Today I came across a weird issue. When logging on to a Domain Controller (2008 R2) I was presented an ‘Access is denied’ error. Weirdly enough this happened after the authentication took place.
There were no related events to be found in the event viewer. Looking at the domain controller policies and running tools like dcdiag/nltest (using psexec) didn’t provide any clues either.
So I decided to try to start the domain controller in DSRM “Directory Restore Mode” and tried to logon (.administrator). It worked, I was in again. Next I rebooted the server (normal boot) and was able to login using domain credentials.
After searching the internet for similar issues I came across a forum where users had the same issue. It seems the McAfee antivirus client was preventing me from logging on.
Update your McAfee client to the latest version. In my case I was using McAfee VirusScan 8.8 patch 5. If this didn’t help, boot into DSRM followed by a reboot.
Tip: If you don’t remember the DSRM password it can be reset by ntdsutil.