Windows-Server-2008

在 Windows 2008 上執行 Apache 作為服務 - 不允許登錄的帳戶

  • November 9, 2015

不是 Windows 專家,所以我希望我只是在這裡遺漏了一些簡單的東西……好吧,這是我的場景:

我正在嘗試使用名為“ApacheSu”的新本地帳戶在我們的 Windows 2008 伺服器上執行 Apache,這是一個使用者的成員。

該帳戶通過組策略被授予“作為服務登錄”和“作為作業系統的一部分”權限,這是 Apache 文件要求的,用於將 Web 伺服器作為服務執行。

當我將 Apache 服務切換為以我的本地帳戶登錄時,該服務無法啟動,因為該帳戶“不允許在此電腦上登錄”。

故障資訊部分的狀態為 0xc000006e(狀態帳戶限制),子狀態為 0xc0000070(工作站限制)。

0xc000006e的翻譯如下:

1. The username and password are correct, but there is an account restriction on the user account (such as valid workstation, valid logon hours, etc.). The value under SubStatus should provide the restriction details.
2. Active Directory Replication may not be complete

這是 0xc0000070 的翻譯:

1. The user is trying to logon from a machine they aren’t assigned to.
2. Active Directory replication may not be complete

第二項對兩個狀態程式碼都是通用的,但據我所知,Active Directory 組不包括本地帳戶,所以我認為這不是問題。(但是,我不是網路工程師或系統管理員。)狀態表明子狀態應提供詳細資訊。子狀態表示使用者正在嘗試從未分配給他們的電腦登錄。這對我來說似乎沒有意義,因為該帳戶是機器本地的….我不確定在設置 Apache 以作為服務執行時是否遺漏了什麼,或者是否有政策或權限問題。有任何想法嗎?感謝您提供的任何幫助…以下是事件日誌的全文:

Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          10/15/2015 5:05:58 PM
Event ID:      4625
Task Category: Logon
Level:         Information
Keywords:      Audit Failure
User:          N/A
Computer:      Y99WS.xxxx.something.com
Description:
An account failed to log on.

Subject:
   Security ID:        SYSTEM
   Account Name:       Y99WS$
   Account Domain:     xxxx
   Logon ID:       0x3e7

Logon Type:         5 

Account For Which Logon Failed:
   Security ID:        NULL SID
   Account Name:       ApacheSu
   Account Domain:     Y99WS

Failure Information:
   Failure Reason:     User not allowed to logon at this computer.
   Status:         0xc000006e  
   Sub Status:     0xc0000070  

Process Information:
   Caller Process ID:  0x230
   Caller Process Name:    C:\Windows\System32\services.exe

Network Information:
   Workstation Name:   Y99WS
   Source Network Address: -
   Source Port:        -

Detailed Authentication Information:
   Logon Process:      Advapi  
   Authentication Package: Negotiate
   Transited Services: -
   Package Name (NTLM only):   -
   Key Length:     0

This event is generated when a logon request fails. It is generated on the computer where access was attempted.

The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).

The Process Information fields indicate which account and process on the system requested the logon.

The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
   - Transited services indicate which intermediate services have participated in this logon request.
   - Package name indicates which sub-protocol was used among the NTLM protocols.
   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
 <System>
   <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
   <EventID>4625</EventID>
   <Version>0</Version>
   <Level>0</Level>
   <Task>12544</Task>
   <Opcode>0</Opcode>
   <Keywords>0x8010000000000000</Keywords>
   <TimeCreated SystemTime="2015-10-15T21:05:58.353398000Z" />
   <EventRecordID>2212241</EventRecordID>
   <Correlation />
   <Execution ProcessID="568" ThreadID="1436" />
   <Channel>Security</Channel>
   <Computer>Y99WS.xxxx.something.com</Computer>
   <Security />
 </System>
 <EventData>
   <Data Name="SubjectUserSid">S-1-5-18</Data>
   <Data Name="SubjectUserName">Y99WS$</Data>
   <Data Name="SubjectDomainName">xxxx</Data>
   <Data Name="SubjectLogonId">0x3e7</Data>
   <Data Name="TargetUserSid">S-1-0-0</Data>
   <Data Name="TargetUserName">ApacheSu</Data>
   <Data Name="TargetDomainName">Y99WS</Data>
   <Data Name="Status">0xc000006e</Data>
   <Data Name="FailureReason">%%2312</Data>
   <Data Name="SubStatus">0xc0000070</Data>
   <Data Name="LogonType">5</Data>
   <Data Name="LogonProcessName">Advapi  </Data>
   <Data Name="AuthenticationPackageName">Negotiate</Data>
   <Data Name="WorkstationName">Y99WS</Data>
   <Data Name="TransmittedServices">-</Data>
   <Data Name="LmPackageName">-</Data>
   <Data Name="KeyLength">0</Data>
   <Data Name="ProcessId">0x230</Data>
   <Data Name="ProcessName">C:\Windows\System32\services.exe</Data>
   <Data Name="IpAddress">-</Data>
   <Data Name="IpPort">-</Data>
 </EventData>
</Event>

它似乎是 HKLM\System\CurrentControlSet\Control\LSA\crashonauditfail 系統資料庫項。在安全事件日誌填滿後它被設置為 2,並且不允許非管理員登錄到電腦,即使在清空日誌後也是如此。

引用自:https://serverfault.com/questions/730009