Group policy / LDAP error

From: Dennis Kleine (dckleine_at_hotmail.com)
Date: 04/12/04 

Date: Mon, 12 Apr 2004 16:10:07 -0500

This problem manifests itself in multiple ways.

1. I have a user that gets an error every time he logs in. It makes no
difference what workstation he logs on to and other accounts do not get an
error. The error is:
*
Windows cannot bind to xyz domain. (Local Error). Group Policy Processing
aborted
*
2. This user has some administrative rights and when he tries to access a
list of groups through AD users and computers, member of tab advanced
button, he gets the message:
*
The advanced page cannot be opened because of the following error:
The Local Security Authority cannot be contacted.
*
3. This same message also appears when trying to add a group to folder
security on a file server.

If he just types in the name of the group it works ok.

4. When using the find feature of AD Users and Computer, he cannot find
anything. However if he creates an query, it finds everything that it is
supposed to. Queries created with VBScript work just fine.

**************
Results of some diagnostic tools:

When he runs Netdiag, the LDAP response includes a warning:
Failed to query SPC registration on DC

Yet when setspn -l workstationname is run, it works sucessfully.

**************

All research that I have done indicates the error messages are a result of a
DNS or WINS error. This is not the case as everything works fine for all
other users.