Re: ADAM replica problems
- From: "Lee Flight" <lef@xxxxxxxxxxxxxxx>
- Date: Mon, 30 Oct 2006 23:07:49 -0000
Hi
are you in a position to disable the XP firewall as a test to see
if that changes things?
If you have logon failure audit enabled on your DCs so you see
a failure for the XP bind?
If you install a unique ADAM instance on the XP machine, does
a secure bind to that work?
Lee Flight
<compurhythms@xxxxxxxxx> wrote in message
news:1162229440.868081.192360@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Environment:
- AD Domain in native 2003 mode
- ADAM master on Win2003 server (not a DC) joined to the domain
- Partition "DC=mypartition,DC=local" created on master
- ADAM ADSI Edit works just peachy on the master server
- Windows XP SP2 box joined to the domain and has a replica instance
(no errors during replica install). During install I indicated that my
partition should be replicated.
- I can ping both replica and master by full DNS name
- Firewall enabled, but c:\windows\adam\dsamain.exe is exempted to
allow for replication traffic
My problem is that I try to connect to my partition on the replica
machine. Here are the symptoms:
- I try to connect via ADAM ADSI Edit to "DC=mypartition,DC=local" on
the replica box and I get an error "The login attempt failed".
- I try the same on the master and it works
So I start thinking it is a replication issue. I try the following on
the replica machine:
repadmin /syncall localhost:9389
(where 9389 is the ldap port for the local instance)
I get this response:
"SyncAll exited with fatal Win32 error: 1323 (0x52b):
Unable to update the password. The value provided as the current
password is
incorrect"
Not sure exactly what that means. So I try connecting to the local
instance via LDP.EXE. A simple bind with an ADAM user _works_ (meaning
replication worked because the user was created on the master). But a
credential bind with a domain user with sufficient partition
priviledges fails with this error:
rror <49>: ldap_bind_s() failed: Invalid Credentials.
Server error: 8009030C: LdapErr: DSID-0C090441, comment:
AcceptSecurityContext error, data 52e, va28
Error 0x8009030C The logon attempt failed
Now I'm leaning away from replication, but get a load of this!:
I go to the master server, connect back to the replica client with both
ADSI Edit and LDP.EXE and authentication works for both domain users
and ADAM users!
Seems like a problem with ADAM authenticating domain users on the
replica box. But I can log into XP with domain users and changing the
instance service account to a domain admin does no good.
So this begs the question: why can I bind to my replica instance with
domain credentials from another machine, but not locally on the replica
box?
Mike
.
- References:
- ADAM replica problems
- From: compurhythms@xxxxxxxxx
- ADAM replica problems
- Prev by Date: Re: ms-userproxy & Forest Trusted
- Next by Date: Re: Strange happening with AD client today
- Previous by thread: ADAM replica problems
- Next by thread: Re: Disjoint namespace Impact
- Index(es):
Relevant Pages
|
