When you attempt to logon to a Windows 2000 server through a RPC connection, you receive an Access Denied.
This behavior will occur if you try to make a RPC connection through named pipes, and the named pipe endpoints are dynamic.
When Windows 2000 encounters a dynamic endpoint, it reuses any dynamic endpoint that it finds in the same process, without first checking that the security descriptors match. If there is a mismatch, you receive an Access Denied.
The problem will presumably be fixed in a future service pack or hotfix.