[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Logon Domain Problems

Posted on 2006-06-05
31
Medium Priority
?
772 Views
Last Modified: 2012-05-05
When I try to connect to active directory I get the following error:

Active Directory
Naming information cannot be located because:
The logon attempt failed.
Contact your system administrator to verify that your domain is properly configured and is currently online.

None of my users can connect to the file server right now because of this.  It looks like the server was hacked over the weekend.  What do I need to do to get active directory working again.
0
Comment
Question by:blaze2342
  • 14
  • 12
  • 4
  • +1
31 Comments
 
LVL 1

Author Comment

by:blaze2342
ID: 16832521
This is on the domain controller.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16832530
Hi blaze2342,

are you able to log on the actual domain controller itself?

run dcdiag for me if you can
0
 
LVL 1

Author Comment

by:blaze2342
ID: 16832545
I havent used that utility.. how do I run that
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 1

Author Comment

by:blaze2342
ID: 16832553
this is a win2k dc
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16832564
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16832567
Do you have just the one DC? Have you rebooted this box?
Can you ping the DC OK?
Can you get to the DC console and logon OK as administrator?
Anything in the event logs?
0
 
LVL 1

Author Comment

by:blaze2342
ID: 16832605
I can ping the domain
I can logon to the box
This is the only domain controller
Event log:
Netlogon: The computer COMPID1049 tried to connect to the server \\CARTMAN using the trust relationship established by the EI domain. However, the computer lost the correct security identifier (SID) when the domain was reconfigured. Reestablish the trust relationship.

0
 
LVL 1

Author Comment

by:blaze2342
ID: 16832610
Userenv: Windows cannot query for the list of Group Policy objects . A message that describes the reason for this was previously logged by this policy engine
0
 
LVL 1

Author Comment

by:blaze2342
ID: 16832618
Userenv: Windows cannot establish a connection to rdu.ei1.com with (0).
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16832638
Does the servername and the computer name relate to your own systems? ie Are they valid on your network? If not, then yes, it sounds like you have been hacked.

0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16832648
nasty, i wonder if you are able to dcpromo the server out and then backup again - just not sure the extent of the damage
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16832668
What are you still doing up?
0
 
LVL 1

Author Comment

by:blaze2342
ID: 16832672
From DCDiag

Domain Controller Diagnosis

Performing initial setup:
   [cartman] LDAP bind failed with error 1323,
   Unable to update the password. The value provided as the current password is
incorrect..
   ***Error: The machine could not attach to the DC because the credentials
   were incorrect.  Check your credentials or specify credentials with
   /u:<domain>\<user> & /p:[<password>|*|""]
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16832673
Need to be careful here. If this is the only DC and its dcpromo'd down and backup, it will come up with new SID's.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16832684
Blaze, when was the last full system backup taken, including system state?
0
 
LVL 1

Author Comment

by:blaze2342
ID: 16832784
not sure
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16832957
Ah, I can spot a potential pitfall on the horizon looming up here.

The obvious solution here would be to perform a restore which would get you back to the state before the week end (just do a system state restore, not the data).

If you don't have a backup or at least one that is remotely current, then you may have a problem here.

The fact that you can logon to the box as administrator is encouraging as the 1323 error message suggests that the active directory did not like the credentials that it was passed.


http://support.microsoft.com/default.aspx?scid=kb;en-us;842715

0
 
LVL 1

Author Comment

by:blaze2342
ID: 16832993
Looks like I have a problem.. woo hoo
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16833046
Cripes....

Have you got a spare work station? If so, try and add it to the domain. If not, pick a PC that has little installed. Remove it from the domain into a workgroup and reboot it. When it comes up, change the PC name to something else. It may want a reboot again. Onvce it is back up, re-add it to the domain. log in as the user. Does it start operating as it should?
Lets establish if the domain is actually operating OK.

0
 
LVL 1

Author Comment

by:blaze2342
ID: 16833050
Yea the interesting thing is that we can log onto the console and even on to machines attached to the domain but once we log on we can't access any of the server shares.  On the console we can't access shares or the active directory snapin.
0
 
LVL 1

Author Comment

by:blaze2342
ID: 16833057
ok i'll try it real quick
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16833059
What do you get if you try?
0
 
LVL 1

Author Comment

by:blaze2342
ID: 16833081
I can't join it to the domain.. says user has not been granted the logon type to join to the domain.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16833137
OH. So yes, the AD is in real trouble.
Are you sure there are no other messages in any of the event logs?

Have you downloaded and installed the windows 2000 resource kit and the windows 2000 admin kit?

What message do you get when you try and access a share?
0
 
LVL 1

Author Comment

by:blaze2342
ID: 16833221
I've downloaded some of the tools throughout my troubleshooting..

When I access a share it says the user has not been granted the requested logon type at this computer.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16833273
It is an issue with the security policy, thats for sure but is likely going to be just a symptom rather than the root cause. Think James may be right; you may well be looking at a dcpromo down and back up again to install a clean Active Directory. This will require each user and machine re-adding again as well as all the other 101 things that will need doing.

in addition, I would seriously check your security regime for the future (including backups).
0
 
LVL 1

Author Comment

by:blaze2342
ID: 16833375
We reset the group policy using a utility and were able to get the active directory running again.  As for security it appears they got in through a vulnerability in VNC.  As for backups what do you recommend?  System State as often as possible?
0
 
LVL 13

Expert Comment

by:Kini pradeep
ID: 16833395
this error occurs when the Senetworklogon rights have bee removed from the default domain controllers policy.
seems like the logonlocally have not been removed.
there is a gpttmpl.ini file in the sysvol 6AC or 31B.
i have seen a similar instance.
what you can do is login locally and check this file in notepad.

**************************************************************************************
Contents of the default GptTmpl.inf

[Unicode]
Unicode=yes
[Event Audit]
AuditSystemEvents = 0
AuditLogonEvents = 0
AuditObjectAccess = 0
AuditPrivilegeUse = 0
AuditPolicyChange = 0
AuditAccountManage = 0
AuditProcessTracking = 0
AuditDSAccess = 0
AuditAccountLogon = 0
[Privilege Rights]
SeAssignPrimaryTokenPrivilege =
SeAuditPrivilege =
SeBackupPrivilege = *S-1-5-32-549,*S-1-5-32-551,*S-1-5-32-544
SeBatchLogonRight =
SeChangeNotifyPrivilege = *S-1-5-11,*S-1-5-32-544,*S-1-1-0
SeCreatePagefilePrivilege = *S-1-5-32-544
SeCreatePermanentPrivilege =
SeCreateTokenPrivilege =
SeDebugPrivilege = *S-1-5-32-544
SeIncreaseBasePriorityPrivilege = *S-1-5-32-544
SeIncreaseQuotaPrivilege = *S-1-5-32-544
SeInteractiveLogonRight =
*S-1-5-32-550,*S-1-5-32-549,*S-1-5-32-548,*S-1-5-32-551,*S-1-5-32-544,TsInternetUser

SeLoadDriverPrivilege = *S-1-5-32-544
SeLockMemoryPrivilege =
SeMachineAccountPrivilege = *S-1-5-11
SeNetworkLogonRight = *S-1-5-11,*S-1-5-32-544,*S-1-1-0 (this is access this comp from network policy)
SeProfileSingleProcessPrivilege = *S-1-5-32-544
SeRemoteShutdownPrivilege = *S-1-5-32-549,*S-1-5-32-544
SeRestorePrivilege = *S-1-5-32-549,*S-1-5-32-551,*S-1-5-32-544
SeSecurityPrivilege = *S-1-5-32-544
SeServiceLogonRight =
SeShutdownPrivilege =
*S-1-5-32-550,*S-1-5-32-549,*S-1-5-32-548,*S-1-5-32-551,*S-1-5-32-544
SeSystemEnvironmentPrivilege = *S-1-5-32-544
SeSystemProfilePrivilege = *S-1-5-32-544
SeSystemTimePrivilege = *S-1-5-32-549,*S-1-5-32-544
SeTakeOwnershipPrivilege = *S-1-5-32-544
SeTcbPrivilege =
SeDenyInteractiveLogonRight =
SeDenyBatchLogonRight =
SeDenyServiceLogonRight =
SeDenyNetworkLogonRight =
SeUndockPrivilege = *S-1-5-32-544
SeSyncAgentPrivilege =
SeEnableDelegationPrivilege = *S-1-5-32-544
[Version]
signature="$CHICAGO$"
Revision=1
[Registry Values]
MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\EnableSecuritySign
ature=4,1


This is how the file looks, compare SID and incase missing replace it. when replacing the SID remember to stop the FRS service.
or incase no encryption or PKI is used you could always run recreatedefpol, which is going to recreate the Default policies.

thanks,
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 2000 total points
ID: 16834017
Nice move Sherlock :)

As for backups, a full system backup (data & system state) every weekend and differentials each week night.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16837167
Thanks :)
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16838519
nice work :) just got into the office  missed lots!
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes you might need to configure routing based not only on destination IP address, but also on a combination of destination IP address (or hostname) and destination port number. I will describe a method how to accomplish this with free tools. …
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
As many of you are aware about Scanpst.exe utility which is owned by Microsoft itself to repair inaccessible or damaged PST files, but the question is do you really think Scanpst.exe is capable to repair all sorts of PST related corruption issues?

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question