RE: LDAP Test error unable to authenticate user

Hello Customer,

Thank you for kind update.

Yes, you are right, some 3rd-party software or virus on the client computer
may try to access the server in the background. Therefore:

1. Install antivirus software on the client and do full scan

2. Do clean boot on the client to narrow down this issue:

To clean boot the problematic computer, please use the steps below:
a. Click Start, click Run, and then in the Open box, type "MSCONFIG"
(without the quotation marks). Click OK.

b. In the System Configuration Utility (MSConfig) window, click to select
the Selective Startup button.

c. Click to clear the check mark from the "Load startup items" below
Selective Startup.

d. Click the Services tab, click to check the "Hide All Microsoft Services"
box, and remove all the check marks from the remained Non-Microsoft
Services.

e. Click OK to close the MSConfig window. Click Yes when you are asked to
restart your computer in order to enable the changes.

f. After restarting, please check whether this issue will reoccur.

g. If there are no more problems, please use the above steps to enable
services and startup items one by one in order to figure out the root cause
of this issue.

If we cannot resolve the issue after we perform the above steps, please
kindly help me collect some information for further investigation:

1. Logon the user to another computer, do you get the same issue?

2. logon this computer with another user, do you get the same issue?

Hope these steps will give you some help.

Thanks and have a nice day!

Best regards,

Terence Liu(MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
| Thread-Topic: LDAP Test error unable to authenticate user
| thread-index: AcfD3yd8lKZ5wIQVSBusYONKlGusAA==
| X-WBNR-Posting-Host: 207.46.19.168
| From: =?Utf-8?B?SVQgTmVvcGh5dGU=?= <ITNeophyte@xxxxxxxxxxxxxxxxxxxxxxxxx>
| References: <63762C39-E916-4DEC-82FA-14B34C24FC48@xxxxxxxxxxxxx>
<wNeBSv3wHHA.5204@xxxxxxxxxxxxxxxxxxxxxx>
| Subject: RE: LDAP Test error unable to authenticate user
| Date: Wed, 11 Jul 2007 10:16:01 -0700
| Lines: 317
| Message-ID: <17F353B9-0E2E-4EEA-BF82-9FCB6AEE3DEB@xxxxxxxxxxxxx>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2826
| Newsgroups: microsoft.public.windows.server.sbs
| Path: TK2MSFTNGHUB02.phx.gbl
| Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:49794
| NNTP-Posting-Host: tk2msftsbfm01.phx.gbl 10.40.244.148
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| Terence,
| Thank you for your reply. I didn't explained my self entirely clear. The
| user CAN logon into the SBS and utilize all the services. The problem is
| while he and only that user in that particular client computer is loged
on I
| received security event error 529.
| I'm concern because it happens randomly about 40 times a day. I thought
it
| could be a software running in the background for that user is trying to
| access the server but I haven't being able to find the cause.
|
| I'm going to try Rejoining the domain and make sure the DC are configured
| right.
|
| Thank you,
|
| NEO
| "Terence Liu [MSFT]" wrote:
|
| > Hello Customer,
| >
| > Thank you for posting here.
| >
| > According to your description, I understand that you cannot logon one
| > particular SBS domain user account on one particular client computer
and
| > get event error 529. If I have misunderstood the problem, please don't
| > hesitate to let me know.
| >
| > I. The issue can also occur if the server was mis-configured with
network
| > connections. I suggest you check you configurations by referring to the
| > following KB article:
| >
| > 825763 How to configure Internet access in Windows Small Business
Server
| > 2003
| > http://support.microsoft.com/?id=825763
| >
| > II. Since the issue happen only on one client computer, please try to
make
| > it disjoin domain and rejoin domain to test this issue:
| >
| > 1. Disjoin domain: Right click My Computer->Properties->Computer Name
| > tab->Change button->Select Workgroup->click OK twice and reboot it.
| >
| > 2. Delete the computer account from SBS domain: SBS->Server Management
| > console->Client Computers, delete the computer account.
| >
| > 3. Rejoin domain thru connectcomputer wizard on client.
| >
| > 4. Test this issue.
| >
| > III. This issue can occur if the security policies for the DC are
| > mis-configured. To resolve the issue, we need to restore the policies
from
| > the securedc.inf security template. To do so:
| >
| > 1. Click Start->Administrative Tools->Domain Controller Security Policy.
| >
| > 2. In the Default Domain Controller Security Settings window, right
click
| > on the Security Settings node and choose Import Policy.
| >
| > 3. Choose the securedc.inf item and click Open.
| >
| > 4. Close the window.
| >
| > 5. At a command prompt (cmd.exe), run the following command:
| >
| > gpupdate /force
| >
| > 6. Run netdiag again and check if the issue disappears.
| >
| > For more information regarding the security template, see:
| >
| > 816585 HOW TO: Apply Predefined Security Templates in Windows Server
2003
| > http://support.microsoft.com/?id=816585
| >
| > IV. This behavior can happen when the machine password is not properly
sync.
| >
| > In order to reset the machine account password of a domain controller
use:
| >
| > NETDOM RESETPWD /Server:ServerName /UsedD:Administrator /PasswordD:*
| >
| > The syntax of this command is:
| > NETDOM RESETPWD /Server:domain-controller /UserD:user
/PasswordD:[password
| > | *]
| >
| > NETDOM RESETPWD Resets the machine account password for the domain
| > controller
| > on which this command is run. Currently there is no support for
resetting
| > the machine password of a remote machine or a member server. All
parameters
| > must be specified.
| >
| > /Server Name of a specific domain controller that should have
its
| > machine account password reset.
| >
| > /UserD User account used to make the connection with the domain
| > controller specified by the /Server argument.
| >
| > /PasswordD Password of the user account specified with /UserD. A
*
| > means
| > to prompt for the password
| >
| > After completing the command, reboot the server.
| >
| > If we cannot resolve the issue after we perform the above steps, please
| > kindly help me collect some information for further investigation:
| >
| > 1. Does this issue happen on other client computers?
| >
| > 2. Does this issue happen on other user account?
| >
| > 3. Gather MPS network report on client and SBS:
| >
| > a. Download MPSrepot_network from
| >
http://download.microsoft.com/download/b/b/1/bb139fcb-4aac-4fe5-a579-30b0bd9
| > 15706/MPSRPT_NETWORK.EXE
| >
| > b. Run MPSRPT_NETWORK.exe on the server box.
| >
| > c. The tool will automatically collect the information. This procedure
will
| > take 10~15 minutes.
| >
| > d. Open Windows Explorer, navigate to the folder:
| > %SystemRoot%\MPSReports\Network\Reports\Cab\
| >
| > e. Send the .cab file directly to me at v-terliu@xxxxxxxxxxxxx
| >
| > Hope these steps will give you some help.
| >
| > Thanks and have a nice day!
| >
| > Best regards,
| >
| > Terence Liu(MSFT)
| >
| > Microsoft CSS Online Newsgroup Support
| >
| > Get Secure! - www.microsoft.com/security
| >
| > =====================================================
| > This newsgroup only focuses on SBS technical issues. If you have issues
| > regarding other Microsoft products, you'd better post in the
corresponding
| > newsgroups so that they can be resolved in an efficient and timely
manner.
| > You can locate the newsgroup here:
| > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| >
| > When opening a new thread via the web interface, we recommend you check
the
| > "Notify me of replies" box to receive e-mail notifications when there
are
| > any updates in your thread. When responding to posts via your
newsreader,
| > please "Reply to Group" so that others may learn and benefit from your
| > issue.
| >
| > Microsoft engineers can only focus on one issue per thread. Although we
| > provide other information for your reference, we recommend you post
| > different incidents in different threads to keep the thread clean. In
doing
| > so, it will ensure your issues are resolved in a timely manner.
| >
| > For urgent issues, you may want to contact Microsoft CSS directly.
Please
| > check http://support.microsoft.com for regional support phone numbers.
| >
| > Any input or comments in this thread are highly appreciated.
| > =====================================================
| >
| > This posting is provided "AS IS" with no warranties, and confers no
rights.
| >
| > --------------------
| > | Thread-Topic: LDAP Test error unable to authenticate user
| > | thread-index: AcfDPalR8ktWwmdSQJimX/VOtqhksA==
| > | X-WBNR-Posting-Host: 207.46.19.168
| > | From: =?Utf-8?B?SVQgTmVvcGh5dGU=?=
<ITNeophyte@xxxxxxxxxxxxxxxxxxxxxxxxx>
| > | Subject: LDAP Test error unable to authenticate user
| > | Date: Tue, 10 Jul 2007 15:00:00 -0700
| > | Lines: 150
| > | Message-ID: <63762C39-E916-4DEC-82FA-14B34C24FC48@xxxxxxxxxxxxx>
| > | MIME-Version: 1.0
| > | Content-Type: text/plain;
| > | charset="Utf-8"
| > | Content-Transfer-Encoding: 7bit
| > | X-Newsreader: Microsoft CDO for Windows 2000
| > | Content-Class: urn:content-classes:message
| > | Importance: normal
| > | Priority: normal
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2826
| > | Newsgroups: microsoft.public.windows.server.sbs
| > | Path: TK2MSFTNGHUB02.phx.gbl
| > | Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:49578
| > | NNTP-Posting-Host: tk2msftsbfm01.phx.gbl 10.40.244.148
| > | X-Tomcat-NG: microsoft.public.windows.server.sbs
| > |
| > | I've being trying to resove this issue since last week.
| > | One computer when it logs under one particular user generates error
event
| > ID
| > | 529 through the day and night if stays logged.
| > | Using Netdiag two test failed DC & LDAP Test. I'm guessing something
in
| > the
| > | background is running and trying to access the Network but I just
can't
| > | figure out what is it. If anybody has any imput I'll apreciate it.
Here
| > is
| > | the debug log on the 2 failed test (thanks):
| > |
| > | DC list test . . . . . . . . . . . : Failed
| > | You don't have access to DsBind to crestwoodsbs (192.168.16.2).
| > | [ERROR_ACCESS_DENIED]
| > | List of DCs in Domain 'CRESTWOODINC':
| > | crestwoodsbs.CrestwoodInc.local
| > |
| > |
| > | Trust relationship test. . . . . . : Passed
| > | Test to ensure DomainSid of domain 'CRESTWOODINC' is correct.
| > | [WARNING] Don't have access to test your domain sid for domain
| > | 'CRESTWOODINC'.
| > | [Test skipped]
| > | Secure channel for domain 'CRESTWOODINC' is to
| > | '\\crestwoodsbs.CrestwoodInc.local'.
| > | Secure channel for domain 'CRESTWOODINC' was successfully set to
DC
| > | '\\crestwoodsbs.CrestwoodInc.local'.
| > |
| > |
| > | Kerberos test. . . . . . . . . . . : Passed
| > | Cached Tickets:
| > | Server: krbtgt/CRESTWOODINC.LOCAL
| > | End Time: 7/6/2007 23:13:26
| > | Renew Time: 7/13/2007 13:13:26
| > | Server: cifs/OFFICEMGR
| > | End Time: 7/6/2007 23:13:26
| > | Renew Time: 7/13/2007 13:13:26
| > | Server: cifs/LISAPC.CrestwoodInc.local
| > | End Time: 7/6/2007 23:13:26
| > | Renew Time: 7/13/2007 13:13:26
| > | Server: cifs/CONTROLLER.CrestwoodInc.local
| > | End Time: 7/6/2007 23:13:26
| > | Renew Time: 7/13/2007 13:13:26
| > | Server: host/aaron.crestwoodinc.local
| > | End Time: 7/6/2007 23:13:26
| > | Renew Time: 7/13/2007 13:13:26
| > |
| > |
| > | LDAP test. . . . . . . . . . . . . : Failed
| > |
| > | Do un-authenticated LDAP call to
'crestwoodsbs.CrestwoodInc.local'.
| > | Found 1 entries:
| > | Attr: currentTime
| > | Val: 17 20070706215710.0Z
| > | Attr: subschemaSubentry
| > | Val: 64
| > | CN=Aggregate,CN=Schema,CN=Configuration,DC=CrestwoodInc,DC=local
| > | Attr: dsServiceName
| > | Val: 121 CN=NTDS
| > |
| >
Settings,CN=CRESTWOODSBS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=C
| > onfiguration,DC=CrestwoodInc,DC=local
| > | Attr: namingContexts
| > | Val: 24 DC=CrestwoodInc,DC=local
| > | Val: 41 CN=Configuration,DC=CrestwoodInc,DC=local
| > | Val: 51
CN=Schema,CN=Configuration,DC=CrestwoodInc,DC=local
| > | Val: 42 DC=DomainDnsZones,DC=CrestwoodInc,DC=local
| > | Val: 42 DC=ForestDnsZones,DC=CrestwoodInc,DC=local
| > | Attr: defaultNamingContext
| > | Val: 24 DC=CrestwoodInc,DC=local
| > | Attr: schemaNamingContext
| > | Val: 51
CN=Schema,CN=Configuration,DC=CrestwoodInc,DC=local
| > | Attr: configurationNamingContext
| > | Val: 41 CN=Configuration,DC=CrestwoodInc,DC=local
| > | Attr: rootDomainNamingContext
| > | Val: 24 DC=CrestwoodInc,DC=local
| > | Attr: supportedControl
| > | Val: 22 1.2.840.113556.1.4.319
| > | Val: 22 1.2.840.113556.1.4.801
| > | Val: 22 1.2.840.113556.1.4.473
| > | Val: 22 1.2.840.113556.1.4.528
| > | Val: 22 1.2.840.113556.1.4.417
| > | Val: 22 1.2.840.113556.1.4.619
| > | Val: 22 1.2.840.113556.1.4.841
| > | Val: 22 1.2.840.113556.1.4.529
| > | Val: 22 1.2.840.113556.1.4.805
| > | Val: 22 1.2.840.113556.1.4.521
| > | Val: 22 1.2.840.113556.1.4.970
| > | Val: 23 1.2.840.113556.1.4.1338
| > | Val: 22 1.2.840.113556.1.4.474
| > | Val: 23 1.2.840.113556.1.4.1339
| > | Val: 23 1.2.840.113556.1.4.1340
| > | Val: 23 1.2.840.113556.1.4.1413
| > | Val: 23 2.16.840.1.113730.3.4.9
| > | Val: 24 2.16.840.1.113730.3.4.10
| > | Val: 23 1.2.840.113556.1.4.1504
| > | Val: 23 1.2.840.113556.1.4.1852
| > | Val: 22 1.2.840.113556.1.4.802
| > | Val: 23 1.2.840.113556.1.4.1907
| > | Attr: supportedLDAPVersion
| > | Val: 1 3
| > | Val: 1 2
| > | Attr: supportedLDAPPolicies
| > | Val: 14 MaxPoolThreads
| > | Val: 15 MaxDatagramRecv
| > | Val: 16 MaxReceiveBuffer
| > | Val: 15 InitRecvTimeout
| > | Val: 14 MaxConnections
| > | Val: 15 MaxConnIdleTime
| > | Val: 11 MaxPageSize
| > | Val: 16 MaxQueryDuration
| > | Val: 16 MaxTempTableSize
| > | Val: 16 MaxResultSetSize
| > | Val: 22 MaxNotificationPerConn
| > | Val: 11 MaxValRange
| > | Attr: highestCommittedUSN
| > | Val: 6 352379
| > | Attr: supportedSASLMechanisms
| > | Val: 6 GSSAPI
| > | Val: 10 GSS-SPNEGO
| > | Val: 8 EXTERNAL
| > | Val: 10 DIGEST-MD5
| > | Attr: dnsHostName
| > | Val: 31 crestwoodsbs.CrestwoodInc.local
| > | Attr: ldapServiceName
| > | Val: 51
CrestwoodInc.local:crestwoodsbs$@CRESTWOODINC.LOCAL
| > | Attr: serverName
| > | Val: 104
| > |
| >
CN=CRESTWOODSBS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configurat
| > ion,DC=CrestwoodInc,DC=local
| > | Attr: supportedCapabilities
| > | Val: 22 1.2.840.113556.1.4.800
|

.