none
Windows 2012 R2 Active Directory Server Blank Screen RRS feed

  • Question

  • I have a Windows 2003 Domain, I added a Server 2012 R2 to the domain. The 2012 R2 server is a hyper-v virtual machine.  When promoting the server to a domain controller it hung on the process and I had to reboot the server.  When I log into the server now with the same account I was using when I promoted the server I get a black screen. When I hit the (ctrl-alt-del) button on the hyper-v console screen I see several option such as task manager but clicking on it doesn't bring up anything.  I can also sign out.  If I log in using another admin account I have no issues.  If I view the application log I see a 4006 Event Id:

    The Windows logon process has failed to span a user application.  .... C:\Windows\system32\userinit.exe.

    If I boot in safemode I am able to logon with with problem account and see the normal safe mode screen.  Also, BTW the DC promotion process completed without issues.

    Thanks,

    Thursday, October 2, 2014 7:56 PM

All replies

  • Hi

    Can you remove that user account profile and then try login again?


    Hope this helps. Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    • Proposed as answer by SarveshGoel Thursday, October 2, 2014 11:53 PM
    Thursday, October 2, 2014 8:07 PM
  • I had tried this before but gave it another try.  If I delete the user account profile I get the same result when I log in with the problem profile, the screen is black.  Accessing the drive through the admin share I see that a folder called TEMP is created under users.  When I log off and log back in with the other admin account the TEMP folder is gone.

    Friday, October 3, 2014 11:15 PM
  • Hi,

    About the event id 4006, please refer to:

    Event ID 4006 — Windows Logon Availability

    http://technet.microsoft.com/en-us/library/cc733957(v=ws.10).aspx

    Meanwhile, i found this KB article, similar situation.

    https://support2.microsoft.com/kb/970879?wa=wsignin1.0

    The Case of the Mysterious Blank Desktop

    http://blogs.technet.com/b/askperf/archive/2009/03/27/the-case-of-the-mysterious-blank-desktop.aspx

    Regards.


    Vivian Wang


    Wednesday, October 8, 2014 5:55 AM
    Moderator
  • Hi,

    I just want to confirm what is the current situation.

    Please feel free to let us know if you need further assistance.

    Regards.


    Vivian Wang

    Monday, October 20, 2014 2:08 AM
    Moderator
  • So here's the situation.  The domain was windows 2000, I raised the functional level to 2003 in preparation for adding windows 2012 R2 Domain controllers.  I created a hyper-v VM and promoted it to a domain controller. As I mentioned when I logged on with the account I used to promote the the Windows 2012 R2 server to a domain controller I got a black screen. It is not a core server shell. The only thing I can do is hit the ctrl-alt-del button in the console window and sign out, switch user if I click on task manger nothing happens.

    I added a second w2k12 R2 server as domain controller and had the same issue.  I tried logging in with my own account as I am an enterprise admin but I got a blank screen also. The only account I can get the GUI on is the original Administrator account "Administrator".  After comparing properties on that account to two other domain admin accounts I realized the Administrator account has a Delegation tab the other accounts don't.  I've been using them without issues to administer the domain and log onto the W2k3 domain controllers. But I can only assume it is related to the account properties on these accounts.

    I tried creating two other domain admin account from one of the 2012 AD servers but same issue. One account was a copy of the Administrator account and the  other I created from scratch and added it to the relevant groups.

    I have seen something about registering the spn for these accounts which I haven't tired yet. It seems I am missing steps when creating domain administrators.

    Some had suggested I had done a minimal install but I have IE so I don't think this is the case.



    • Edited by Rogues Thursday, October 30, 2014 8:52 PM
    Saturday, October 25, 2014 7:59 AM
  • Hi,

    I found this as a possible solution with a reference to the link below.  Does this seem like a practical thing to do on a 2012 domain controller?

    Net localgroup Users Interactive /add
    Net localgroup Users "Authenticated Users" /add

    https://support.microsoft.com/kb/970879?wa=wsignin1.0

    Monday, November 3, 2014 8:38 PM
  • Hi,

    Sorry for the delay reply.

    As the KB article you mentioned, is supported for windows server 2008, not server 2012.

    I suggest that you could do the test before you run the command on server 2012 domain controller.

    Regards.


    Vivian Wang

    Monday, November 10, 2014 7:42 AM
    Moderator
  • So, I ran just this command "Net localgroup Users Interactive /add" on one of the 2012 R2 domain controllers and was able to log in with GUI using an account I previously had problems with. I then logged in iwth another domain admin account and got the user desktop.

    I tried running the command on the second problem DC but got an error message the specified account name is already a member of the group. It took a while to be able to log in with one of the problem accounts on the second server I assume the command replicated. 

    However, After I was logged in with the problem account I tried running the command again so I could put the text in this post and got a "System error 5 has occurred Access Denied".  I logged out, logged in with the administrator account and ran the second command "Net localgroup Users "Authenticated Users" /add" When I log in with another account and try and run one of these "net localgroup.." commands with an account other than the administrator I get the Access Denied message.  

    So I now have GUI controls when I log in with any domain account but it doesn't appear these accounts are being recognized as full administrator accounts.  This is important since I would like to eliminate the account Administrator.

    Any thoughts

    Wednesday, November 12, 2014 10:02 PM