We have a number of virtual servers in Azure, a mixture of server 2019 and server 2022. The machines are in 5 resource groups.
Most of these are fine, I can connect to them using RDP and Bastion. However, I have 1 server that will only allow me to log on using the local admin account or a global admin account. The others will allow domain admin accounts to log on (global admin accounts are not domain admins and domain admins are not global admins).
If I try to log on to the problem server using a domain admin account it says "A user account restriction (for example a time of day restriction) is preventing you from logging on."
The security event log says the account is not recognized, yet the same account can be used to add users to the administrators group on the server so it is a valid account and is able to log into all other Azure servers without issue.
The problem server is in the same resource group and has the same NSG settings as one other that allows the domain admin accounts to log on.
The server is able to ping the on prem DCs
What can be causing this? The server is configured exactly the same way as the other one in the same RG and NSG, the domain admin accounts are listed in the administrators group on the server and have all been added individually to the admin group yet we are still unable to log in with any account other than a GA or local admin