Re: Failed to open the Group Policy Object/DCDiag errors

Tech-Archive recommends: Fix windows errors by optimizing your registry

Hi Ace, Thanks for the reply. IPconfig/all follows:

Windows IP Configuration

Host Name . . . . . . . . . . . . : EMICO1
Primary Dns Suffix . . . . . . . : emico.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : emico.local

Ethernet adapter Server Local Area Connection:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Broadcom NetXtreme 5751 Gigabit
Controller

Physical Address. . . . . . . . . : 00-11-11-69-92-65

DHCP Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 192.168.0.2

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 192.168.0.2

Primary WINS Server . . . . . . . : 192.168.0.2

All users are pointing to the Internal DNS as is the Server. A single DC,
SBS. I have recreated the DNS ZOnes as I did think this may be the cause. I
also ran ipconfig /registerdns to recteatedthe SRV records.

BRGDS

Johan

"Ace Fekay [MVP]" wrote:

> In news:1F98563A-A9C9-4367-AF21-B24C93DBD912@xxxxxxxxxxxxx,
> Johan Strange <JohanStrange@xxxxxxxxxxxxxxxxxxxxxxxxx> stated, which I
> commented on below:
> > Hi, I am having some issues with a Windows Server 2003 Small Business
> > Server. It all started around a week ago when users reported that
> > they could not log onto their Exchange Mailboxes. The Event logs
> > showed a bunch of errors:
> >
> > Event ID: 8026. LDAP Bind was unsuccessful on directory
> > Server1.server.local for distinguished name ''. Directory returned
> > error:[0x52] Local Error. DC=server,DC=local
> >
> > Event ID 2114. Process INETINFO.EXE (PID=496). Topology Discovery
> > failed, error 0x80040931.
> >
> > Event ID 40960. The Security System detected an authentication error
> > for the server LDAP/SERVER1.server.local/server.local@xxxxxxxxxxxxx
> > The failure code from authentication protocol Kerberos was "The
> > attempted logon is invalid. This is either due to a bad username or
> > authentication information. (0xc000006d)".
> >
> > Event ID: 4. The kerberos client received a KRB_AP_ERR_MODIFIED error
> > from the server host/server1.server.local. The target name used was
> > ldap/SERVER1.server.local/server.local@xxxxxxxxxxxxx This indicates
> > that the password used to encrypt the kerberos service ticket is
> > different than that on the target server. Commonly, this is due to
> > identically named machine accounts in the target realm
> > (SERVER.LOCAL), and the client realm. Please contact your system
> > administrator.
> >
> > Event ID 7: The Security Account Manager failed a KDC request in an
> > unexpected way. The error is in the data field. The account name was
> > server1$ and lookup type 0x0.
> >
>
> <snip>
>
> Is the domain a single label name?
> DOMAIN versus the required format of domain.com, domain.net, domain.johan,
> etc?
> If a single label name, this can cause major issues.
>
> Do the SRV records in DNS exist?
> Are all machines only pointing to the internal DNS server and not the ISP's
> DNS? If so, this can cause major issues too.
>
> 40960's can be eliminated by creating a reverse zone and making sure all DCs
> have a PTR entry. If pointing to your ISP's, this can be an additional issue
> causing this.
>
> If you like, please post an unedite ipconfig /all of this machine for a
> starting point in diagnosis. That will help to determine if your basic
> config is correct.
>
> --
> Ace
>
> This posting is provided "AS-IS" with no warranties or guarantees and
> confers no rights.
>
> If you are having difficulty in reading or finding responses to your post,
> instead of the website you are using, if I may suggest to use OEx (Outlook
> Express or any other newsreader of your choosing), and configure a newsgroup
> account, pointing to news.microsoft.com. This is a direct link into the
> Microsoft Public Newsgroups, and it is FREE and DOES NOT require a Usenet
> account with your ISP. With OEx, you can easily find your post, track
> threads, cross-post, and sort by date, poster's name, watched threads or
> subject.
>
> Not sure how? It's easy:
> How to Configure OEx for Internet News
> http://support.microsoft.com/?id=171164
>
> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
> Microsoft MVP - Windows Server Directory Services
> Microsoft Certified Trainer
> Assimilation Imminent. Resistance is Futile.
> Infinite Diversities in Infinite Combinations.
> =================================
>
>
>
.

Relevant Pages

  • Re: NT Domain to AD migration
    ... Windows 2000/XP always prefer Kerberos authentication, ... Server 2003 Active Directory service, ensure that you have designed a DNS ...
    (microsoft.public.windows.server.active_directory)
  • Re: Secondary DNS and PIX
    ... Of course I updated them with the DNS ... WINDOWS SERVER 2003 FOR SMALL BUSINESS SERVER, ... Windows SBS 2003 SP1 is available. ...
    (microsoft.public.windows.server.sbs)
  • Re: Find AD hostname from Linux command line
    ... The Windows XP workstation gets an IP ... "Register this connection's addresses in DNS" turned ON. ... If I am on a Linux server and do "ping lancelot.ad.mydomain.com", ...
    (microsoft.public.win2000.dns)
  • Re: Secondary DNS and PIX
    ... SBS SP1 was a very specific service pack comprising several ... Root hints for DNS means you leave the forwarders ... WINDOWS SERVER 2003 FOR SMALL BUSINESS SERVER, ...
    (microsoft.public.windows.server.sbs)
  • Re: Two Win2k3 questions ... Roaming Profiles & Access Privileges ...
    ... >DHCP, DNS, Print Server, and File Server responsibilities. ... lookup zone on Windows NT" ... http://support.microsoft.com?kbid=229873 "Delegate Control Wizard Cannot Be Used ...
    (microsoft.public.win2000.advanced_server)