03 April 2017

The Group Policy Client service failed the logon - Access is denied

I recently had a client who was receiving this error when he was trying to log into his domain account:


The fix for this is rather simple and straight-forward, however it's rather nasty if you don't know what to do.  The following steps can be followed to resolve this issue:


  • Login with another account, preferably a Domain Admin account
    • This should work as the issue is with the profile, not the computer
  • Create a local account on the machine and ensure it's also a local administrator
  • Remove the machine from the domain
  • Login as the local account you just created
  • Rename the profile name in C:\Users 
    • I would usually create a new folder called "Backup" and then move the profiles into there
  • Open Start Menu and search for Regedit
  • Open the following location
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

  • Click on the different SIDs until you find the one that has Profile Path which is related to the user that's having problems

  • Right-click the SID and export it just to make sure you have a copy

  • Delete the SID

  • Join the computer back to the domain
    • I had deleted the computer object from AD and I even renamed the computer
  • Login as the user who was having problems
  • Should be working perfectly now.

14 comments:

  1. This comment has been removed by the author.

    ReplyDelete
  2. I read this blog, a Nice article...Thanks for sharing and waiting for the next...
    Data Science Course in Chennai
    Data Science Training in Chennai

    ReplyDelete


  3. Hey friend, it is very well written article, thank you for the valuable and useful information you provide in this post. Keep up the good work! FYI, please check these depression, stress and anxiety related articles.
    How to Build a Portfolio with ETFs, My vision for India in 2047 postcard, Essay on Unsung Heroes of Freedom Struggle

    ReplyDelete