When you click on the network status icon in the notification area on the taskbar it says: "ddt.edu 2 (Unauthenticated)" and therefore, group policies are not applied to workstations.
I have two Windows 2016 Standard Servers (Version 1607) and 50 Windows 10 Education (Version 1709) workstations. All workstations and servers are x64. It was all working fine except SYSVOL was not replicating. We tried to fix the replication issue by doing an authoritative restore. Afterwards all workstations have Authentication issues. I have not found anything of help on the Internet. Most of the similar authentication problems I’ve found are just for some workstations on the network, not all of them. I have been banging my head against this one for a week. Help!
Workstations can still access shares on server with no problem.
We are in a secure environment with no internet access.
I can ping successfully using either name or IP so DNS and DHCP seem to work fine.
Connectivity under view you network properties says "Connected to unknown network" on workstations.
Tried removing workstation from domain then joining it back to domain. Did not get any error messages but after rebooting problem still persists.
Also tried creating a new user, connecting a new computer who’s name had never been used before, joining it to the domain and logging in to the network with the new user name. Didn’t help.
The primary domain controller/global catalog is called SERVER01
I demoted the second domain controller called SERVER02. Didn't help.
Group policies are not applied. Gpupdate /force returns:
Computer policy could not be updated successfully. The following errors were encountered:
The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has successfully processed. If you do not see a success message for several hours, then contact your administrator.
User Policy could not be updated successfully. The following errors were encountered:
The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller. (LDAP Bind function call failed). Look in the details tab for error code and description.
When I run repadmin /showreps I get:
LDAP error 81 (Server Down) Win32 Err 58
Ran nltest /sc_query:server01.ddt.edu
I_NetLogonControl failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN
Ran Netdom reset EllisZ01 /Domain:ddt.edu /Server:Server01
Succeeds but does't help
Ran netdom resetpwd /server:server01.ddt.edu /UserD:MyUserName /PasswordD:*
Password resets successfully but doesn’t help.
Ran dcdiag /s:server01 and all tests passed except SystemLog which returned multiple Eventid: 0X0000272C errors and one Eventid: 0x800000003 error:
An error event occurred. EventID: 0x0000272C
Time Generated: 02/13/2019 07:29:13
Event String:
DCOM was unable to communicate with the computer SERVER02.ddt.edu using any of the configured protocols; requested by PID 2ab0 (C:\Windows\system32\ServerManager.exe).
An error event occurred. EventID: 0x80000003
Time Generated: 02/13/2019 07:29:40
Event String: A Kerberos error message was received:
An error event occurred. EventID: 0x0000272C
Time Generated: 02/13/2019 07:39:13
Event String:
DCOM was unable to communicate with the computer SERVER02.ddt.edu using any of the configured protocols; requested by PID 2ab0 (C:\Windows\system32\ServerManager.exe).
Group Policy fails with the following message in the event log of the workstation.
Log Name: System
Source: Microsoft-Windows-GroupPolicy
Date: 2/7/2019 8:55:35 AM
Event ID: 1006
Task Category: None
Level: Error
Keywords:
User: DDT\EllisR
Computer: EllisZ01.ddt.edu
Description:
The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller. (LDAP Bind function call failed). Look in the details tab for error code and description.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-GroupPolicy" Guid="{AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}" />
<EventID>1006</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>1</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2019-02-07T14:55:35.994342700Z" />
<EventRecordID>54940</EventRecordID>
<Correlation ActivityID="{E8639B9C-06D8-49E8-8A85-39C7D6993B6A}" />
<Execution ProcessID="6212" ThreadID="9680" />
<Channel>System</Channel>
<Computer>EllisZ01.ddt.edu</Computer>
<Security UserID="S-1-5-21-2772296466-3582803739-2678735995-1107" />
</System>
<EventData>
<Data Name="SupportInfo1">1</Data>
<Data Name="SupportInfo2">6154</Data>
<Data Name="ProcessingMode">0</Data>
<Data Name="ProcessingTimeInMilliseconds">890</Data>
<Data Name="ErrorCode">49</Data>
<Data Name="ErrorDescription">Invalid Credentials</Data>
<Data Name="DCName">
</Data>
</EventData>
</Event>
The following audit failure is in server event log. There are multiple entries with different client port numbers.
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 2/7/2019 1:35:55 PM
Event ID: 4771
Task Category: Kerberos Authentication Service
Level: Information
Keywords: Audit Failure
User: N/A
Computer: Server01.ddt.edu
Description:
Kerberos pre-authentication failed.
Account Information:
Security ID: DDT\ELLISZ01$
Account Name: ELLISZ01$
Service Information:
Service Name: krbtgt/ddt.edu
Network Information:
Client Address: ::ffff:111.111.111.12
Client Port: 49878
Additional Information:
Ticket Options: 0x40810010
Failure Code: 0x18
Pre-Authentication Type: 2
Certificate Information:
Certificate Issuer Name:
Certificate Serial Number:
Certificate Thumbprint:
Certificate information is only provided if a certificate was used for pre-authentication.
Pre-authentication types, ticket options and failure codes are defined in RFC 4120.
If the ticket was malformed or damaged during transit and could not be decrypted, then many fields in this event might not be present.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
<EventID>4771</EventID>
<Version>0</Version>
<Level>0</Level>
<Task>14339</Task>
<Opcode>0</Opcode>
<Keywords>0x8010000000000000</Keywords>
<TimeCreated SystemTime="2019-02-07T19:35:55.282935600Z" />
<EventRecordID>23631687</EventRecordID>
<Correlation />
<Execution ProcessID="720" ThreadID="2184" />
<Channel>Security</Channel>
<Computer>Server01.ddt.edu</Computer>
<Security />
</System>
<EventData>
<Data Name="TargetUserName">ELLISZ01$</Data>
<Data Name="TargetSid">S-1-5-21-2772296466-3582803739-2678735995-6605</Data>
<Data Name="ServiceName">krbtgt/ddt.edu</Data>
<Data Name="TicketOptions">0x40810010</Data>
<Data Name="Status">0x18</Data>
<Data Name="PreAuthType">2</Data>
<Data Name="IpAddress">::ffff:111.111.111.12</Data>
<Data Name="IpPort">49878</Data>
<Data Name="CertIssuerName">
</Data>
<Data Name="CertSerialNumber">
</Data>
<Data Name="CertThumbprint">
</Data>
</EventData>
</Event>
The following is in the event log of the Domain controller Server01. There are many entries with different Account Names.
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 2/7/2019 1:21:04 PM
Event ID: 4625
Task Category: Logon
Level: Information
Keywords: Audit Failure
User: N/A
Computer: Server01.ddt.edu
Description:
An account failed to log on.
Subject:
Security ID: NULL SID
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Type: 3
Account For Which Logon Failed:
Security ID: NULL SID
Account Name: LARUEZ02$
Account Domain: DDT.EDU
Failure Information:
Failure Reason: The user has not been granted the requested logon type at this machine.
Status: 0xC000015B
Sub Status: 0x0
Process Information:
Caller Process ID: 0x0
Caller Process Name: -
Network Information:
Workstation Name:-
Source Network Address: 111.111.111.22
Source Port: 59243
Detailed Authentication Information:
Logon Process: Kerberos
Authentication Package: Kerberos
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
This event is generated when a logon request fails. It is generated on the computer where access was attempted.
.
.
.
Event Xml:
< Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
<EventID>4625</EventID>
<Version>0</Version>
<Level>0</Level>
<Task>12544</Task>
<Opcode>0</Opcode>
<Keywords>0x8010000000000000</Keywords>
<TimeCreated SystemTime="2019-02-07T19:21:04.284065900Z" />
<EventRecordID>23628647</EventRecordID>
<Correlation />
<Execution ProcessID="720" ThreadID="10656" />
<Channel>Security</Channel>
<Computer>Server01.ddt.edu</Computer>
<Security />
</System>
<EventData>
<Data Name="SubjectUserSid">S-1-0-0</Data>
<Data Name="SubjectUserName">-</Data>
<Data Name="SubjectDomainName">-</Data>
<Data Name="SubjectLogonId">0x0</Data>
<Data Name="TargetUserSid">S-1-0-0</Data>
<Data Name="TargetUserName">LARUEZ02$</Data>
<Data Name="TargetDomainName">DDT.EDU</Data>
<Data Name="Status">0xc000015b</Data>
<Data Name="FailureReason">%%2308</Data>
<Data Name="SubStatus">0x0</Data>
<Data Name="LogonType">3</Data>
<Data Name="LogonProcessName">Kerberos</Data>
<Data Name="AuthenticationPackageName">Kerberos</Data>
<Data Name="WorkstationName">-</Data>
<Data Name="TransmittedServices">-</Data>
<Data Name="LmPackageName">-</Data>
<Data Name="KeyLength">0</Data>
<Data Name="ProcessId">0x0</Data>
<Data Name="ProcessName">-</Data>
<Data Name="IpAddress">111.111.111.22</Data>
<Data Name="IpPort">59243</Data>
</EventData>
< /Event>
Also in server event log
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 2/7/2019 1:38:55 PM
Event ID: 4776
Task Category: Credential Validation
Level: Information
Keywords: Audit Failure
User: N/A
Computer: Server01.ddt.edu
Description:
The computer attempted to validate the credentials for an account.
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon Account: ELLISZ01$
Source Workstation: ELLISZ01
Error Code:0xC000006A
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
<EventID>4776</EventID>
<Version>0</Version>
<Level>0</Level>
<Task>14336</Task>
<Opcode>0</Opcode>
<Keywords>0x8010000000000000</Keywords>
<TimeCreated SystemTime="2019-02-07T19:38:55.434802400Z" />
<EventRecordID>23632339</EventRecordID>
<Correlation />
<Execution ProcessID="720" ThreadID="10656" />
<Channel>Security</Channel>
<Computer>Server01.ddt.edu</Computer>
<Security />
</System>
<EventData>
<Data Name="PackageName">MICROSOFT_AUTHENTICATION_PACKAGE_V1_0</Data>
<Data Name="TargetUserName">ELLISZ01$</Data>
<Data Name="Workstation">ELLISZ01</Data>
<Data Name="Status">0xc000006a</Data>
</EventData>
</Event>