Re: ADAM replica problems
- From: "compurhythms@xxxxxxxxx" <compurhythms@xxxxxxxxx>
- Date: 31 Oct 2006 10:51:24 -0800
Lee Flight wrote:
Hi
are you in a position to disable the XP firewall as a test to see
if that changes things?
It still failed after disabling the firewall.
If you have logon failure audit enabled on your DCs so you see
a failure for the XP bind?
All audit events are logged. There are no audit failures shown when
the error occurs
If you install a unique ADAM instance on the XP machine, does
a secure bind to that work?
I'll try that. But will this help me zero in on the issue? If it
works, won't it just tell me that there's a problem with a local
replica instance authenticating domain users without giving any insight
into the reason?
I'm still stunned that a remote bind from another machine with the
_same_ domain credentuals works. I would think the authentication
would occur on the target machine, not on the connecting client.
Perhaps I'm wrong on that.
Also, like I said LDP provides the error code "52e, va28". We know 52e
is the dreaded "logon failed", but does anyone know what va28 means?
Mike
Lee Flight
<compurhythms@xxxxxxxxx> wrote in message
news:1162229440.868081.192360@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Environment:
- AD Domain in native 2003 mode
- ADAM master on Win2003 server (not a DC) joined to the domain
- Partition "DC=mypartition,DC=local" created on master
- ADAM ADSI Edit works just peachy on the master server
- Windows XP SP2 box joined to the domain and has a replica instance
(no errors during replica install). During install I indicated that my
partition should be replicated.
- I can ping both replica and master by full DNS name
- Firewall enabled, but c:\windows\adam\dsamain.exe is exempted to
allow for replication traffic
My problem is that I try to connect to my partition on the replica
machine. Here are the symptoms:
- I try to connect via ADAM ADSI Edit to "DC=mypartition,DC=local" on
the replica box and I get an error "The login attempt failed".
- I try the same on the master and it works
So I start thinking it is a replication issue. I try the following on
the replica machine:
repadmin /syncall localhost:9389
(where 9389 is the ldap port for the local instance)
I get this response:
"SyncAll exited with fatal Win32 error: 1323 (0x52b):
Unable to update the password. The value provided as the current
password is
incorrect"
Not sure exactly what that means. So I try connecting to the local
instance via LDP.EXE. A simple bind with an ADAM user _works_ (meaning
replication worked because the user was created on the master). But a
credential bind with a domain user with sufficient partition
priviledges fails with this error:
rror <49>: ldap_bind_s() failed: Invalid Credentials.
Server error: 8009030C: LdapErr: DSID-0C090441, comment:
AcceptSecurityContext error, data 52e, va28
Error 0x8009030C The logon attempt failed
Now I'm leaning away from replication, but get a load of this!:
I go to the master server, connect back to the replica client with both
ADSI Edit and LDP.EXE and authentication works for both domain users
and ADAM users!
Seems like a problem with ADAM authenticating domain users on the
replica box. But I can log into XP with domain users and changing the
instance service account to a domain admin does no good.
So this begs the question: why can I bind to my replica instance with
domain credentials from another machine, but not locally on the replica
box?
Mike
.
- Follow-Ups:
- Re: ADAM replica problems
- From: Lee Flight
- Re: ADAM replica problems
- Prev by Date: Delegation of Control Wizard
- Next by Date: Re: Connecting to Novell's eDirectory using ADSI (VB 6.0)
- Previous by thread: Delegation of Control Wizard
- Next by thread: Re: ADAM replica problems
- Index(es):
Relevant Pages
|
