Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

An LDAP client connection was closed because of an error.

Posted on 2008-06-13
4
Medium Priority
?
4,858 Views
Last Modified: 2010-04-21
Hello,

We have a fully updated SBS 2003 server which has a an ASP application on it.  It is a simple environment with the SBS server and 17 workstations on a single domain.   Everything has been working well for the past year, but recently my users have been having problems logging into the ASP application.  When they try to log into the application (using AD authentication), they will be denied access and told that they have an invalid username or password.  If they log out of their computer, they can successfully log into the workstation with their credentials, but still not be able to log into the application.  If the user waits until the next day, they can log into the application.  If we change the user's password, they can log into the application.  I have been investigating this issue and enabled logging of login and logoff events and LDAP events, too.  When the user cannot log into the application, the following appears in the Event Log:
---------------------------------------------------------------------------------
Event Type:      Warning
Event Source:      NTDS LDAP
Event Category:      LDAP Interface
Event ID:      1216
Date:            6/13/2008
Time:            11:54:41 AM
User:            N/A
Computer:      CCSERVER
Description:
Internal event: An LDAP client connection was closed because of an error.
 Client ID:
11968
 Additional Data
Error value:
995 The I/O operation has been aborted because of either a thread exit or an application request.
Internal ID:
c0602efEvent Type:      Information
Event Source:      NTDS LDAP
Event Category:      LDAP Interface
Event ID:      1535
Date:            6/13/2008
Time:            11:29:17 AM
User:            NT AUTHORITY\SYSTEM
Computer:      CCSERVER
Description:
Internal event: The LDAP server returned an error.
 
Additional Data
Error value:
0000208D: NameErr: DSID-031001CD, problem 2001 (NO_OBJECT), data 0, best match of:
      'CN=Dfs-Configuration,CN=System,DC=crossroadcounseling,DC=local'
------------------------------------------------------------------------------------------------



I ran dcdiag and kccevent failed:
-------------------------------------------------------------------------
      Starting test: kccevent
         * The KCC Event log test
         An Warning Event occured.  EventID: 0x800004C0
            Time Generated: 06/13/2008   12:38:42
            Event String: Internal event: An LDAP client connection was
closed because of an error.
Client ID:
12168
Additional Data
Error value:
995
The I/O operation has been aborted because of either a thread exit or an application request.
Internal ID:
c0602ef
         An Warning Event occured.  EventID: 0x800004C0
            Time Generated: 06/13/2008   12:40:43
            Event String: Internal event: An LDAP client connection was closed because of an error.
Client ID:
12145
Additional Data
Error value:
995
The I/O operation has been aborted because of either a thread exit or an application request.
Internal ID:
c0602ef
         An Warning Event occured.  EventID: 0x800004C0
            Time Generated: 06/13/2008   12:43:13
            Event String: Internal event: An LDAP client connection was closed because of an error.
Client ID:
11918
Additional Data
Error value:
995
The I/O operation has been aborted because of either a thread exit or an application request.
Internal ID:
c0602ef
         An Warning Event occured.  EventID: 0x800004C0
            Time Generated: 06/13/2008   12:44:43
            Event String: Internal event: An LDAP client connection was closed because of an error.
Client ID:
12076
Additional Data
Error value:
995
The I/O operation has been aborted because of either a thread exit or an application request.
Internal ID:
c0602ef
         ......................... CCSERVER failed test kccevent
-----------------------------------------------------------

I also ran repadmin and it reported the following error:

------------------------------------------------------------
Repadmin experienced the following error trying to resolve the DC_NAME: dc*
Error: An error occured:
    Win32 Error 8419(0x20e3): The DSA object could not be found.
-----------------------------------------------------------


Although I have gathered useful information, I have not been able to find any help online about resolving these issues.  I would really appreciate any suggestions.

Thank you,

Mike
0
Comment
Question by:mjgardne
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 2

Expert Comment

by:artisticsoul
ID: 21784010
Do you only have the one server? Is this server a domain controller? At first look this seems to be DNS related. Has anything changed in DNS?

0
 

Author Comment

by:mjgardne
ID: 21784423
Hi,

Yes, it is a very simple network setup with a single Microsoft Small Business Server 2003, which is acting as the DC and provides DNS, DHCP, SQL Server 2005, and IIS (as well as other) services.  Our web app is hosted on this server.  

I looked in the Event Log's DNS tab and did not see any curent DNS warnings or errors, but in mid April there was a series of errors over a seven minute period, but then DNS was happy again...  Here are the errors.  Hopefully they help...

Thanks,

Mike



---------------------------------
Event Type:      Error
Event Source:      DNS
Event Category:      None
Event ID:      4004
Date:            4/16/2008
Time:            1:07:08 PM
User:            N/A
Computer:      CCSERVER
Description:
The DNS server was unable to complete directory service enumeration of zone 16.168.192.in-addr.arpa.  This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it.  Check that the Active Directory is functioning properly and repeat enumeration of the zone. The extended error debug information (which may be empty) is "". The event data contains the error.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 2a 23 00 00               *#..    

-------------------------
Event Type:      Error
Event Source:      DNS
Event Category:      None
Event ID:      4004
Date:            4/16/2008
Time:            1:07:08 PM
User:            N/A
Computer:      CCSERVER
Description:
The DNS server was unable to complete directory service enumeration of zone _msdcs.crossroadcounseling.local.  This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it.  Check that the Active Directory is functioning properly and repeat enumeration of the zone. The extended error debug information (which may be empty) is "". The event data contains the error.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 2a 23 00 00               *#..    

-----------------------------
Event Type:      Error
Event Source:      DNS
Event Category:      None
Event ID:      4004
Date:            4/16/2008
Time:            1:07:08 PM
User:            N/A
Computer:      CCSERVER
Description:
The DNS server was unable to complete directory service enumeration of zone ..  This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it.  Check that the Active Directory is functioning properly and repeat enumeration of the zone. The extended error debug information (which may be empty) is "". The event data contains the error.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 2a 23 00 00               *#..    

----------------
Event Type:      Error
Event Source:      DNS
Event Category:      None
Event ID:      4015
Date:            4/16/2008
Time:            1:07:08 PM
User:            N/A
Computer:      CCSERVER
Description:
The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 51 00 00 00               Q...    
0
 
LVL 39

Accepted Solution

by:
ChiefIT earned 1500 total points
ID: 21843277
4004 and 4015 errors usually result from missing the SRV records in DNS.

Try this:
At the command prompt type:
IPconfig /flushDNS
IPconfig /registerdns
Net stop netlogon
Net start netlogon
0
 

Author Closing Comment

by:mjgardne
ID: 31467095
... Nothing worked, so I rebuilt the server...  But, I think that ChiefIT was on the correct track...
0

Featured Post

Fill in the form and get your FREE NFR key NOW!

Veeam® is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Have you considered what group policies are backwards and forwards compatible? Windows Active Directory servers and clients use group policy templates to deploy sets of policies within your domain. But, there is a catch to deploying policies. The…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question