Michiel Elderson
Netflex Blog
Issue
Today I came across a weird issue. When logging on to a Domain Controller (2008 R2) I was presented an ‘Access is denied’ error. Weirdly enough this happened after the authentication took place.
There were no related events to be found in the event viewer. Looking at the domain controller policies and running tools like dcdiag/nltest (using psexec) didn’t provide any clues either.
Solution
So I decided to try to start the domain controller in DSRM “Directory Restore Mode” and tried to logon (.administrator). It worked, I was in again. Next I rebooted the server (normal boot) and was able to login using domain credentials.
After searching the internet for similar issues I came across a forum where users had the same issue. It seems the McAfee antivirus client was preventing me from logging on.
Conclusion
Update your McAfee client to the latest version. In my case I was using McAfee VirusScan 8.8 patch 5. If this didn’t help, boot into DSRM followed by a reboot.
Tip: If you don’t remember the DSRM password it can be reset by ntdsutil.
Link: https://technet.microsoft.com/nl-nl/library/cc754363(v=ws.10).aspx
Bas Wanrooij
Erik van der Spek
Joeri Klaassen
Michiel Elderson
Paul de Jongh
Stefan ten Hoeve
Thomas Boudesteijn
Leave a Comment