I cannot log on with a Windows-linked account

Possible cause and solution:
  • The number of failed log on attempts exceeded the
    Windows
     security policy and the
    Windows
     account is temporarily locked.
    Wait for the lock to expire (typically about 15 minutes), or contact your
    Windows
     administrator to enable the account.
  • (For systems using
    Windows Server
     Active Directory Domain Services) There might be authentication problems if your account privileges are assigned using
    Windows
     groups that have the Domain Local group scope.
    Windows
    -linked groups that reference accounts that are members of
    Windows
     groups with Domain Local scope can fail authentication and authorization checks.
    Add individual
    Windows
    -linked accounts explicitly instead of using the
    Windows
    -linked group.
  • The log on did not include the full user name credential.
    Try logging on again, making sure to include the domain name with the user name, like this:
    MyDomain\MyAccountName
    .
    Typically, the security system recognizes
    Windows
    -linked user credentials without requiring a domain name. However, a domain name is required if:
    • You are logged onto
      Windows
       in one domain, and then attempt to log on to
      FactoryTalk
       using a
      Windows
      -linked account that is a member of a different domain. Security is not aware of other domains, so the authentication fails.
    • Both a
      FactoryTalk
       user account and a
      Windows
      -linked user account have the same user name but different passwords. Security always checks first for a valid
      FactoryTalk
       user account. If it finds a matching user name, it attempts to authenticate the account using the password you entered. If the password applies to the
      Windows
      -linked user account, authentication fails.
    • Both a user account and a
      Windows
      -linked user account have the same user name and the same password. Because security always checks first for a valid
      FactoryTalk
       account, if it finds a match, it logs on that user account, and the
      Windows
      -linked user account will never be logged on.
    • You are currently logged onto
      Windows
       with user credentials that do not have the necessary
      Windows
       permissions to access the user information required to log on with a different user account.
How security authenticates user credentials
  1. Against the list of
    FactoryTalk
     user accounts. If a match is found, the user is allowed to proceed.
  2. Against the list of
    Windows
    -linked user accounts. If a match is found, the user is allowed to proceed.
  3. Against the list of accounts in a
    Windows
    -linked user group. If a match is found for the user name and password in a
    Windows
    -linked user group, the user is allowed to proceed, even if no
    Windows
    -linked user account is present for that user.
If security cannot authenticate the user credentials in the current
Windows
 domain or on the local computer, then the logon fails. If using a computer that is part of a different domain then your user account, simply include the domain name with the user name when logging on to
FactoryTalk
.
Provide Feedback
Have questions or feedback about this documentation? Please submit your feedback here.
Normal