不是一个Windows大师,所以我希望我只是在这里错过一些简单的东西…好的,这是我的场景:
我试图在我们的Windows 2008服务器上运行Apache,使用一个名为“ApacheSu”的新用户帐户。
根据Apache文档的要求,该帐户被授予“作为服务login”和“作为操作系统的一部分”权限,以便将Web服务器作为服务运行。
当我切换Apache服务以本地帐户login时,服务无法启动,因为帐户“不允许在此计算机上login”。
失败信息部分给出状态0xc000006e(状态帐户限制)和子状态0xc0000070(工作站限制)。
0xc000006e的翻译如下:
1. The username and password are correct, but there is an account restriction on the user account (such as valid workstation, valid logon hours, etc.). The value under SubStatus should provide the restriction details. 2. Active Directory Replication may not be complete 这是0xc0000070的翻译:
1. The user is trying to logon from a machine they aren't assigned to. 2. Active Directory replication may not be complete
第二个项目是两个状态代码通用的,但据我所知,Active Directory组不包含本地帐户,所以我不认为这是问题。 (但是,我不是一个networking工程师或系统pipe理员。)状态表明这个子状态应该提供细节。 子状态表示用户正在尝试从未分配给他们的计算机login。 这对我来说似乎没有任何意义,因为这个帐户是本地的机器….我不知道我是否错过了设置Apache作为服务运行,或者是否有一个政策或权限问题。 有任何想法吗? 感谢您提供的任何帮助…以下是事件日志中的全文:
Log Name: Security Source: Microsoft-Windows-Security-Auditing Date: 10/15/2015 5:05:58 PM Event ID: 4625 Task Category: Logon Level: Information Keywords: Audit Failure User: N/A Computer: Y99WS.xxxx.something.com Description: An account failed to log on. Subject: Security ID: SYSTEM Account Name: Y99WS$ Account Domain: xxxx Logon ID: 0x3e7 Logon Type: 5 Account For Which Logon Failed: Security ID: NULL SID Account Name: ApacheSu Account Domain: Y99WS Failure Information: Failure Reason: User not allowed to logon at this computer. Status: 0xc000006e Sub Status: 0xc0000070 Process Information: Caller Process ID: 0x230 Caller Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Y99WS Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon request fails. It is generated on the computer where access was attempted. The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network). The Process Information fields indicate which account and process on the system requested the logon. The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" /> <EventID>4625</EventID> <Version>0</Version> <Level>0</Level> <Task>12544</Task> <Opcode>0</Opcode> <Keywords>0x8010000000000000</Keywords> <TimeCreated SystemTime="2015-10-15T21:05:58.353398000Z" /> <EventRecordID>2212241</EventRecordID> <Correlation /> <Execution ProcessID="568" ThreadID="1436" /> <Channel>Security</Channel> <Computer>Y99WS.xxxx.something.com</Computer> <Security /> </System> <EventData> <Data Name="SubjectUserSid">S-1-5-18</Data> <Data Name="SubjectUserName">Y99WS$</Data> <Data Name="SubjectDomainName">xxxx</Data> <Data Name="SubjectLogonId">0x3e7</Data> <Data Name="TargetUserSid">S-1-0-0</Data> <Data Name="TargetUserName">ApacheSu</Data> <Data Name="TargetDomainName">Y99WS</Data> <Data Name="Status">0xc000006e</Data> <Data Name="FailureReason">%%2312</Data> <Data Name="SubStatus">0xc0000070</Data> <Data Name="LogonType">5</Data> <Data Name="LogonProcessName">Advapi </Data> <Data Name="AuthenticationPackageName">Negotiate</Data> <Data Name="WorkstationName">Y99WS</Data> <Data Name="TransmittedServices">-</Data> <Data Name="LmPackageName">-</Data> <Data Name="KeyLength">0</Data> <Data Name="ProcessId">0x230</Data> <Data Name="ProcessName">C:\Windows\System32\services.exe</Data> <Data Name="IpAddress">-</Data> <Data Name="IpPort">-</Data> </EventData> </Event>
它似乎是HKLM \ System \ CurrentControlSet \ Control \ LSA \ crashonauditfailregistry项。 安全事件日志填充后,它被设置为2,即使在清空日志之后也不允许非pipe理员login到计算机。