAME\userid'<c/> error code 0x6e. [SQLSTATE 42000] (Error 15404)).,00:00:00,0,0,,,,0
    ...even though DOMAINNAME\userid is in the logins for the sql server and has admin authorities.
    Could someone show me what I need to do to get this to run?  Thanks tonnes in advance for any help, Roscoe

    This can happen when the network is too slow to allow a timely completion of the verification. Or the account running has no such right.
    I suggest you try using the SA account for the job as it does not require to poll the AD.
    Arthur My Blog

  • Call into WS Portal to authorize login token Failed

    I have a portlet that allows a user to upload documents to a document folder in a Collaboration project. I have the Login Token set for 30 minutes in the portlets Advanced Admin. However, the function still appears to fail too quickly with the following error.
    An Exception has ocurred during InsertNewDocument()Call into WS Portal to authorize login token 8370|1137526646|h2EZdnRKV bmNS2pEP/avpiz Pw= failed. Details: com.plumtree.remote.prc.PortalException:null; nested exception is: java.rmi.RemoteException: -2147024809 - Error in function PTSession.Reconnect (strToken == '8370|1137526646|h2EZdnRKV bmNS2pEP/avpiz Pw='): -2147024809 - InternalSession.Reconnect(): Invalid token.An Exception has ocurred during InsertNewDocumentCall into WS Portal to authorize login token 8370|1137526646|h2EZdnRKV bmNS2pEP/avpiz Pw= failed. Details: com.plumtree.remote.prc.PortalException:null; nested exception is: java.rmi.RemoteException: -2147024809 - Error in function PTSession.Reconnect (strToken == '8370|1137526646|h2EZdnRKV bmNS2pEP/avpiz Pw='): -2147024809 - InternalSession.Reconnect(): Invalid token.
    How can I Reconnect if the token is no longer valid? Does the user have to refresh the page ?
    Paul
    =http://cgi-clay01.clayton.com/imageserver/plumtree/common/public/css/mainstyle19-en.css]

    I have a portlet that allows a user to upload documents to a document folder in a Collaboration project. I have the Login Token set for 30 minutes in the portlets Advanced Admin. However, the function still appears to fail too quickly with the following error.
    An Exception has ocurred during InsertNewDocument()Call into WS Portal to authorize login token 8370|1137526646|h2EZdnRKV bmNS2pEP/avpiz Pw= failed. Details: com.plumtree.remote.prc.PortalException:null; nested exception is: java.rmi.RemoteException: -2147024809 - Error in function PTSession.Reconnect (strToken == '8370|1137526646|h2EZdnRKV bmNS2pEP/avpiz Pw='): -2147024809 - InternalSession.Reconnect(): Invalid token.An Exception has ocurred during InsertNewDocumentCall into WS Portal to authorize login token 8370|1137526646|h2EZdnRKV bmNS2pEP/avpiz Pw= failed. Details: com.plumtree.remote.prc.PortalException:null; nested exception is: java.rmi.RemoteException: -2147024809 - Error in function PTSession.Reconnect (strToken == '8370|1137526646|h2EZdnRKV bmNS2pEP/avpiz Pw='): -2147024809 - InternalSession.Reconnect(): Invalid token.
    How can I Reconnect if the token is no longer valid? Does the user have to refresh the page ?
    Paul
    =http://cgi-clay01.clayton.com/imageserver/plumtree/common/public/css/mainstyle19-en.css]

  • "account login failed" message when trying to login to SL Server

    Hello,
    I have tried to search the forum, but can't find anything that addresses my problem directly, and hope you might be able to help.
    I work in a school with a mixture of Macs and Windows systems.
    I had a 10.4 server working (on a G5) with Windows only machines (before we got the macs), and have recently updated to an xserve running 10.6. I left the users home folders on the 10.4 server, and demoted it to a Standalone server. I am using the Xserve as an OD Master and Primary Domain Controller. I have created a fresh set of users on the the Xserve using Passenger (using the same short name as previously) and have directed them to their home folder on the 10.4 server. All windows machines can login fine and have access to the to their home folders, but when logging into a Mac they get the "account login failed" message. If I create a home folder for them on the xserve they can log in without problems.
    How can I get the users (when they use the Macs) to get access to their home folder? The client macs are bound to the xserve directory and when I log on as Administer I can connect to the 10.4 server and gain access to the home folders.
    I would be grateful for any ideas, many thanks in advance.

    Hello,
    I have tried to search the forum, but can't find anything that addresses my problem directly, and hope you might be able to help.
    I work in a school with a mixture of Macs and Windows systems.
    I had a 10.4 server working (on a G5) with Windows only machines (before we got the macs), and have recently updated to an xserve running 10.6. I left the users home folders on the 10.4 server, and demoted it to a Standalone server. I am using the Xserve as an OD Master and Primary Domain Controller. I have created a fresh set of users on the the Xserve using Passenger (using the same short name as previously) and have directed them to their home folder on the 10.4 server. All windows machines can login fine and have access to the to their home folders, but when logging into a Mac they get the "account login failed" message. If I create a home folder for them on the xserve they can log in without problems.
    How can I get the users (when they use the Macs) to get access to their home folder? The client macs are bound to the xserve directory and when I log on as Administer I can connect to the 10.4 server and gain access to the home folders.
    I would be grateful for any ideas, many thanks in advance.

Maybe you are looking for