Re: ptwilliams?

From: C Hall (someone_at_microsoft.com)
Date: 08/02/04

• Next message: Cary Shultz [A.D. MVP]: "Re: Active Directory replicates one way"
• Previous message: C Hall: "Re: ptwilliams?"
• In reply to: Mark Renoden [MSFT]: "Re: ptwilliams?"
• Next in thread: C Hall: "Re: ptwilliams?"
• Messages sorted by: [ date ] [ thread ]

Date: Mon, 2 Aug 2004 09:07:17 -0400

Mark,

I don't have someone at the location that can login as administrator, but
I'm going to swing by there this week and see...I'll post the results.

"Mark Renoden [MSFT]" <markreno@online.microsoft.com> wrote in message
news:uEAtNsBeEHA.2376@tk2msftngp13.phx.gbl...
> Hi Chris
>
> So is this issue perhaps confined to an RDP (Terminal Services) session?
> Any chance you can get someone to log onto the console at the other site
and
> try again just to see? Are you using the same logon and password?
>
> I'm wondering if this might be a User Rights Assignment issue similar to
(if
> not the same as):
>
> 257346 "Access This Computer from the Network" User Right Causes Tools Not
> to
> http://support.microsoft.com/?id=257346
>
> Have you changed any of the User Rights to non defaults for the domain,
> domain controllers etc?
>
> Kind regards
> --
> Mark Renoden [MSFT]
> Windows Platform Support Team
> Email: markreno@online.microsoft.com
>
> Please note you'll need to strip ".online" from my email address to email
> me; I'll post a response back to the group.
>
> This posting is provided "AS IS" with no warranties, and confers no
rights.
>
>
>
> "Chris Hall" <chrish64@earthlink.net> wrote in message
> news:uZxWpDBeEHA.1356@TK2MSFTNGP09.phx.gbl...
> > Hi Paul,
> >
> > Hope your day or two away was for fun ;-) RDP? Is that what Term
Services
> > uses? Didn't know...
> >
> > As per Friday, anytime I connect to this DC and try to open AD tools, I
> > get
> > the messages stated above. I had stopped by the location and tried to
> > reset
> > to the account on the DC. The command went through without a problem, I
> > was
> > able to access the tools, life was good....until I got back to the
office
> > and tried to access those tools through TS. So, to answer your question,
> > the
> > password I tried to reset was a DC at a remote location. FWIW, we have
two
> > DCs and will likely expand that over time. When I get into the office
> > tomorrow, I'll give that a shot and post the result.
> >
> > Thanks,
> > CH
> >
> >
> > "ptwilliams" <ptw2001@hotmail.com> wrote in message
> > news:OLqQVv$dEHA.3864@TK2MSFTNGP10.phx.gbl...
> >> Hi C Hall, thanks for the vote of confidence and the praise!!! I'm
> >> really
> >> chuffed!!! Sorry for the delay, I've been away for a day or two...
> >>
> >> Well, I'm glad Mark was able to help you!! I was unaware that you
can't
> >> reset a secure channel password using RDP!! That's both interesting
and
> >> helpful!! Thanks Mark ;-)
> >>
> >> Anyway, enough time has now passed whether needed or not. So...are you
> >> still getting these issues?? I assume so... And, just to clarify, what
> >> secret password did you reset? The DCs that's throwing the errors I
> > assume,
> >> but thought I'd best check??
> >>
> >> On the DC that has these problems, run this:
> >>
> >> C:\>nltest /sc_query:secfedbank.com
> >>
> >>
> >> And post the result...
> >>
> >>
> >> --
> >>
> >> Paul Williams
> >> _________________________________________
> >> http://www.msresource.net
> >>
> >>
> >> Join us in our new forums!
> >> http://forums.msresource.net
> >> _________________________________________
> >>
> >>
> >> "C Hall" <someone@microsoft.com> wrote in message
> >> news:O1uejlkdEHA.1152@TK2MSFTNGP09.phx.gbl...
> >> I may have spoke too soon....I just got back into the office and
although
> >> logging into the console and getting a 'command completed successfully'
> >> message, when I tried to open AD tools through Terminal Servcies, I get
> > the
> >> same message as before: "Naming information cannot be located because:
> >> The
> >> logon attempt failed."
> >>
> >> Should I restart the server? Or perhaps just give it
time...suggestions?
> >>
> >>
> >>
> >> "Mark Renoden [MSFT]" <markreno@online.microsoft.com> wrote in message
> >> news:#8MEKzbdEHA.4048@TK2MSFTNGP12.phx.gbl...
> >> > Hi
> >> >
> >> > You got the message "The specified network password is not correct"
> >> because
> >> > you tried to do this via a Terminal Session. Try logging onto the
> > console
> >> > instead.
> >> >
> >> > Kind regards
> >> > --
> >> > Mark Renoden [MSFT]
> >> > Windows Platform Support Team
> >> > Email: markreno@online.microsoft.com
> >> >
> >> > Please note you'll need to strip ".online" from my email address to
> > email
> >> > me; I'll post a response back to the group.
> >> >
> >> > This posting is provided "AS IS" with no warranties, and confers no
> >> rights.
> >> >
> >> > "C Hall" <someone@microsoft.com> wrote in message
> >> > news:e67JiNXdEHA.556@tk2msftngp13.phx.gbl...
> >> > > Mark,
> >> > >
> >> > > I tried to do this on the server (throught TS) in question and
> > received
> >> an
> >> > > error: The specified network password is not correct. The command
> > failed
> >> > > to
> >> > > complete successfully.
> >> > >
> >> > > Tried it on the other dc and received: The network path was not
> >> > > found.
> >> The
> >> > > command failed to complete successfully.
> >> > >
> >> > > Trying to do this with ADUC, I get the message that it's a dc and
the
> >> > > password cannot be reset.
> >> > >
> >> > > I guess this means that I'm going to have to demote/promote the dc?
> >> > >
> >> > > "C Hall" <someone@microsoft.com> wrote in message
> >> > > news:es$4#4WdEHA.4004@TK2MSFTNGP10.phx.gbl...
> >> > >> Mark,
> >> > >>
> >> > >> You are correct, opsw2ksvr1 is the PDCe. I do have both servers
> >> pointing
> >> > > at
> >> > >> it as the dns server and will will reset the secure channel. The
> > first
> >> I
> >> > > saw
> >> > >> this message was 6/30 and it wasn't until the middle of this month
> > that
> >> > > it's
> >> > >> (the error in event viewer) been happening with any frequency.
> >> > >>
> >> > >> Thanks for your reply and I'll post back the results.
> >> > >>
> >> > >>
> >> > >>
> >> > >> "Mark Renoden [MSFT]" <markreno@online.microsoft.com> wrote in
> > message
> >> > >> news:O1MqpQPdEHA.1152@TK2MSFTNGP09.phx.gbl...
> >> > >> > Hi
> >> > >> >
> >> > >> > Which DC is the PDCe? I'm guessing opsw2ksvr1?
> >> > >> >
> >> > >> > If so, I'd suggest:
> >> > >> >
> >> > >> > 1. Point both DC's to opsw2ksvr1 as the preferred DNS server.
> >> > >> >
> >> > >> > 2. Reset the secure channel for lexw2ksvr1:
> >> > >> >
> >> > >> > 216393 Resetting computer accounts in Windows 2000 and
Windows
> > XP
> >> > >> > http://support.microsoft.com/?id=216393
> >> > >> >
> >> > >> > If this issue has been around for some time (>60 days) you may
> >> > >> > need
> >> to
> >> > >> > remove lexw2ksvr1 from the domain as a DC and re-promote. If
you
> >> think
> >> > >> this
> >> > >> > is the way you want to head, post back and I'll provide more
> > details.
> >> > >> >
> >> > >> > Kind regards
> >> > >> > --
> >> > >> > Mark Renoden [MSFT]
> >> > >> > Windows Platform Support Team
> >> > >> > Email: markreno@online.microsoft.com
> >> > >> >
> >> > >> > Please note you'll need to strip ".online" from my email address
> >> > >> > to
> >> > > email
> >> > >> > me; I'll post a response back to the group.
> >> > >> >
> >> > >> > This posting is provided "AS IS" with no warranties, and confers
> >> > >> > no
> >> > >> rights.
> >> > >> >
> >> > >> > "C Hall" <someone@microsoft.com> wrote in message
> >> > >> > news:Op$cDiOdEHA.3380@TK2MSFTNGP12.phx.gbl...
> >> > >> > > Hi Paul,
> >> > >> > >
> >> > >> > > I've seen your posts throughout this great forum and you've
> > helped
> >> me
> >> > > in
> >> > >> > > the
> >> > >> > > past. I'm trying to narrow down a problem with one of my two
DCs
> >> and
> >> > > was
> >> > >> > > hoping you could give me some pointers. I'm having problems
with
> >> the
> >> > > 2nd
> >> > >> > > dc
> >> > >> > > installed in the network. A while back (June), I had run
netdiag
> >> just
> >> > > as
> >> > >> a
> >> > >> > > precaution, and everything was looking fine. I started having
> >> > >> > > problems
> >> > >> > > with
> >> > >> > > time synch, which I was able to resolve. Afterwards, I tried
to
> >> open
> >> > >> ADUC
> >> > >> > > and received the following message:
> >> > >> > >
> >> > >> > > Naming information cannot be located because: The logon
> >> > >> > > attempt
> >> > >> > > failed.
> >> > >> > >
> >> > >> > > I get the same message with ADSS.
> >> > >> > >
> >> > >> > > Looking at the event viewer, I saw errors in Application:
> >> > >> > >
> >> > >> > > Event Type: Error
> >> > >> > > Event Source: Userenv
> >> > >> > > Event Category: None
> >> > >> > > Event ID: 1000
> >> > >> > > Date: 7/16/2004
> >> > >> > > Time: 4:20:02 PM
> >> > >> > > User: NT AUTHORITY\SYSTEM
> >> > >> > > Computer: LEXW2KSVR1
> >> > >> > > Description:
> >> > >> > > Windows cannot determine the user or computer name.
> >> > >> > > Return
> >> > > value
> >> > >> > > (1326).
> >> > >> > >
> >> > >> > > I ran netdiag and get this:
> >> > >> > >
> >> > >> > > DC list test . . . . . . . . . . . : Failed
> >> > >> > > [WARNING] Cannot call DsBind to lexw2ksvr1.secfedbank.com
> >> > >> > > (10.20.132.2).
> >> > >> > > [ERROR_LOGON_FAILURE]
> >> > >> > >
> >> > >> > >
> >> > >> > > Trust relationship test. . . . . . : Passed
> >> > >> > > Secure channel for domain 'SECFEDBANK' is to
> >> > >> > > '\\opsw2ksvr1.secfedbank.com'.
> >> > >> > >
> >> > >> > >
> >> > >> > > Kerberos test. . . . . . . . . . . : Failed
> >> > >> > > [FATAL] Kerberos does not have a ticket for
LEXW2KSVR1$.
> >> > >> > >
> >> > >> > >
> >> > >> > > LDAP test. . . . . . . . . . . . . : Passed
> >> > >> > > [WARNING] Failed to query SPN registration on DC
> >> > >> > > 'lexw2ksvr1.secfedbank.com'.
> >> > >> > > [FATAL] Cannot do NTLM authenticated ldap_bind to
> >> > >> > > 'opsw2ksvr1.secfedbank.com': Invalid Credentials.
> >> > >> > > [FATAL] Cannot do Negotiate authenticated ldap_bind to
> >> > >> > > 'opsw2ksvr1.secfedbank.com': Invalid Credentials.
> >> > >> > > [WARNING] Failed to query SPN registration on DC
> >> > >> > > 'opsw2ksvr1.secfedbank.com'.
> >> > >> > >
> >> > >> > >
> >> > >> > >
> >> > >> > > When I installed both DCs, I was cautious as to the problems
> >> > >> > > that
> >> > >> > > misconfigured dns could cause, so everything there is correct
> >> (;-p).
> >> > >> I've
> >> > >> > > verified AD installation & srv records. I've googled and
> >> > >> > > searched
> >> for
> >> > >> > > answers on technet for LDAP errors and event id:1000, to no
> > avail.
> >> > >> > > Per
> >> > >> kb
> >> > >> > > article 329887, I've reset security configuration and that
> >> > >> > > didn't
> >> > >> > > work
> >> > >> > > either. At the moment, I'm reading AD Troubleshooting Chapter
> >> > >> > > 10,
> >> > > which
> >> > >> I
> >> > >> > > found on the MS website. I'm not to familiar with LDAP, which
> > seems
> >> > >> > > to
> >> > >> be
> >> > >> > > having some problems.
> >> > >> > >
> >> > >> > > If you could offer any insight, I'd greatly appreciate it!
> >> > >> > >
> >> > >> > >
> >> > >> >
> >> > >> >
> >> > >>
> >> > >>
> >> > >
> >> > >
> >> >
> >> >
> >> >
> >>
> >>
> >>
> >
> >
>
>

• Next message: Cary Shultz [A.D. MVP]: "Re: Active Directory replicates one way"
• Previous message: C Hall: "Re: ptwilliams?"
• In reply to: Mark Renoden [MSFT]: "Re: ptwilliams?"
• Next in thread: C Hall: "Re: ptwilliams?"
• Messages sorted by: [ date ] [ thread ]

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint