Solved

An LDAP client connection was closed because of an error.

Posted on 2008-06-13
4
4,465 Views
Last Modified: 2010-04-21
Hello,

We have a fully updated SBS 2003 server which has a an ASP application on it.  It is a simple environment with the SBS server and 17 workstations on a single domain.   Everything has been working well for the past year, but recently my users have been having problems logging into the ASP application.  When they try to log into the application (using AD authentication), they will be denied access and told that they have an invalid username or password.  If they log out of their computer, they can successfully log into the workstation with their credentials, but still not be able to log into the application.  If the user waits until the next day, they can log into the application.  If we change the user's password, they can log into the application.  I have been investigating this issue and enabled logging of login and logoff events and LDAP events, too.  When the user cannot log into the application, the following appears in the Event Log:
---------------------------------------------------------------------------------
Event Type:      Warning
Event Source:      NTDS LDAP
Event Category:      LDAP Interface
Event ID:      1216
Date:            6/13/2008
Time:            11:54:41 AM
User:            N/A
Computer:      CCSERVER
Description:
Internal event: An LDAP client connection was closed because of an error.
 Client ID:
11968
 Additional Data
Error value:
995 The I/O operation has been aborted because of either a thread exit or an application request.
Internal ID:
c0602efEvent Type:      Information
Event Source:      NTDS LDAP
Event Category:      LDAP Interface
Event ID:      1535
Date:            6/13/2008
Time:            11:29:17 AM
User:            NT AUTHORITY\SYSTEM
Computer:      CCSERVER
Description:
Internal event: The LDAP server returned an error.
 
Additional Data
Error value:
0000208D: NameErr: DSID-031001CD, problem 2001 (NO_OBJECT), data 0, best match of:
      'CN=Dfs-Configuration,CN=System,DC=crossroadcounseling,DC=local'
------------------------------------------------------------------------------------------------



I ran dcdiag and kccevent failed:
-------------------------------------------------------------------------
      Starting test: kccevent
         * The KCC Event log test
         An Warning Event occured.  EventID: 0x800004C0
            Time Generated: 06/13/2008   12:38:42
            Event String: Internal event: An LDAP client connection was
closed because of an error.
Client ID:
12168
Additional Data
Error value:
995
The I/O operation has been aborted because of either a thread exit or an application request.
Internal ID:
c0602ef
         An Warning Event occured.  EventID: 0x800004C0
            Time Generated: 06/13/2008   12:40:43
            Event String: Internal event: An LDAP client connection was closed because of an error.
Client ID:
12145
Additional Data
Error value:
995
The I/O operation has been aborted because of either a thread exit or an application request.
Internal ID:
c0602ef
         An Warning Event occured.  EventID: 0x800004C0
            Time Generated: 06/13/2008   12:43:13
            Event String: Internal event: An LDAP client connection was closed because of an error.
Client ID:
11918
Additional Data
Error value:
995
The I/O operation has been aborted because of either a thread exit or an application request.
Internal ID:
c0602ef
         An Warning Event occured.  EventID: 0x800004C0
            Time Generated: 06/13/2008   12:44:43
            Event String: Internal event: An LDAP client connection was closed because of an error.
Client ID:
12076
Additional Data
Error value:
995
The I/O operation has been aborted because of either a thread exit or an application request.
Internal ID:
c0602ef
         ......................... CCSERVER failed test kccevent
-----------------------------------------------------------

I also ran repadmin and it reported the following error:

------------------------------------------------------------
Repadmin experienced the following error trying to resolve the DC_NAME: dc*
Error: An error occured:
    Win32 Error 8419(0x20e3): The DSA object could not be found.
-----------------------------------------------------------


Although I have gathered useful information, I have not been able to find any help online about resolving these issues.  I would really appreciate any suggestions.

Thank you,

Mike
0
Comment
Question by:mjgardne
  • 2
4 Comments
 
LVL 2

Expert Comment

by:artisticsoul
ID: 21784010
Do you only have the one server? Is this server a domain controller? At first look this seems to be DNS related. Has anything changed in DNS?

0
 

Author Comment

by:mjgardne
ID: 21784423
Hi,

Yes, it is a very simple network setup with a single Microsoft Small Business Server 2003, which is acting as the DC and provides DNS, DHCP, SQL Server 2005, and IIS (as well as other) services.  Our web app is hosted on this server.  

I looked in the Event Log's DNS tab and did not see any curent DNS warnings or errors, but in mid April there was a series of errors over a seven minute period, but then DNS was happy again...  Here are the errors.  Hopefully they help...

Thanks,

Mike



---------------------------------
Event Type:      Error
Event Source:      DNS
Event Category:      None
Event ID:      4004
Date:            4/16/2008
Time:            1:07:08 PM
User:            N/A
Computer:      CCSERVER
Description:
The DNS server was unable to complete directory service enumeration of zone 16.168.192.in-addr.arpa.  This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it.  Check that the Active Directory is functioning properly and repeat enumeration of the zone. The extended error debug information (which may be empty) is "". The event data contains the error.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 2a 23 00 00               *#..    

-------------------------
Event Type:      Error
Event Source:      DNS
Event Category:      None
Event ID:      4004
Date:            4/16/2008
Time:            1:07:08 PM
User:            N/A
Computer:      CCSERVER
Description:
The DNS server was unable to complete directory service enumeration of zone _msdcs.crossroadcounseling.local.  This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it.  Check that the Active Directory is functioning properly and repeat enumeration of the zone. The extended error debug information (which may be empty) is "". The event data contains the error.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 2a 23 00 00               *#..    

-----------------------------
Event Type:      Error
Event Source:      DNS
Event Category:      None
Event ID:      4004
Date:            4/16/2008
Time:            1:07:08 PM
User:            N/A
Computer:      CCSERVER
Description:
The DNS server was unable to complete directory service enumeration of zone ..  This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it.  Check that the Active Directory is functioning properly and repeat enumeration of the zone. The extended error debug information (which may be empty) is "". The event data contains the error.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 2a 23 00 00               *#..    

----------------
Event Type:      Error
Event Source:      DNS
Event Category:      None
Event ID:      4015
Date:            4/16/2008
Time:            1:07:08 PM
User:            N/A
Computer:      CCSERVER
Description:
The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 51 00 00 00               Q...    
0
 
LVL 38

Accepted Solution

by:
ChiefIT earned 500 total points
ID: 21843277
4004 and 4015 errors usually result from missing the SRV records in DNS.

Try this:
At the command prompt type:
IPconfig /flushDNS
IPconfig /registerdns
Net stop netlogon
Net start netlogon
0
 

Author Closing Comment

by:mjgardne
ID: 31467095
... Nothing worked, so I rebuilt the server...  But, I think that ChiefIT was on the correct track...
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The articles for turning off the Client firewall policy on the internet are for SBS 2008 and don't really help for SBS 2011. They actually moved the Client firewall policy. In 2011, the client firewall policy has moved to the SBS computers conta…
If you are a user of the discontinued Microsoft Office Accounting 2008 (MSOA) and have to move to a new computer running Windows 8, you will be unhappy to discover that it won't install.  In particular, Microsoft SQL Server 2005 Express Edition (SSE…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question