Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

User cannot log on to domin

Posted on 2010-08-27
12
1,360 Views
Last Modified: 2012-05-10
Hi
I have problem. If user (many different) tries to logon (client computer XP SP3 32bit), then he gets message "The system could not log you on. Make sure.....". I'm sure that the name and password are correct.

After looking to DC (Server 2008) Securty log.

First event

Source:        Microsoft-Windows-Security-Auditing
Date:          27.08.2010 16:06:03
Event ID:      4769
Task Category: Kerberos Service Ticket Operations
Level:         Information
Keywords:      Audit Success
User:          N/A
Computer:      host.domain.in
Description:
A Kerberos service ticket was requested.

Account Information:
      Account Name:            user@domain.int
      Account Domain:            domain.int
      Logon GUID:            {07edabc8-a520-ad7c-fbd9-a70deefe3561}

Service Information:
      Service Name:            clientcomputername$
      Service ID:            domain\clientcomputername$

Network Information:
      Client Address:            10.129.131.24
      Client Port:            1105

Additional Information:
      Ticket Options:            0x40800000
      Ticket Encryption Type:      0x17
      Failure Code:            0x0
      Transited Services:      -

This event is generated every time access is requested to a resource such as a computer or a Windows service.  The service name indicates the resource to which access was requested.

This event can be correlated with Windows logon events by comparing the Logon GUID fields in each event.  The logon event occurs on the machine that was accessed, which is often a different machine than the domain controller which issued the service ticket.

Ticket options, encryption types, and failure codes are defined in RFC 4120.

Second log event

Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          27.08.2010 16:06:03
Event ID:      4769
Task Category: Kerberos Service Ticket Operations
Level:         Information
Keywords:      Audit Failure
User:          N/A
Computer:      host.domain.int
Description:
A Kerberos service ticket was requested.

Account Information:
      Account Name:            
      Account Domain:            
      Logon GUID:            {00000000-0000-0000-0000-000000000000}

Service Information:
      Service Name:            
      Service ID:            NULL SID

Network Information:
      Client Address:            ::ffff:clientip
      Client Port:            1106

Additional Information:
      Ticket Options:            0x40800000
      Ticket Encryption Type:      0xffffffff
      Failure Code:            0x1f
      Transited Services:      -

This event is generated every time access is requested to a resource such as a computer or a Windows service.  The service name indicates the resource to which access was requested.

This event can be correlated with Windows logon events by comparing the Logon GUID fields in each event.  The logon event occurs on the machine that was accessed, which is often a different machine than the domain controller which issued the service ticket.

Ticket options, encryption types, and failure codes are defined in RFC 4120.

This failure conde refers to "Integrity check on decrypted field failed"
http://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=4769

What should I do to fix it?
0
Comment
Question by:madis222
  • 5
  • 3
  • 2
  • +1
12 Comments
 
LVL 37

Expert Comment

by:Neil Russell
ID: 33541858
Is this any user on any machine? OR just any user on one machine?
Have you tried COMPLETELY removing the PC from the domain and then rejoining it?
 
0
 

Author Comment

by:madis222
ID: 33542037
I tried to remove and rejoin computer to the domain. I also changed computer name.
The problem is with many users and computers.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 33542183
Interesting 0x17 is listed as user password has expired

http://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=4769

...but you say it is happening to a lot o users?

Thanks

Mike
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 37

Expert Comment

by:Neil Russell
ID: 33542217
Can you create a new user account and try with that?
0
 

Author Comment

by:madis222
ID: 33542285
With new user the same. I even get this error with domain admin accounts
0
 

Author Comment

by:madis222
ID: 33542295
The error is 0x1f not 0x17
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 33542435
How many pc does it affect?
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 33542492
Make sure the clients are pointing to the DC for DNS only in their TCP\IP settings. DC should only be pointing to itself for DNS as well within it's TCP\IP settings

Please run dcdiag on dc post results
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 33542534
ok sorry about that I was looking at the first event; agree with the dcdiag...at this point it looks to be an issue on the DC if it is happening to a bunch of clients.
I'd say the DC should point to another box for primary DNS and itself somwhere...I've run into race conditon issues.  Also see question halfway down the DS blog about the settings  http://blogs.technet.com/b/askds/archive/2010/07/17/friday-mail-sack-saturday-edition.aspx
Thanks
Mike
0
 

Author Comment

by:madis222
ID: 33555950
DCDIAG from DC1 (which logged these events)

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = DC1
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Raua\DC1
      Starting test: Connectivity
         ......................... DC1 passed test Connectivity

Doing primary tests

   Testing server: Raua\DC1
      Starting test: Advertising
         ......................... DC1 passed test Advertising
      Starting test: FrsEvent
         ......................... DC1 passed test FrsEvent
      Starting test: DFSREvent
         ......................... DC1 passed test DFSREvent
      Starting test: SysVolCheck
         ......................... DC1 passed test SysVolCheck
      Starting test: KccEvent
         ......................... DC1 passed test KccEvent
      Starting test: KnowsOfRoleHolders
         ......................... DC1 passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         ......................... DC1 passed test MachineAccount
      Starting test: NCSecDesc
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
            Replicating Directory Changes In Filtered Set
         access rights for the naming context:
         DC=ForestDnsZones,DC=domain,DC=ee
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
            Replicating Directory Changes In Filtered Set
         access rights for the naming context:
         DC=DomainDnsZones,DC=domain,DC=ee
         ......................... DC1 failed test NCSecDesc
      Starting test: NetLogons
         [DC1] User credentials does not have permission to perform this
         operation.
         The account used for this test must have network logon privileges
         for this machine's domain.
         ......................... DC1 failed test NetLogons
      Starting test: ObjectsReplicated
         ......................... DC1 passed test ObjectsReplicated
      Starting test: Replications
         [Replications Check,DC1] DsReplicaGetInfo(PENDING_OPS, NULL) failed,
         error 0x2105 "Win32 Error 8453"
         ......................... DC1 failed test Replications
      Starting test: RidManager
         ......................... DC1 passed test RidManager
      Starting test: Services
            Could not open NTDS Service on DC1, error 0x5 "Win32 Error 5"
         ......................... DC1 failed test Services
      Starting test: SystemLog
         ......................... DC1 failed test SystemLog
      Starting test: VerifyReferences
         ......................... DC1 passed test VerifyReferences


   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test
         CrossRefValidation

   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test
         CrossRefValidation

   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation

   Running partition tests on : domain
      Starting test: CheckSDRefDom
         ......................... domain passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... domain passed test CrossRefValidation

   Running enterprise tests on : domain.int
      Starting test: LocatorCheck
         ......................... domain.int passed test LocatorCheck
      Starting test: Intersite
         ......................... domain.int passed test Intersite
.............................................................................................................................

DCDIAG from DC2

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = dc2
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Raua\dc2
      Starting test: Connectivity
         ......................... dc2 passed test Connectivity

Doing primary tests

   Testing server: Raua\dc2
      Starting test: Advertising
         ......................... dc2 passed test Advertising
      Starting test: FrsEvent
         ......................... dc2 passed test FrsEvent
      Starting test: DFSREvent
         ......................... dc2 passed test DFSREvent
      Starting test: SysVolCheck
         ......................... dc2 passed test SysVolCheck
      Starting test: KccEvent
         ......................... dc2 passed test KccEvent
      Starting test: KnowsOfRoleHolders
         ......................... dc2 passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         ......................... dc2 passed test MachineAccount
      Starting test: NCSecDesc
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
            Replicating Directory Changes In Filtered Set
         access rights for the naming context:
         DC=ForestDnsZones,DC=domain,DC=ee
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
            Replicating Directory Changes In Filtered Set
         access rights for the naming context:
         DC=DomainDnsZones,DC=domain,DC=ee
         ......................... dc2 failed test NCSecDesc
      Starting test: NetLogons
         [dc2] User credentials does not have permission to perform this
         operation.
         The account used for this test must have network logon privileges
         for this machine's domain.
         ......................... dc2 failed test NetLogons
      Starting test: ObjectsReplicated
         ......................... dc2 passed test ObjectsReplicated
      Starting test: Replications
         [Replications Check,dc2] DsReplicaGetInfo(PENDING_OPS, NULL)
         failed, error 0x2105 "Win32 Error 8453"
         ......................... dc2 failed test Replications
      Starting test: RidManager
         ......................... dc2 passed test RidManager
      Starting test: Services
         ......................... dc2 passed test Services
      Starting test: SystemLog
         An Warning Event occurred.  EventID: 0x0000043D
            Time Generated: 08/30/2010   08:04:09
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error
            0x3afc)
         ......................... dc2 failed test SystemLog
      Starting test: VerifyReferences
         ......................... dc2 passed test VerifyReferences


   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test
         CrossRefValidation

   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test
         CrossRefValidation

   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation

   Running partition tests on : domain
      Starting test: CheckSDRefDom
         ......................... domain passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... domain passed test CrossRefValidation

   Running enterprise tests on : domain.int
      Starting test: LocatorCheck
         ......................... domain.int passed test LocatorCheck
      Starting test: Intersite
         ......................... domain.int passed test Intersite
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 33557945
Make sure you are running the dcdiag with a domain admin.
0
 

Accepted Solution

by:
madis222 earned 0 total points
ID: 33764651
The resolution was to reinstall those workstastions.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A safe way to clean winsxs folder from your windows server 2008 R2 editions
In-place Upgrading Dirsync to Azure AD Connect
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

792 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question