Re: Error binding to local domain
- From: v-chayan@xxxxxxxxxxxxxxxxxxxx ("Charles Yang [MSFT]")
- Date: Tue, 16 Aug 2005 06:09:21 GMT
Hi Steve,
Thanks for updates.
After checking the warning 40960 and 40961, we found it did not relate to
the previous issue. So we can solve it individually:
1. Does the issue only occur on the time when the server boot or occur on
other time frequently.
2. This should be a client issue, please follow the steps below:
1. Please call our CSS to request the hot fix 885887:
885887 You cannot access network resources after you try to log on to a
Windows (although it is for smart card, it can still resolve similar issues)
http://support.microsoft.com/?id=885887
Note: Although this hot fix is for the Windows XP with a Smart Card, it has
resolved some similar issues without the Smart Card.
For a complete list of Microsoft Product Support Services phone numbers and
information about support costs, visit the following Microsoft Web site:
http://support.microsoft.com/default.aspx?scid=fh;EN-US;CNTACTMS
3. Backup and then delete the user profile for the problematic user
account, and then log on by using this account so that the OS will create a
new user profile. Does the issue still exist?
For the previous issue, I suggest you test if it only occur on built in
domain AD, please also make sure if you rename the built in administrator
or not. If you use other administrator account you create, does the issue
exist or not?
Currently I also make research on this things, in addition have you use my
documents redirection or roaming profiles, if so you might have to delete
this user's profiles on SBS server to see if the issue can be resolve,
please perform a backup for that profiles then perform tests.
Thanks for your understanding.
Best regards,
Charles Yang (MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| Thread-Topic: Error binding to local domain
| thread-index: AcWiFA2EN5EdHNMTRh6gx6nFmVqu4w==
| X-WBNR-Posting-Host: 65.164.216.122
| From: =?Utf-8?B?U3RldmUgTGFyc29u?= <SteveLarson@xxxxxxxxxxxxxxxxxxxxxxxxx>
| References: <2E7C8934-DBF1-47BE-9EA2-D2947D7C1799@xxxxxxxxxxxxx>
<uLiBFqPoFHA.2920@xxxxxxxxxxxxxxxxxxxx>
<464AB7A0-D39E-4FD3-821B-28EEA2EB4B59@xxxxxxxxxxxxx>
<TkAnYbWoFHA.2700@xxxxxxxxxxxxxxxxxxxxx>
<7B63646A-3A6F-491C-BD5B-7582FFB9C299@xxxxxxxxxxxxx>
<Kz6pQjfoFHA.940@xxxxxxxxxxxxxxxxxxxxx>
| Subject: Re: Error binding to local domain
| Date: Mon, 15 Aug 2005 20:39:13 -0700
| Lines: 321
| Message-ID: <64996607-03AE-4537-A002-24ABF6EEBA21@xxxxxxxxxxxxx>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| Newsgroups: microsoft.public.windows.server.sbs
| NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA03.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:144709
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| Hi Charles,
|
| I still have problems resolving user names as domain administrator after
| changing the domain administrator's password as recommended. I also see
two
| warnings in the system event log that may help (did not pay much
attention to
| them before :>( ). The events are:
|
| The Security System detected an attempted downgrade attack for server
| ldap/dc1.MyDomain.local/MyDomain.local@xxxxxxxxxxxxxxx The failure code
from
| authentication protocol Kerberos was "There are currently no logon
servers
| available to service the logon request.
| (0xc000005e)". Source:LSASRV, Category:SPNEGO (Negotiator),
EventID:40960
|
| The Security System could not establish a secured connection with the
server
| ldap/dc1.MyDomain.local/MyDomain.local@xxxxxxxxxxxxxxx No authentication
| protocol was available. Source:LSASRV, Category:SPNEGO (Negotiator),
| EventID:40961
|
| Steve
| ""Charles Yang [MSFT]"" wrote:
|
| > Hi Steve,
| >
| > Thanks for updates.
| >
| > I will be here waiting for your updates. Thanks for your effort.
| >
| >
| >
| > Best regards,
| >
| > Charles Yang (MSFT)
| >
| > Microsoft CSS Online Newsgroup Support
| >
| > Get Secure! - www.microsoft.com/security
| >
| > ======================================================
| > This newsgroup only focuses on SBS technical issues. If you have issues
| > regarding other Microsoft products, you'd better post in the
corresponding
| > newsgroups so that they can be resolved in an efficient and timely
manner.
| > You can locate the newsgroup here:
| > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| >
| > When opening a new thread via the web interface, we recommend you check
the
| > "Notify me of replies" box to receive e-mail notifications when there
are
| > any updates in your thread. When responding to posts via your
newsreader,
| > please "Reply to Group" so that others may learn and benefit from your
| > issue.
| >
| > Microsoft engineers can only focus on one issue per thread. Although we
| > provide other information for your reference, we recommend you post
| > different incidents in different threads to keep the thread clean. In
doing
| > so, it will ensure your issues are resolved in a timely manner.
| >
| > For urgent issues, you may want to contact Microsoft CSS directly.
Please
| > check http://support.microsoft.com for regional support phone numbers.
| >
| > Any input or comments in this thread are highly appreciated.
| > ======================================================
| > This posting is provided "AS IS" with no warranties, and confers no
rights.
| >
| >
| > =====================================================
| > When responding to posts, please "Reply to Group" via your newsreader
so
| > that others may learn and benefit from your issue.
| > =====================================================
| >
| > This posting is provided "AS IS" with no warranties, and confers no
rights.
| >
| > --------------------
| > | Thread-Topic: Error binding to local domain
| > | thread-index: AcWhlpqkCG/7gRR1R8WjUmV1ItxHTQ==
| > | X-WBNR-Posting-Host: 65.164.216.122
| > | From: =?Utf-8?B?U3RldmUgTGFyc29u?=
<SteveLarson@xxxxxxxxxxxxxxxxxxxxxxxxx>
| > | References: <2E7C8934-DBF1-47BE-9EA2-D2947D7C1799@xxxxxxxxxxxxx>
| > <uLiBFqPoFHA.2920@xxxxxxxxxxxxxxxxxxxx>
| > <464AB7A0-D39E-4FD3-821B-28EEA2EB4B59@xxxxxxxxxxxxx>
| > <TkAnYbWoFHA.2700@xxxxxxxxxxxxxxxxxxxxx>
| > | Subject: Re: Error binding to local domain
| > | Date: Mon, 15 Aug 2005 05:41:07 -0700
| > | Lines: 308
| > | Message-ID: <7B63646A-3A6F-491C-BD5B-7582FFB9C299@xxxxxxxxxxxxx>
| > | MIME-Version: 1.0
| > | Content-Type: text/plain;
| > | charset="Utf-8"
| > | Content-Transfer-Encoding: 7bit
| > | X-Newsreader: Microsoft CDO for Windows 2000
| > | Content-Class: urn:content-classes:message
| > | Importance: normal
| > | Priority: normal
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| > | Newsgroups: microsoft.public.windows.server.sbs
| > | NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| > | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
| > | Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:144427
| > | X-Tomcat-NG: microsoft.public.windows.server.sbs
| > |
| > | Charles,
| > | Thanks for the response. The problem is on all machines. I will try
the
| > | number 2 solution and report back. I tried number 3 before I posted
the
| > | question.
| > |
| > | Steve
| > | ""Charles Yang [MSFT]"" wrote:
| > |
| > | > Hi Steve,
| > | >
| > | > Welcome to SBS newsgroup.
| > | >
| > | > Issue description:
| > | >
| > | > ===========
| > | >
| > | > I understand that you encountered 1006 and 1030 error.
| > | >
| > | > Analyzing and suggestions:
| > | >
| > | > ============
| > | >
| > | > Generally speaking, this issue might be relate to AD configuration
on
| > SBS
| > | > domain, please perform tests below:
| > | >
| > | > 1. If this user log on to a DIFFERENT computer, can the problem be
| > | > reproduced? If not, the problem is most likely related to the user
| > profile
| > | > on the ''problematic'' computer. I suggest that you delete the
profile
| > on
| > | > that computer and try to log on to it again. (That means delete the
| > Domain
| > | > administrator's profiles on that workstation then logon the
workstation
| > | > with Administrator profiles again to see if the issue can be
resolved.
| > | >
| > | > 2. If the problem can be reproduced on all the client computers,
most
| > | > likely this user's AD account is corrupted. I would suggest that we
| > first
| > | > reset the password for this user in dsa.msc and check if the
problem is
| > | > resolved.
| > | > 3. Please also remove and rejoin this client computer to the domain
to
| > see
| > | > if this issue can be resolved.
| > | >
| > | > Thanks for all your efforts, I will be here waiting for your
updates,
| > | > please perform my suggestions and paste any progress to newsgroup.
| > | >
| > | >
| > | >
| > | > Best regards,
| > | >
| > | > Charles Yang (MSFT)
| > | >
| > | > Microsoft CSS Online Newsgroup Support
| > | >
| > | > Get Secure! - www.microsoft.com/security
| > | >
| > | > ======================================================
| > | > This newsgroup only focuses on SBS technical issues. If you have
issues
| > | > regarding other Microsoft products, you'd better post in the
| > corresponding
| > | > newsgroups so that they can be resolved in an efficient and timely
| > manner.
| > | > You can locate the newsgroup here:
| > | > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| > | >
| > | > When opening a new thread via the web interface, we recommend you
check
| > the
| > | > "Notify me of replies" box to receive e-mail notifications when
there
| > are
| > | > any updates in your thread. When responding to posts via your
| > newsreader,
| > | > please "Reply to Group" so that others may learn and benefit from
your
| > | > issue.
| > | >
| > | > Microsoft engineers can only focus on one issue per thread.
Although we
| > | > provide other information for your reference, we recommend you post
| > | > different incidents in different threads to keep the thread clean.
In
| > doing
| > | > so, it will ensure your issues are resolved in a timely manner.
| > | >
| > | > For urgent issues, you may want to contact Microsoft CSS directly.
| > Please
| > | > check http://support.microsoft.com for regional support phone
numbers.
| > | >
| > | > Any input or comments in this thread are highly appreciated.
| > | > ======================================================
| > | > This posting is provided "AS IS" with no warranties, and confers no
| > rights.
| > | >
| > | >
| > | > =====================================================
| > | > When responding to posts, please "Reply to Group" via your
newsreader
| > so
| > | > that others may learn and benefit from your issue.
| > | > =====================================================
| > | >
| > | > This posting is provided "AS IS" with no warranties, and confers no
| > rights.
| > | >
| > | > --------------------
| > | > | Thread-Topic: Error binding to local domain
| > | > | thread-index: AcWhOtA0OcOAsYhqTZepzRQ/QSEcVA==
| > | > | X-WBNR-Posting-Host: 65.164.216.122
| > | > | From: =?Utf-8?B?U3RldmUgTGFyc29u?=
| > <SteveLarson@xxxxxxxxxxxxxxxxxxxxxxxxx>
| > | > | References: <2E7C8934-DBF1-47BE-9EA2-D2947D7C1799@xxxxxxxxxxxxx>
| > | > <uLiBFqPoFHA.2920@xxxxxxxxxxxxxxxxxxxx>
| > | > | Subject: Re: Error binding to local domain
| > | > | Date: Sun, 14 Aug 2005 18:44:02 -0700
| > | > | Lines: 319
| > | > | Message-ID: <464AB7A0-D39E-4FD3-821B-28EEA2EB4B59@xxxxxxxxxxxxx>
| > | > | MIME-Version: 1.0
| > | > | Content-Type: text/plain;
| > | > | charset="Utf-8"
| > | > | Content-Transfer-Encoding: 7bit
| > | > | X-Newsreader: Microsoft CDO for Windows 2000
| > | > | Content-Class: urn:content-classes:message
| > | > | Importance: normal
| > | > | Priority: normal
| > | > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| > | > | Newsgroups: microsoft.public.windows.server.sbs
| > | > | NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| > | > | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
| > | > | Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.windows.server.sbs:144287
| > | > | X-Tomcat-NG: microsoft.public.windows.server.sbs
| > | > |
| > | > | "Lanwench [MVP - Exchange]" wrote:
| > | > |
| > | > | >
| > | > | >
| > | > | > In news:2E7C8934-DBF1-47BE-9EA2-D2947D7C1799@xxxxxxxxxxxxx,
| > | > | > Steve Larson <SteveLarson@xxxxxxxxxxxxxxxxxxxxxxxxx> typed:
| > | > | > > I am receiving an error in the event log when I try to
resolve a
| > | > | > > domain user name on a client machine (i.e. add a domain user
to
| > the
| > | > | > > permissions on a folder or add domain user to a group) when
| > | > | > > authenticating as the domain administrator. The permissions
| > dialog
| > | > | > > just times out trying to resolve the user. The machine is a
| > member
| > | > | > > of the domain, has XP SP2 installed, and has allowed the same
| > type of
| > | > | > > permissions updates in the past. The user name is able to be
| > | > | > > resolved when authenticating as another domain user.
| > | > | > >
| > | > | > > This is the message in the client event log. "Windows cannot
bind
| > to
| > | > | > > [MyLocalDomain].local domain. (Local Error). Group Policy
| > processing
| > | > | > > aborted." Source: Userenv, EventID: 1006 and is always
followed
| > by
| > | > | > > the following event "Windows cannot query for the list of
Group
| > | > | > > Policy objects. A message that describes the reason for this
was
| > | > | > > previously logged by the policy engine." Source: Userenv,
EventID:
| > | > | > > 1030.
| > | > | > >
| > | > | > > I have dropped a machine to a workgroup and rejoined it to
the
| > domain
| > | > | > > but
| > | > | > > get the same results.
| > | > | > >
| > | > | > > I did not find a machine personal certificate listed in MMC.
When
| > I
| > | > | > > try to add a certificate, I received an error dialog stating
that
| > the
| > | > | > > wizard could not be started because Active Directory could
not be
| > | > | > > contacted. The [MyLocalDomain] Root Certificate Authority
and the
| > | > | > > [DomainController].[MyPublicDomain] are listed in the
| > Certificates for
| > | > | > > Trusted Root Certification Authorities. (All this as logged
in as
| > | > | > > domain administrator).
| > | > | > >
| > | > | > > I have pasted the help and Support link text at the end of
this
| > but
| > | > | > > nothing seemed to be much help there (I was not able to get
the
| > | > | > > Win2000 netdiag tool to run.)
| > | > | > >
| > | > | > > I have also pasted part of the client machine logfile for
userenv
| > at
| > | > | > > the end.
| > | > | > >
| > | > | > > Any ideas on where else to troubleshoot?
| > | > | > >
| > | > | > > Steve
| > | > | > <snip>
| > | > | >
| > | > | > Just a sanity check - is the *only* DNS server you have on the
| > client,
| > | > the
| > | > | > LAN IP address of your SBS server?
| > | > | >
| > | > | > If not, make it so. If so, if you run
| > | > | >
| > | > | > gpresult
| > | > | >
| > | > | > from a command line, what do you see?
| > | > | > If you try
| > | > | >
| > | > | > gpupdate /force
| > | > | >
| > | > | > does it help?
| > | > | >
| > | > | >
| > | > | >
| > | > | This is the result of 'gpresult', 'gpupdate /force', and
'gpresult'.
| > The
| > | > | behavior has not changed. (It looks like I need to do some
research
| > and
| > | > | maybe a follow up post on GP :>)
| > | > | C:\Documents and Settings\administrator.MYDOMAIN>gpresult
| > | > |
| > | > | Microsoft (R) Windows (R) XP Operating System Group Policy Result
| > tool
| > | > v2.0
| > | > | Copyright (C) Microsoft Corp. 1981-2001
| > | > |
| > | > | Created On 8/14/2005 at 8:08:20 PM
| > | > |
| > | > |
| > | > | RSOP results for MYDOMAIN\administrator on MUSIC1 : Logging Mode
| > | > |
|
.
- Follow-Ups:
- Re: Error binding to local domain
- From: Steve Larson
- Re: Error binding to local domain
- References:
- Error binding to local domain
- From: Steve Larson
- Re: Error binding to local domain
- From: Lanwench [MVP - Exchange]
- Re: Error binding to local domain
- From: Steve Larson
- Re: Error binding to local domain
- From: "Charles Yang [MSFT]"
- Re: Error binding to local domain
- From: Steve Larson
- Re: Error binding to local domain
- From: "Charles Yang [MSFT]"
- Re: Error binding to local domain
- From: Steve Larson
- Error binding to local domain
- Prev by Date: Re: Symantec 10.0 migration problems on SBS2003
- Next by Date: Re: Symantec 10.0 migration problems on SBS2003
- Previous by thread: Re: Error binding to local domain
- Next by thread: Re: Error binding to local domain
- Index(es):
Relevant Pages
|
