Solved: Hello, everybody. I am

zubkoff_s · ‎09-24-2013

Hi, everybody.

In test infrastructure I have:

3 EV servers (EV9)

OS:Windows Server 2003R2.

For day-to-day work I use random one of them and log in with Vault Service Account.

But recently I've lost opportunity to log in to EV2 server, it looks like immediately after I put my credential, server starts log off operation and RDP session is broken. Server still work, everything OK.

https://www.google.com.ua/#q=immediately+logged+off+after+logging+in

From EV point of view - everything work perfect, I can observe it from EV1 and EV3, all task run. Also I can manage this server remotely through remote Windows Management Console. Sure, I checked event log, there aren't suspicious activity.

I know, it looks like Windows issue (I am sure, that is Windows issue), and in Internet there are lot of articles with similar issue. The problem is: I can't log in to EV2 with Vault Service Account, but I can with any another domain accounts. Sure, I can assign EV rights to this user, and use it for administrative task for EV, but I want to figure out with this issue.

Some recommendations, which were provided by Internet community not applicable for my infrastructure. For example, I can't just delete account folder on the disk, because I have services, which Run As from Vault Service Account. If I spoke about typical\regular domain user account, I would delete account folder from disk and that is all. But Vault Service Account isn't regular user, it has dependencies, etc.

I used to have idea to re-assign EV services to another account, renamed profile folder and tried to log in again. (And re-assign services back)

Any idea how to solve my issue?

P.S.: Even if it is test infrastructure, I can't do there some destructive changes. ;

zubkoff_s · ‎09-26-2013

Hello, everybody.

I am really happy to inform you that problem was solved.

Vault Service Account was a member of some suspicious local groups. I think some 3-rd party vendor provide some application for EV. A lot of people have access to it and can make the changes because this is test environment

I will let you know as soon as I figure out which application was provided these groups, and what is the final purposes of these groups

These groups present on all EV servers, but Vault Service Account was a member of these groups only on EV2.

And one of the interesting things - any investigation method didn't show that something wrong, even Process Monitor.

View solution in original post

Rob_Wilcox1 · ‎09-24-2013

What about deleting the Vault Service Account windows' profile?

Working for cloudficient.com

EdLacey · ‎09-24-2013

I vaguely recall having a similar isssue some time ago. Installing the User Profile Hive Cleanup Service resolved it. Worth a try in your case......

http://www.microsoft.com/en-gb/download/details.aspx?id=6676

zubkoff_s · ‎09-25-2013

What about deleting the Vault Service Account windows' profile?

It was impossible to delete windows profile from disk, so I:

1. Stopped all related services (Enterprise Vault xxxxx).
2. Rename Vault Service Account profile folder.
3. Tried to log in again.

The same result. New profile folder were created, but as soon as I put my credential server started log in and log off.

Also I rebooted machine before tried to use "clear" profile.

All EV-related services still in Disable mode, I want to avoid any impact.

Any ideas?

Installing the User Profile Hive Cleanup Service resolved it. Worth a try in your case......

I am investigating this tool functionality. Based on description I have some doubts that this tool can help me. Because I haven't troubles with log off, I have with log in.

But anyway I'll try to use it as soon as I have evidence that there isn't impact on system.

Thanks.

Nate_D1 · ‎09-26-2013

Could you check to see that the vault service account is still in the Administrators group of EV2? Possibly remove and re-add it while the services are down? Can you check your 'log on to' properties in AD for the VaultService account (just incase).

Are there services running as the vault service account on EV2?

Thinking of a few of the simple things first :)

Rob_Wilcox1 · ‎09-26-2013

Might also be worth raising a support call with Microsoft.

Working for cloudficient.com

zubkoff_s · ‎09-26-2013

Hello, everybody.

I am really happy to inform you that problem was solved.

Vault Service Account was a member of some suspicious local groups. I think some 3-rd party vendor provide some application for EV. A lot of people have access to it and can make the changes because this is test environment

I will let you know as soon as I figure out which application was provided these groups, and what is the final purposes of these groups

These groups present on all EV servers, but Vault Service Account was a member of these groups only on EV2.

And one of the interesting things - any investigation method didn't show that something wrong, even Process Monitor.

Rob_Wilcox1 · ‎09-26-2013

That's good news that you managed to resolve the issue.

But, just being a member of some local groups won't cause the issue? Surely something is configured, like a Deny Logon Locally or something?

Working for cloudficient.com

Nate_D1 · ‎09-26-2013

Heyo! So it was something simple :) Right on, glad its fixed.

zubkoff_s · ‎09-26-2013

Deny Logon Locally

As you remember Rob, if this setting is configured, than user gets appropriate notification during log in. But in my case it looked like system accepted my credential, but strated log off immediatelly.

I will let you know, who provided this groups. At least it isn't famous groups, because Google didn't provide me any information for groups names...

And group policy from all EV were identical. I will check tomorow Local GPO settings and any link for these groups.

Thantks that following up this topic.

zubkoff_s · ‎11-05-2013

Unfortunately and as usual, nobody knows purposes of these groups...Nobody knows who , when and why created these groups and added ev service account there.

VOX

Unable login to EV server with Vault Service Account.