Re: Error binding to local domain
- From: Steve Larson <SteveLarson@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 15 Aug 2005 20:39:13 -0700
Hi Charles,
I still have problems resolving user names as domain administrator after
changing the domain administrator's password as recommended. I also see two
warnings in the system event log that may help (did not pay much attention to
them before :>( ). The events are:
The Security System detected an attempted downgrade attack for server
ldap/dc1.MyDomain.local/MyDomain.local@xxxxxxxxxxxxxxx The failure code from
authentication protocol Kerberos was "There are currently no logon servers
available to service the logon request.
(0xc000005e)". Source:LSASRV, Category:SPNEGO (Negotiator), EventID:40960
The Security System could not establish a secured connection with the server
ldap/dc1.MyDomain.local/MyDomain.local@xxxxxxxxxxxxxxx No authentication
protocol was available. Source:LSASRV, Category:SPNEGO (Negotiator),
EventID:40961
Steve
""Charles Yang [MSFT]"" wrote:
> Hi Steve,
>
> Thanks for updates.
>
> I will be here waiting for your updates. Thanks for your effort.
>
>
>
> Best regards,
>
> Charles Yang (MSFT)
>
> Microsoft CSS Online Newsgroup Support
>
> Get Secure! - www.microsoft.com/security
>
> ======================================================
> This newsgroup only focuses on SBS technical issues. If you have issues
> regarding other Microsoft products, you'd better post in the corresponding
> newsgroups so that they can be resolved in an efficient and timely manner.
> You can locate the newsgroup here:
> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
>
> When opening a new thread via the web interface, we recommend you check the
> "Notify me of replies" box to receive e-mail notifications when there are
> any updates in your thread. When responding to posts via your newsreader,
> please "Reply to Group" so that others may learn and benefit from your
> issue.
>
> Microsoft engineers can only focus on one issue per thread. Although we
> provide other information for your reference, we recommend you post
> different incidents in different threads to keep the thread clean. In doing
> so, it will ensure your issues are resolved in a timely manner.
>
> For urgent issues, you may want to contact Microsoft CSS directly. Please
> check http://support.microsoft.com for regional support phone numbers.
>
> Any input or comments in this thread are highly appreciated.
> ======================================================
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
>
> =====================================================
> When responding to posts, please "Reply to Group" via your newsreader so
> that others may learn and benefit from your issue.
> =====================================================
>
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
> --------------------
> | Thread-Topic: Error binding to local domain
> | thread-index: AcWhlpqkCG/7gRR1R8WjUmV1ItxHTQ==
> | X-WBNR-Posting-Host: 65.164.216.122
> | From: =?Utf-8?B?U3RldmUgTGFyc29u?= <SteveLarson@xxxxxxxxxxxxxxxxxxxxxxxxx>
> | References: <2E7C8934-DBF1-47BE-9EA2-D2947D7C1799@xxxxxxxxxxxxx>
> <uLiBFqPoFHA.2920@xxxxxxxxxxxxxxxxxxxx>
> <464AB7A0-D39E-4FD3-821B-28EEA2EB4B59@xxxxxxxxxxxxx>
> <TkAnYbWoFHA.2700@xxxxxxxxxxxxxxxxxxxxx>
> | Subject: Re: Error binding to local domain
> | Date: Mon, 15 Aug 2005 05:41:07 -0700
> | Lines: 308
> | Message-ID: <7B63646A-3A6F-491C-BD5B-7582FFB9C299@xxxxxxxxxxxxx>
> | MIME-Version: 1.0
> | Content-Type: text/plain;
> | charset="Utf-8"
> | Content-Transfer-Encoding: 7bit
> | X-Newsreader: Microsoft CDO for Windows 2000
> | Content-Class: urn:content-classes:message
> | Importance: normal
> | Priority: normal
> | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
> | Newsgroups: microsoft.public.windows.server.sbs
> | NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
> | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
> | Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:144427
> | X-Tomcat-NG: microsoft.public.windows.server.sbs
> |
> | Charles,
> | Thanks for the response. The problem is on all machines. I will try the
> | number 2 solution and report back. I tried number 3 before I posted the
> | question.
> |
> | Steve
> | ""Charles Yang [MSFT]"" wrote:
> |
> | > Hi Steve,
> | >
> | > Welcome to SBS newsgroup.
> | >
> | > Issue description:
> | >
> | > ===========
> | >
> | > I understand that you encountered 1006 and 1030 error.
> | >
> | > Analyzing and suggestions:
> | >
> | > ============
> | >
> | > Generally speaking, this issue might be relate to AD configuration on
> SBS
> | > domain, please perform tests below:
> | >
> | > 1. If this user log on to a DIFFERENT computer, can the problem be
> | > reproduced? If not, the problem is most likely related to the user
> profile
> | > on the ''problematic'' computer. I suggest that you delete the profile
> on
> | > that computer and try to log on to it again. (That means delete the
> Domain
> | > administrator's profiles on that workstation then logon the workstation
> | > with Administrator profiles again to see if the issue can be resolved.
> | >
> | > 2. If the problem can be reproduced on all the client computers, most
> | > likely this user's AD account is corrupted. I would suggest that we
> first
> | > reset the password for this user in dsa.msc and check if the problem is
> | > resolved.
> | > 3. Please also remove and rejoin this client computer to the domain to
> see
> | > if this issue can be resolved.
> | >
> | > Thanks for all your efforts, I will be here waiting for your updates,
> | > please perform my suggestions and paste any progress to newsgroup.
> | >
> | >
> | >
> | > Best regards,
> | >
> | > Charles Yang (MSFT)
> | >
> | > Microsoft CSS Online Newsgroup Support
> | >
> | > Get Secure! - www.microsoft.com/security
> | >
> | > ======================================================
> | > This newsgroup only focuses on SBS technical issues. If you have issues
> | > regarding other Microsoft products, you'd better post in the
> corresponding
> | > newsgroups so that they can be resolved in an efficient and timely
> manner.
> | > You can locate the newsgroup here:
> | > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
> | >
> | > When opening a new thread via the web interface, we recommend you check
> the
> | > "Notify me of replies" box to receive e-mail notifications when there
> are
> | > any updates in your thread. When responding to posts via your
> newsreader,
> | > please "Reply to Group" so that others may learn and benefit from your
> | > issue.
> | >
> | > Microsoft engineers can only focus on one issue per thread. Although we
> | > provide other information for your reference, we recommend you post
> | > different incidents in different threads to keep the thread clean. In
> doing
> | > so, it will ensure your issues are resolved in a timely manner.
> | >
> | > For urgent issues, you may want to contact Microsoft CSS directly.
> Please
> | > check http://support.microsoft.com for regional support phone numbers.
> | >
> | > Any input or comments in this thread are highly appreciated.
> | > ======================================================
> | > This posting is provided "AS IS" with no warranties, and confers no
> rights.
> | >
> | >
> | > =====================================================
> | > When responding to posts, please "Reply to Group" via your newsreader
> so
> | > that others may learn and benefit from your issue.
> | > =====================================================
> | >
> | > This posting is provided "AS IS" with no warranties, and confers no
> rights.
> | >
> | > --------------------
> | > | Thread-Topic: Error binding to local domain
> | > | thread-index: AcWhOtA0OcOAsYhqTZepzRQ/QSEcVA==
> | > | X-WBNR-Posting-Host: 65.164.216.122
> | > | From: =?Utf-8?B?U3RldmUgTGFyc29u?=
> <SteveLarson@xxxxxxxxxxxxxxxxxxxxxxxxx>
> | > | References: <2E7C8934-DBF1-47BE-9EA2-D2947D7C1799@xxxxxxxxxxxxx>
> | > <uLiBFqPoFHA.2920@xxxxxxxxxxxxxxxxxxxx>
> | > | Subject: Re: Error binding to local domain
> | > | Date: Sun, 14 Aug 2005 18:44:02 -0700
> | > | Lines: 319
> | > | Message-ID: <464AB7A0-D39E-4FD3-821B-28EEA2EB4B59@xxxxxxxxxxxxx>
> | > | MIME-Version: 1.0
> | > | Content-Type: text/plain;
> | > | charset="Utf-8"
> | > | Content-Transfer-Encoding: 7bit
> | > | X-Newsreader: Microsoft CDO for Windows 2000
> | > | Content-Class: urn:content-classes:message
> | > | Importance: normal
> | > | Priority: normal
> | > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
> | > | Newsgroups: microsoft.public.windows.server.sbs
> | > | NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
> | > | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
> | > | Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:144287
> | > | X-Tomcat-NG: microsoft.public.windows.server.sbs
> | > |
> | > | "Lanwench [MVP - Exchange]" wrote:
> | > |
> | > | >
> | > | >
> | > | > In news:2E7C8934-DBF1-47BE-9EA2-D2947D7C1799@xxxxxxxxxxxxx,
> | > | > Steve Larson <SteveLarson@xxxxxxxxxxxxxxxxxxxxxxxxx> typed:
> | > | > > I am receiving an error in the event log when I try to resolve a
> | > | > > domain user name on a client machine (i.e. add a domain user to
> the
> | > | > > permissions on a folder or add domain user to a group) when
> | > | > > authenticating as the domain administrator. The permissions
> dialog
> | > | > > just times out trying to resolve the user. The machine is a
> member
> | > | > > of the domain, has XP SP2 installed, and has allowed the same
> type of
> | > | > > permissions updates in the past. The user name is able to be
> | > | > > resolved when authenticating as another domain user.
> | > | > >
> | > | > > This is the message in the client event log. "Windows cannot bind
> to
> | > | > > [MyLocalDomain].local domain. (Local Error). Group Policy
> processing
> | > | > > aborted." Source: Userenv, EventID: 1006 and is always followed
> by
> | > | > > the following event "Windows cannot query for the list of Group
> | > | > > Policy objects. A message that describes the reason for this was
> | > | > > previously logged by the policy engine." Source: Userenv, EventID:
> | > | > > 1030.
> | > | > >
> | > | > > I have dropped a machine to a workgroup and rejoined it to the
> domain
> | > | > > but
> | > | > > get the same results.
> | > | > >
> | > | > > I did not find a machine personal certificate listed in MMC. When
> I
> | > | > > try to add a certificate, I received an error dialog stating that
> the
> | > | > > wizard could not be started because Active Directory could not be
> | > | > > contacted. The [MyLocalDomain] Root Certificate Authority and the
> | > | > > [DomainController].[MyPublicDomain] are listed in the
> Certificates for
> | > | > > Trusted Root Certification Authorities. (All this as logged in as
> | > | > > domain administrator).
> | > | > >
> | > | > > I have pasted the help and Support link text at the end of this
> but
> | > | > > nothing seemed to be much help there (I was not able to get the
> | > | > > Win2000 netdiag tool to run.)
> | > | > >
> | > | > > I have also pasted part of the client machine logfile for userenv
> at
> | > | > > the end.
> | > | > >
> | > | > > Any ideas on where else to troubleshoot?
> | > | > >
> | > | > > Steve
> | > | > <snip>
> | > | >
> | > | > Just a sanity check - is the *only* DNS server you have on the
> client,
> | > the
> | > | > LAN IP address of your SBS server?
> | > | >
> | > | > If not, make it so. If so, if you run
> | > | >
> | > | > gpresult
> | > | >
> | > | > from a command line, what do you see?
> | > | > If you try
> | > | >
> | > | > gpupdate /force
> | > | >
> | > | > does it help?
> | > | >
> | > | >
> | > | >
> | > | This is the result of 'gpresult', 'gpupdate /force', and 'gpresult'.
> The
> | > | behavior has not changed. (It looks like I need to do some research
> and
> | > | maybe a follow up post on GP :>)
> | > | C:\Documents and Settings\administrator.MYDOMAIN>gpresult
> | > |
> | > | Microsoft (R) Windows (R) XP Operating System Group Policy Result
> tool
> | > v2.0
> | > | Copyright (C) Microsoft Corp. 1981-2001
> | > |
> | > | Created On 8/14/2005 at 8:08:20 PM
> | > |
> | > |
> | > | RSOP results for MYDOMAIN\administrator on MUSIC1 : Logging Mode
> | > |
.
- Follow-Ups:
- Re: Error binding to local domain
- From: "Charles Yang [MSFT]"
- Re: Error binding to local domain
- References:
- Error binding to local domain
- From: Steve Larson
- Re: Error binding to local domain
- From: Lanwench [MVP - Exchange]
- Re: Error binding to local domain
- From: Steve Larson
- Re: Error binding to local domain
- From: "Charles Yang [MSFT]"
- Re: Error binding to local domain
- From: Steve Larson
- Re: Error binding to local domain
- From: "Charles Yang [MSFT]"
- Error binding to local domain
- Prev by Date: RE: Forwarding mail on exchange
- Next by Date: Re: GFI Fax Maker
- Previous by thread: Re: Error binding to local domain
- Next by thread: Re: Error binding to local domain
- Index(es):
Relevant Pages
|
