When you click on the network status icon in the notification area on the taskbar it says: "ddt.edu 2 (Unauthenticated)" and therefore, group policies are not applied to workstations.

I have two Windows 2016 Standard Servers (Version 1607) and 50 Windows 10 Education (Version 1709) workstations. All workstations and servers are x64. It was all working fine except SYSVOL was not replicating. We tried to fix the replication issue by doing an authoritative restore. Afterwards all workstations have Authentication issues. I have not found anything of help on the Internet. Most of the similar authentication problems I’ve found are just for some workstations on the network, not all of them. I have been banging my head against this one for a week. Help!

Workstations can still access shares on server with no problem.

We are in a secure environment with no internet access.

I can ping successfully using either name or IP so DNS and DHCP seem to work fine.

Connectivity under view you network properties says "Connected to unknown network" on workstations.

Tried removing workstation from domain then joining it back to domain. Did not get any error messages but after rebooting problem still persists.

Also tried creating a new user, connecting a new computer who’s name had never been used before, joining it to the domain and logging in to the network with the new user name. Didn’t help.

The primary domain controller/global catalog is called SERVER01

I demoted the second domain controller called SERVER02. Didn't help.

Group policies are not applied. Gpupdate /force returns:

Computer policy could not be updated successfully. The following errors were encountered:

The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has successfully processed. If you do not see a success message for several hours, then contact your administrator.

User Policy could not be updated successfully. The following errors were encountered:

The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller. (LDAP Bind function call failed). Look in the details tab for error code and description.

When I run repadmin /showreps I get:

      LDAP error 81 (Server Down) Win32 Err 58

Ran nltest /sc_query:server01.ddt.edu

I_NetLogonControl failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN

Ran Netdom reset EllisZ01 /Domain:ddt.edu /Server:Server01

     Succeeds but does't help

Ran netdom resetpwd /server:server01.ddt.edu /UserD:MyUserName /PasswordD:*

      Password resets successfully but doesn’t help.

Ran dcdiag /s:server01 and all tests passed except SystemLog which returned multiple Eventid: 0X0000272C errors and one Eventid: 0x800000003 error:

An error event occurred.  EventID: 0x0000272C

           Time Generated: 02/13/2019   07:29:13

            Event String:

      DCOM was unable to communicate with the computer SERVER02.ddt.edu using any of the configured protocols; requested by PID    2ab0 (C:\Windows\system32\ServerManager.exe).

 An error event occurred. EventID: 0x80000003

           Time Generated: 02/13/2019   07:29:40

           Event String: A Kerberos error message was received:

        An error event occurred.  EventID: 0x0000272C

           Time Generated: 02/13/2019   07:39:13

           Event String:

           DCOM was unable to communicate with the computer SERVER02.ddt.edu using any of the configured protocols; requested by PID    2ab0 (C:\Windows\system32\ServerManager.exe).

Group Policy fails with the following message in the event log of the workstation.

Log Name:     System

Source:       Microsoft-Windows-GroupPolicy

Date:         2/7/2019 8:55:35 AM

Event ID:     1006

Task Category: None

Level:        Error

Keywords:     

User:         DDT\EllisR

Computer:     EllisZ01.ddt.edu

Description:

The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller. (LDAP Bind function call failed). Look in the details tab for error code and description.

Event Xml:

<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">

  <System>

    <Provider Name="Microsoft-Windows-GroupPolicy" Guid="{AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}" />

    <EventID>1006</EventID>

    <Version>0</Version>

    <Level>2</Level>

    <Task>0</Task>

    <Opcode>1</Opcode>

    <Keywords>0x8000000000000000</Keywords>

    <TimeCreated SystemTime="2019-02-07T14:55:35.994342700Z" />

    <EventRecordID>54940</EventRecordID>

    <Correlation ActivityID="{E8639B9C-06D8-49E8-8A85-39C7D6993B6A}" />

    <Execution ProcessID="6212" ThreadID="9680" />

    <Channel>System</Channel>

    <Computer>EllisZ01.ddt.edu</Computer>

    <Security UserID="S-1-5-21-2772296466-3582803739-2678735995-1107" />

  </System>

  <EventData>

    <Data Name="SupportInfo1">1</Data>

    <Data Name="SupportInfo2">6154</Data>

    <Data Name="ProcessingMode">0</Data>

    <Data Name="ProcessingTimeInMilliseconds">890</Data>

    <Data Name="ErrorCode">49</Data>

    <Data Name="ErrorDescription">Invalid Credentials</Data>

    <Data Name="DCName">

    </Data>

  </EventData>

</Event>

The following audit failure is in server event log. There are multiple entries with different client port numbers.

Log Name:     Security

Source:       Microsoft-Windows-Security-Auditing

Date:         2/7/2019 1:35:55 PM

Event ID:     4771

Task Category: Kerberos Authentication Service

Level:        Information

Keywords:     Audit Failure

User:         N/A

Computer:     Server01.ddt.edu

Description:

Kerberos pre-authentication failed.

Account Information:

      Security ID:           DDT\ELLISZ01$

      Account Name:          ELLISZ01$

Service Information:

      Service Name:          krbtgt/ddt.edu

Network Information:

      Client Address:        ::ffff:111.111.111.12

      Client Port:           49878

Additional Information:

      Ticket Options:        0x40810010

      Failure Code:          0x18

      Pre-Authentication Type:     2

Certificate Information:

      Certificate Issuer Name:          

      Certificate Serial Number:  

      Certificate Thumbprint:           

Certificate information is only provided if a certificate was used for pre-authentication.

Pre-authentication types, ticket options and failure codes are defined in RFC 4120.

If the ticket was malformed or damaged during transit and could not be decrypted, then many fields in this event might not be present.

Event Xml:

<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">

  <System>

    <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />

    <EventID>4771</EventID>

    <Version>0</Version>

    <Level>0</Level>

    <Task>14339</Task>

    <Opcode>0</Opcode>

    <Keywords>0x8010000000000000</Keywords>

    <TimeCreated SystemTime="2019-02-07T19:35:55.282935600Z" />

    <EventRecordID>23631687</EventRecordID>

    <Correlation />

    <Execution ProcessID="720" ThreadID="2184" />

    <Channel>Security</Channel>

    <Computer>Server01.ddt.edu</Computer>

    <Security />

  </System>

  <EventData>

    <Data Name="TargetUserName">ELLISZ01$</Data>

    <Data Name="TargetSid">S-1-5-21-2772296466-3582803739-2678735995-6605</Data>

    <Data Name="ServiceName">krbtgt/ddt.edu</Data>

    <Data Name="TicketOptions">0x40810010</Data>

    <Data Name="Status">0x18</Data>

    <Data Name="PreAuthType">2</Data>

    <Data Name="IpAddress">::ffff:111.111.111.12</Data>

    <Data Name="IpPort">49878</Data>

    <Data Name="CertIssuerName">

    </Data>

    <Data Name="CertSerialNumber">

    </Data>

    <Data Name="CertThumbprint">

    </Data>

  </EventData>

</Event>

The following is in the event log of the Domain controller Server01. There are many entries with different Account Names.

      Log Name:      Security

      Source:        Microsoft-Windows-Security-Auditing

      Date:          2/7/2019 1:21:04 PM

      Event ID:      4625

      Task Category: Logon

      Level:         Information

      Keywords:      Audit Failure

      User:          N/A

      Computer:      Server01.ddt.edu

      Description:

      An account failed to log on.

      Subject:

           Security ID:          NULL SID

           Account Name:          -

           Account Domain:        -

           Logon ID:         0x0

      Logon Type:            3

      Account For Which Logon Failed:

           Security ID:          NULL SID

            Account Name:         LARUEZ02$

           Account Domain:        DDT.EDU

      Failure Information:

           Failure Reason:        The user has not been granted the requested logon type at this machine.

           Status:                0xC000015B

           Sub Status:       0x0

      Process Information:

           Caller Process ID:     0x0

           Caller Process Name:   -

      Network Information:

           Workstation Name:-

           Source Network Address:      111.111.111.22

           Source Port:          59243

      Detailed Authentication Information:

           Logon Process:         Kerberos

           Authentication Package:      Kerberos

           Transited Services:    -

           Package Name (NTLM only):    -

           Key Length:       0

      This event is generated when a logon request fails. It is generated on the computer where access was attempted.

      .

      .

      .

      Event Xml:

      < Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">

        <System>

           <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />

           <EventID>4625</EventID>

           <Version>0</Version>

           <Level>0</Level>

           <Task>12544</Task>

           <Opcode>0</Opcode>

           <Keywords>0x8010000000000000</Keywords>

           <TimeCreated SystemTime="2019-02-07T19:21:04.284065900Z" />

           <EventRecordID>23628647</EventRecordID>

           <Correlation />

           <Execution ProcessID="720" ThreadID="10656" />

           <Channel>Security</Channel>

           <Computer>Server01.ddt.edu</Computer>

           <Security />

        </System>

        <EventData>

           <Data Name="SubjectUserSid">S-1-0-0</Data>

           <Data Name="SubjectUserName">-</Data>

           <Data Name="SubjectDomainName">-</Data>

           <Data Name="SubjectLogonId">0x0</Data>

           <Data Name="TargetUserSid">S-1-0-0</Data>

           <Data Name="TargetUserName">LARUEZ02$</Data>

           <Data Name="TargetDomainName">DDT.EDU</Data>

           <Data Name="Status">0xc000015b</Data>

           <Data Name="FailureReason">%%2308</Data>

           <Data Name="SubStatus">0x0</Data>

           <Data Name="LogonType">3</Data>

           <Data Name="LogonProcessName">Kerberos</Data>

           <Data Name="AuthenticationPackageName">Kerberos</Data>

           <Data Name="WorkstationName">-</Data>

           <Data Name="TransmittedServices">-</Data>

           <Data Name="LmPackageName">-</Data>

           <Data Name="KeyLength">0</Data>

           <Data Name="ProcessId">0x0</Data>

           <Data Name="ProcessName">-</Data>

           <Data Name="IpAddress">111.111.111.22</Data>

           <Data Name="IpPort">59243</Data>

        </EventData>

      < /Event>

Also in server event log

Log Name:     Security

Source:       Microsoft-Windows-Security-Auditing

Date:         2/7/2019 1:38:55 PM

Event ID:     4776

Task Category: Credential Validation

Level:        Information

Keywords:     Audit Failure

User:         N/A

Computer:     Server01.ddt.edu

Description:

The computer attempted to validate the credentials for an account.

Authentication Package:     MICROSOFT_AUTHENTICATION_PACKAGE_V1_0

Logon Account:   ELLISZ01$

Source Workstation:   ELLISZ01

Error Code:0xC000006A

Event Xml:

<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">

  <System>

    <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />

    <EventID>4776</EventID>

    <Version>0</Version>

    <Level>0</Level>

    <Task>14336</Task>

    <Opcode>0</Opcode>

    <Keywords>0x8010000000000000</Keywords>

    <TimeCreated SystemTime="2019-02-07T19:38:55.434802400Z" />

    <EventRecordID>23632339</EventRecordID>

    <Correlation />

    <Execution ProcessID="720" ThreadID="10656" />

    <Channel>Security</Channel>

    <Computer>Server01.ddt.edu</Computer>

    <Security />

  </System>

  <EventData>

    <Data Name="PackageName">MICROSOFT_AUTHENTICATION_PACKAGE_V1_0</Data>

    <Data Name="TargetUserName">ELLISZ01$</Data>

    <Data Name="Workstation">ELLISZ01</Data>

    <Data Name="Status">0xc000006a</Data>

  </EventData>

</Event>

Hello,

I've been trying to follow some posts out there that show how to setup and configure the SNMP feature in Windows server, however, the GPO alone never installs the service. I don;t know if I'm missing a step , or if it isn't possible to install the feature with a GPO.

I created a single GPO that creates a firewall rule to allow ICPMv4, and in the same GPO I have configured the settings for a typical snmp configuration.

I tried to follow this posts without editing the registry because I don't think it applies in my case:

https://glazenbakje.wordpress.com/2016/03/18/microsoft-snmp-settings-via-group-policy/

Is it possible that you can configure the settings in GPO but not actually install the feature? That would seem a little useless so I hope that's not the case. I could probably run a PS script from GPO if necessary.

Thanks

Hi 

I would like to restrict the range for the Dynamic ports for Ephemeral Dynamic Service Response Ports

TCP & UDP 49152-65535, 

Can I ask what range can I restrict it to?

Hello,

I have a client that got hit with a Crypto virus and I am trying to redo everything that wasn't included in backups. The domains sysvol and group policies, etc were encrypted to the point that I need to spin up a new one. My question is, what's the best way to rebuild with minimal downtime to the end users? Can I shut down the DC's and bring up the new with the same domain name or is it suggested to do a different name?  

hello weveryone,

We are in the process of cleaning up our network from previous administration who, in my opinion, was pretty reckless as far as managing. We are not sure what user/object is used to run a service. 

Basically, we have a couple of users/objects that have Domain Admin rights. We want to remove that right from the user but we don't know if it is tied to a particular service or not. I don't just want to remove the Domain Admin right from that user and then all hell breaks loose. 

How do we find out if a particular user is used for a service in our domain?

Team,

Is the anyway to encrypt the Domain Controllers BMR backup for more security. 

Thanks

AliahMurfy

HOW TO FIX Authorizing DHCP failed error 20079

Whenever I check in whois.domaintools.com for my website https://www.galatta.com/
I get the error: 500 Can t connect to www.www.galatta.com:443 (Bad hostname www.www.galatta.com)
and 
I continually receive an error message about a 'hosting issue' error in Google Adsense.
Any idea what's going on?

Thanks in advance

Hi There,

We have been facing strange problem with our Active Directory. We do have Server 2012 as an Active Directory. One of our admin has created a user with logon name 1483 (usually we do have employee ID as a logon name). Now we are not able to find that user in our Active Directory as well not able to create a new user with 1483 logon name. when we try to find user, it says doesn't exist. and when we try to create a new one, it says already exist. Below is the snap.

Request for your help on how we can sort out this issue.

Cheers,
Aerrow
Blog:pdhewaju.com.np
Please remember to mark the replies as answers.

Following the steps here to migrate AD CS to a new machine, but when I run the "certutil -catemplates" command I get a bunch of "access is denied" messages in the results. Anyone know why? I'm logged in as Domain Admin...

Shaun

Any impact for this raise ??? what does it actually mean/impact ?

extract from https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc754918(v=ws.10)

Hello,

We have two 2012 r2 windows servers on premises, and it is configured as DFSR replication servers.
The data that resides on the servers are autocad and sketchup files. Size ( autocad Average - 15MB, Sketchup Average - 100MB ).
The issue we are facing is.. the replication is slow and sometimes it is not reflected.
and sometimes when the saved file is accessed after couple of days or more, the changes are either not saved or the particular file is missing.
This happens particularly with the autocad files.

If anyone has faced similar issue and got it resolved, please share the solution.

Regard`s

Sudarshan.H.R

I'm trying to understand the output of this DFSR report. It's saying certain files can't be replicated in the root. When I look at the root of the folder and show hidden and system files I do not see the files listed in the report. Here is one example. I have another DFSR relationship that shows many more instances. Any ideas what causes this?

Dear Support, 

We have the Forest Trust between 2 domains on production environment. 
DC (Domain-A) can find the user account on DC (Domain-B) and vice versa. 
However, Member Server (Domain-A) cannot find the user (Domain-B) but Member Server (Domain-B) can find the user (Domain-A). 
Could you have idea for our situation?
Besides, could it have any impact when we click "Validate" button when there is the existing Forest Trust?


Reference:
Verify a trust
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc737447(v=ws.10)

Thanks!

Best Regards, 

Daniel

I have a couple of questions which I seek help from you:

1) When a user successfully gain access to an SP after a SAML AUTH with AD FS (IDP), does user's every interaction with SP need to check with IDP to ensure user account is still valid? If not, how does SP ensure that user's subsequent interactions are not coming after the user's account is terminated in IDP?

2) If I have to assume SP is keeping some SAML cookie to avoid user's subsequent interaction with SP does not result in a round trip call to IDP, what type of cookie is that? In SAML with AD FS, is the only option for SP to use a cookie?

3) I have a use case, which I don't know what to do with it. Let's say the user is successfully logged in and that user account gets terminated in IDP, what is the best way to remove a SAML session from IDP to block the user from interacting with SP after user's account is terminated.

I work in IT and we hand out loaner laptops to employees fairly frequently. Loading up the software specific to each user and transferring all the data every time (from laptop to loaner, and some times from loaner to new laptop) can be a lengthy process.

I was wondering if there was a way to maybe link a users local data files and installed software to Active Directory so that when they signed into to their account on the domain, it would auto load and install their items.

I don't know if there is any existing third party software that could do this or if there is a way to make it myself. Any and all help is appreciated 

(Was redirected here. Not sure if it is the right place)