User cannot log on to domin

Hi
I have problem. If user (many different) tries to logon (client computer XP SP3 32bit), then he gets message "The system could not log you on. Make sure.....". I'm sure that the name and password are correct.

After looking to DC (Server 2008) Securty log.

First event

Source:        Microsoft-Windows-Security-Auditing
Date:          27.08.2010 16:06:03
Event ID:      4769
Task Category: Kerberos Service Ticket Operations
Level:         Information
Keywords:      Audit Success
User:          N/A
Computer:      host.domain.in
Description:
A Kerberos service ticket was requested.

Account Information:
      Account Name:            user@domain.int
      Account Domain:            domain.int
      Logon GUID:            {07edabc8-a520-ad7c-fbd9-a70deefe3561}

Service Information:
      Service Name:            clientcomputername$
      Service ID:            domain\clientcomputername$

Network Information:
      Client Address:            10.129.131.24
      Client Port:            1105

Additional Information:
      Ticket Options:            0x40800000
      Ticket Encryption Type:      0x17
      Failure Code:            0x0
      Transited Services:      -

This event is generated every time access is requested to a resource such as a computer or a Windows service.  The service name indicates the resource to which access was requested.

This event can be correlated with Windows logon events by comparing the Logon GUID fields in each event.  The logon event occurs on the machine that was accessed, which is often a different machine than the domain controller which issued the service ticket.

Ticket options, encryption types, and failure codes are defined in RFC 4120.

Second log event

Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          27.08.2010 16:06:03
Event ID:      4769
Task Category: Kerberos Service Ticket Operations
Level:         Information
Keywords:      Audit Failure
User:          N/A
Computer:      host.domain.int
Description:
A Kerberos service ticket was requested.

Account Information:
      Account Name:            
      Account Domain:            
      Logon GUID:            {00000000-0000-0000-0000-000000000000}

Service Information:
      Service Name:            
      Service ID:            NULL SID

Network Information:
      Client Address:            ::ffff:clientip
      Client Port:            1106

Additional Information:
      Ticket Options:            0x40800000
      Ticket Encryption Type:      0xffffffff
      Failure Code:            0x1f
      Transited Services:      -

This event is generated every time access is requested to a resource such as a computer or a Windows service.  The service name indicates the resource to which access was requested.

This event can be correlated with Windows logon events by comparing the Logon GUID fields in each event.  The logon event occurs on the machine that was accessed, which is often a different machine than the domain controller which issued the service ticket.

Ticket options, encryption types, and failure codes are defined in RFC 4120.

This failure conde refers to "Integrity check on decrypted field failed"
http://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=4769

What should I do to fix it?
madis222Asked:
Who is Participating?
 
madis222Connect With a Mentor Author Commented:
The resolution was to reinstall those workstastions.
0
 
Neil RussellTechnical Development LeadCommented:
Is this any user on any machine? OR just any user on one machine?
Have you tried COMPLETELY removing the PC from the domain and then rejoining it?
 
0
 
madis222Author Commented:
I tried to remove and rejoin computer to the domain. I also changed computer name.
The problem is with many users and computers.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
Mike KlineCommented:
Interesting 0x17 is listed as user password has expired

http://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=4769

...but you say it is happening to a lot o users?

Thanks

Mike
0
 
Neil RussellTechnical Development LeadCommented:
Can you create a new user account and try with that?
0
 
madis222Author Commented:
With new user the same. I even get this error with domain admin accounts
0
 
madis222Author Commented:
The error is 0x1f not 0x17
0
 
Neil RussellTechnical Development LeadCommented:
How many pc does it affect?
0
 
Darius GhassemCommented:
Make sure the clients are pointing to the DC for DNS only in their TCP\IP settings. DC should only be pointing to itself for DNS as well within it's TCP\IP settings

Please run dcdiag on dc post results
0
 
Mike KlineCommented:
ok sorry about that I was looking at the first event; agree with the dcdiag...at this point it looks to be an issue on the DC if it is happening to a bunch of clients.
I'd say the DC should point to another box for primary DNS and itself somwhere...I've run into race conditon issues.  Also see question halfway down the DS blog about the settings  http://blogs.technet.com/b/askds/archive/2010/07/17/friday-mail-sack-saturday-edition.aspx
Thanks
Mike
0
 
madis222Author Commented:
DCDIAG from DC1 (which logged these events)

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = DC1
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Raua\DC1
      Starting test: Connectivity
         ......................... DC1 passed test Connectivity

Doing primary tests

   Testing server: Raua\DC1
      Starting test: Advertising
         ......................... DC1 passed test Advertising
      Starting test: FrsEvent
         ......................... DC1 passed test FrsEvent
      Starting test: DFSREvent
         ......................... DC1 passed test DFSREvent
      Starting test: SysVolCheck
         ......................... DC1 passed test SysVolCheck
      Starting test: KccEvent
         ......................... DC1 passed test KccEvent
      Starting test: KnowsOfRoleHolders
         ......................... DC1 passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         ......................... DC1 passed test MachineAccount
      Starting test: NCSecDesc
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
            Replicating Directory Changes In Filtered Set
         access rights for the naming context:
         DC=ForestDnsZones,DC=domain,DC=ee
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
            Replicating Directory Changes In Filtered Set
         access rights for the naming context:
         DC=DomainDnsZones,DC=domain,DC=ee
         ......................... DC1 failed test NCSecDesc
      Starting test: NetLogons
         [DC1] User credentials does not have permission to perform this
         operation.
         The account used for this test must have network logon privileges
         for this machine's domain.
         ......................... DC1 failed test NetLogons
      Starting test: ObjectsReplicated
         ......................... DC1 passed test ObjectsReplicated
      Starting test: Replications
         [Replications Check,DC1] DsReplicaGetInfo(PENDING_OPS, NULL) failed,
         error 0x2105 "Win32 Error 8453"
         ......................... DC1 failed test Replications
      Starting test: RidManager
         ......................... DC1 passed test RidManager
      Starting test: Services
            Could not open NTDS Service on DC1, error 0x5 "Win32 Error 5"
         ......................... DC1 failed test Services
      Starting test: SystemLog
         ......................... DC1 failed test SystemLog
      Starting test: VerifyReferences
         ......................... DC1 passed test VerifyReferences


   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test
         CrossRefValidation

   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test
         CrossRefValidation

   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation

   Running partition tests on : domain
      Starting test: CheckSDRefDom
         ......................... domain passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... domain passed test CrossRefValidation

   Running enterprise tests on : domain.int
      Starting test: LocatorCheck
         ......................... domain.int passed test LocatorCheck
      Starting test: Intersite
         ......................... domain.int passed test Intersite
.............................................................................................................................

DCDIAG from DC2

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = dc2
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Raua\dc2
      Starting test: Connectivity
         ......................... dc2 passed test Connectivity

Doing primary tests

   Testing server: Raua\dc2
      Starting test: Advertising
         ......................... dc2 passed test Advertising
      Starting test: FrsEvent
         ......................... dc2 passed test FrsEvent
      Starting test: DFSREvent
         ......................... dc2 passed test DFSREvent
      Starting test: SysVolCheck
         ......................... dc2 passed test SysVolCheck
      Starting test: KccEvent
         ......................... dc2 passed test KccEvent
      Starting test: KnowsOfRoleHolders
         ......................... dc2 passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         ......................... dc2 passed test MachineAccount
      Starting test: NCSecDesc
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
            Replicating Directory Changes In Filtered Set
         access rights for the naming context:
         DC=ForestDnsZones,DC=domain,DC=ee
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
            Replicating Directory Changes In Filtered Set
         access rights for the naming context:
         DC=DomainDnsZones,DC=domain,DC=ee
         ......................... dc2 failed test NCSecDesc
      Starting test: NetLogons
         [dc2] User credentials does not have permission to perform this
         operation.
         The account used for this test must have network logon privileges
         for this machine's domain.
         ......................... dc2 failed test NetLogons
      Starting test: ObjectsReplicated
         ......................... dc2 passed test ObjectsReplicated
      Starting test: Replications
         [Replications Check,dc2] DsReplicaGetInfo(PENDING_OPS, NULL)
         failed, error 0x2105 "Win32 Error 8453"
         ......................... dc2 failed test Replications
      Starting test: RidManager
         ......................... dc2 passed test RidManager
      Starting test: Services
         ......................... dc2 passed test Services
      Starting test: SystemLog
         An Warning Event occurred.  EventID: 0x0000043D
            Time Generated: 08/30/2010   08:04:09
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error
            0x3afc)
         ......................... dc2 failed test SystemLog
      Starting test: VerifyReferences
         ......................... dc2 passed test VerifyReferences


   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test
         CrossRefValidation

   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test
         CrossRefValidation

   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation

   Running partition tests on : domain
      Starting test: CheckSDRefDom
         ......................... domain passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... domain passed test CrossRefValidation

   Running enterprise tests on : domain.int
      Starting test: LocatorCheck
         ......................... domain.int passed test LocatorCheck
      Starting test: Intersite
         ......................... domain.int passed test Intersite
0
 
Darius GhassemCommented:
Make sure you are running the dcdiag with a domain admin.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.