Group policy / LDAP error

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Dennis Kleine (dckleine_at_hotmail.com)
Date: 04/12/04

• Next message: Ulf B. Simon-Weidner [MVP]: "Re: Reestablishing Trust Relationships in Windows Server 2003"
• Previous message: Ed Levis: "How to setup authentication across domains within a forest?"
• Next in thread: Roger Abell: "Re: Group policy / LDAP error"
• Reply: Roger Abell: "Re: Group policy / LDAP error"
• Messages sorted by: [ date ] [ thread ]

---

Date: Mon, 12 Apr 2004 16:10:07 -0500

This problem manifests itself in multiple ways.

1. I have a user that gets an error every time he logs in. It makes no
difference what workstation he logs on to and other accounts do not get an
error. The error is:
*
Windows cannot bind to xyz domain. (Local Error). Group Policy Processing
aborted
*
2. This user has some administrative rights and when he tries to access a
list of groups through AD users and computers, member of tab advanced
button, he gets the message:
*
The advanced page cannot be opened because of the following error:
The Local Security Authority cannot be contacted.
*
3. This same message also appears when trying to add a group to folder
security on a file server.

If he just types in the name of the group it works ok.

4. When using the find feature of AD Users and Computer, he cannot find
anything. However if he creates an query, it finds everything that it is
supposed to. Queries created with VBScript work just fine.

**************
Results of some diagnostic tools:

When he runs Netdiag, the LDAP response includes a warning:
Failed to query SPC registration on DC

Yet when setspn -l workstationname is run, it works sucessfully.

**************

All research that I have done indicates the error messages are a result of a
DNS or WINS error. This is not the case as everything works fine for all
other users.

---

• Next message: Ulf B. Simon-Weidner [MVP]: "Re: Reestablishing Trust Relationships in Windows Server 2003"
• Previous message: Ed Levis: "How to setup authentication across domains within a forest?"
• Next in thread: Roger Abell: "Re: Group policy / LDAP error"
• Reply: Roger Abell: "Re: Group policy / LDAP error"
• Messages sorted by: [ date ] [ thread ]

---

Relevant Pages Group policy / LDAP error ... I have a user that gets an error every time he logs in. ... difference what workstation he logs on to and other accounts do not get an ... The Local Security Authority cannot be contacted. ... Failed to query SPC registration on DC ... (microsoft.public.windows.group_policy) Re: Authentication failures ... Userenv eventid 1030 and Userenv eventid 1006 logged? ... Did you change the workstation SID? ... restictions on the "Mike Bannister" account, ... lastly the user never logs in on any other workstation so simultaneous ... (microsoft.public.windows.server.sbs) Re: Authentication failures ... If yes I would be leaning torwards a corrupt profile. ... lastly the user never logs in on any other workstation so simultaneous ... The user logs in every day. ... Logon Failure: ... (microsoft.public.windows.server.sbs) Re: Permit only one network logon per user ... I assign a unique username and password per user of this service. ... Alice logs on at workstation A. Alice then logs on at workstation B, ... (microsoft.public.windows.server.security) Re: event id 675 ... workstation and uses a valid domain account name but enters a bad ... Failure Code 24.By reviewing each of your DC Security logs ... providing the username and domain name, ... address of the system from which the logon attempt originated. ... (microsoft.public.win2000.security)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.server.active_directory  > 2004-04