Couldn't log on as the ASPNET user [1385]

Brian DonahueBrian Donahue Posts: 6,590 New member
Hi Aneesh,

The error message for the 1385 error code is very specific, it means that there is a problem with the login type, and in this case, the login type is 'batch'. Taking away the logon as a batch job right is the only way I can reproduce this error.

I'd check to see that there isn't an overriding domain security policy in effect by checking with the domain admins if you are part of a Windows domain. There is also a 'deny logon as a batch job' right that takes precedence over granting the 'logon as a batch job' user right.

If neither one of these resolves the problem, then try turning on security auditing logon events in the audit policy section of the local security policy snap-in. The logon events will then appear in the security log and will probably provide quite a bit more information.

Comments

  • Hi,
    Thank u for ur reply. i've enabled the audit policy and i am getting the eroor
    Event Type: Failure Audit
    Event Source: Security
    Event Category: Logon/Logoff
    Event ID: 534
    Date: 12/28/2004
    Time: 3:25:10 PM
    User: NT AUTHORITY\SYSTEM
    Computer: xxxx
    Description:
    Logon Failure:
    Reason: The user has not been granted the requested
    logon type at this machine
    User Name: Administrator
    Domain: xxxx
    Logon Type: 4
    Logon Process: Advapi
    Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
    Workstation Name: xxxx

    And the aspnet user is configured as Standard User.

    regards..]


    Hi Aneesh,

    The error message for the 1385 error code is very specific, it means that there is a problem with the login type, and in this case, the login type is 'batch'. Taking away the logon as a batch job right is the only way I can reproduce this error.

    I'd check to see that there isn't an overriding domain security policy in effect by checking with the domain admins if you are part of a Windows domain. There is also a 'deny logon as a batch job' right that takes precedence over granting the 'logon as a batch job' user right.

    If neither one of these resolves the problem, then try turning on security auditing logon events in the audit policy section of the local security policy snap-in. The logon events will then appear in the security log and will probably provide quite a bit more information.
  • Brian DonahueBrian Donahue Posts: 6,590 New member
    Hi Aneesh,

    Thanks for sending this information. The error log says that the logon type is '4', which is a batch logon, but the user is not ASPNET. If this is an IIS 5 machine, I'd check the machine.config's (c:\winnt\microsoft.net\Framework\v1.x.xxxx\config\machine.config) ProcessModel section. If the User is configured to be 'SYSTEM', then ASP .net is running under the 'Local System' account rather than ASPNET. If you change this back to 'MACHINE', then ASP .net will be using the ASPNET acccount again.

    Otherwise, you can grant the logon as a batch job right to the LocalSystem account and it should work.
This discussion has been closed.