Windows 7 machine authentication problems on 2008 Network
We have a 2008 Active Directory Network. We recently started using 3 New Windows 7 machines for the domain administrators. We also have a large facility with 3 different IP subnets. When one of the administrators goes to a different area and uses his computer on a different subnet, when he comes back to his office he can not log in to his computer. He gets the error bad username or password. Then he can not log in to the network. Also, he is using kerberos to connect to client access for the iSeries. He can log in to his computer if he disconnects the network cable. Then when he reconnects the cable he gets kerberos credentials not foound.
this is a dns issue.. make sure first dns entry is the ip address of your dc
ASKER
Do you mean put a static dns entry in his computer instead of getting it through dhcp?
I.e. make sure the system the administrator uses while moving around is configured for DHCP for both IP and DNS and is not using a static IP and DNS configuration.
yes and make dhcp to forward proper dns entries i.e. dc ip adress as first dns entry
ASKER
I have DHCP configured that way. I will put a static DNS entry in his computer.
Presumably you have a DHCP on each subnet or you have a dhcp relay agent configured on the Subnets where there is no DHCP server. The scope options allocate DNS servers that are local to the segment or all point to the same DC?
ASKER
I put the static DNS entry in his computer. It did not work. He is still is getting a kerberos error. The DC is attached to all three subnets. All DNS ponts to the dc.
Is there a path from each subnet?
Does your DC have multiple NICs? or is there a router in the place that combines the traffic for all the subnets? Does the user have issues loging into a local workstation on each subnet?
Does your DC have multiple NICs? or is there a router in the place that combines the traffic for all the subnets? Does the user have issues loging into a local workstation on each subnet?
ASKER
The DC has multiple nics. He does not have a problem logging on to any other computer except his Windows 7 laptop.
Several things do not make sense provided you have the NIC configured for DHCP for both IP and DNS as well as have ipv6 off?
Does the windows 7 have a local firewall setup where it has explicitly set one LAN as exempt/trusted while others are seen as public?
Does the windows 7 have a local firewall setup where it has explicitly set one LAN as exempt/trusted while others are seen as public?
ASKER
None of this makes sense to me. The nic is configured for both dhcp and dns. Although now I put a static entry in for dns. The local firewall is turned off. He did have ipv6 turned on with ipv4 so I turned off 6.
Is the change being tested now?
Also did you configure the DHCP on the windows 2008 to use/allocate both IPv4 and IPv6 IPs?
Also did you configure the DHCP on the windows 2008 to use/allocate both IPv4 and IPv6 IPs?
when you say "different area and uses his computer on a different subnet, when he comes back to his office he can not log in to his computer"
that means he were able to login before at the main subnet right
is this affecting only this windows 7 machine
that he can login without network cable is because windows is using cached credentials and after logged in when you plug in the cable there is no kerberos credentials as pc and user have not received a TGT from KDC.
have you tried to rejoin the pc to the domain, first remove from domain and then join again
DNS can be the problem because all Domain Services are provided in DNS.
DHCP should not be the problem as the client receives the correct IP settings, right?
Do you have only one side in your domain?
can you provide more details of the domain infrastructure
that means he were able to login before at the main subnet right
is this affecting only this windows 7 machine
that he can login without network cable is because windows is using cached credentials and after logged in when you plug in the cable there is no kerberos credentials as pc and user have not received a TGT from KDC.
have you tried to rejoin the pc to the domain, first remove from domain and then join again
DNS can be the problem because all Domain Services are provided in DNS.
DHCP should not be the problem as the client receives the correct IP settings, right?
Do you have only one side in your domain?
can you provide more details of the domain infrastructure
ASKER
The static DNS entry and turning off IPv6 did not work.,
What errors if any are recorded on the workstation?
You may have to do as others have suggested to rejoin the system to the domain just in the event that the joining initially was not complete.
You may have to do as others have suggested to rejoin the system to the domain just in the event that the joining initially was not complete.
ASKER
He had errors on the workstation. Unfortunately he is out of town now and I don't know what they were.
ASKER
This just hapened to another user. If I pull the network cable and log him in, then connect the cable he is fine. He can get in to all network resources. If I log him in with the cable connected I get wrong user name or password. I know the password is correct because I entere it in to his account in AD myself. I also took this machine off of the domain, and then rejoined it.
You might have a DC out of sync.
Run dcdiag on the DC's.
Run dcdiag on the DC's.
ASKER
What am I looking for? I ran it on both DC's.
ASKER
I have four Windows 7 machines and two of them are behaving this way.
When running dcdiag on both dcs do you get any errors?
Post dcdiag output here for more information if you like.
Also are you sure dns entries pointing to the correct Primary DC on every subnet?
Can you remove all entries from DNS and leave Only the ip of your primary dc ?
Post dcdiag output here for more information if you like.
Also are you sure dns entries pointing to the correct Primary DC on every subnet?
Can you remove all entries from DNS and leave Only the ip of your primary dc ?
ASKER
Here is the out put from DCdiag
Primary
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = RGRAYDC1
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\RG
Starting test: Connectivity
......................... RGRAYDC1 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\RG
Starting test: Advertising
......................... RGRAYDC1 passed test Advertising
Starting test: FrsEvent
......................... RGRAYDC1 passed test FrsEvent
Starting test: DFSREvent
......................... RGRAYDC1 passed test DFSREvent
Starting test: SysVolCheck
......................... RGRAYDC1 passed test SysVolCheck
Starting test: KccEvent
......................... RGRAYDC1 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... RGRAYDC1 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... RGRAYDC1 passed test MachineAccount
Starting test: NCSecDesc
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=corp,
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=corp,
......................... RGRAYDC1 failed test NCSecDesc
Starting test: NetLogons
......................... RGRAYDC1 passed test NetLogons
Starting test: ObjectsReplicated
......................... RGRAYDC1 passed test ObjectsReplicated
Starting test: Replications
......................... RGRAYDC1 passed test Replications
Starting test: RidManager
......................... RGRAYDC1 passed test RidManager
Starting test: Services
......................... RGRAYDC1 passed test Services
Starting test: SystemLog
An Error Event occurred. EventID: 0x000016AD
Time Generated: 10/01/2010 06:17:23
Event String: The session setup from the computer TIMEATTD3 failed to authenticate. The following error occurred:
An Error Event occurred. EventID: 0xC0000010
Time Generated: 10/01/2010 06:30:02
Event String:
While processing a TGS request for the target server cifs/RGRAYAS4.corp.rgraycl
did not have a suitable key for generating a Kerberos ticket (the missing key has an ID of 8). The requested etypes were 18 17 23 24 -1
35. The accounts available etypes were 23 -133 -128 18 17 3 1 -140. Changing or resetting the password of rgrayas4_5_cifs will genera
te a proper key.
An Error Event occurred. EventID: 0x00000457
Time Generated: 10/01/2010 06:32:52
Event String:
Driver Kyocera CS-3060 KX required for printer !!rgraybg02!P01SC05 is unknown. Contact the administrator to install the driver b
efore you log in again.
An Error Event occurred. EventID: 0x00000457
Time Generated: 10/01/2010 06:32:55
Event String:
Driver Microsoft Office Document Image Writer Driver required for printer Microsoft Office Document Image Writer is unknown. Con
tact the administrator to install the driver before you log in again.
An Error Event occurred. EventID: 0x00000457
Time Generated: 10/01/2010 06:32:57
Event String:
Driver Kyocera CS 250ci KX required for printer !!SYSTEMCENTER!p01ex03 is unknown. Contact the administrator to install the driv
er before you log in again.
An Error Event occurred. EventID: 0x00000457
Time Generated: 10/01/2010 06:32:58
Event String:
Driver Microsoft Office Live Meeting 2007 Document Writer Driver required for printer Microsoft Office Live Meeting 2007 Documen
t Writer is unknown. Contact the administrator to install the driver before you log in again.
......................... RGRAYDC1 failed test SystemLog
Starting test: VerifyReferences
......................... RGRAYDC1 passed test VerifyReferences
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : corp
Starting test: CheckSDRefDom
......................... corp passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... corp passed test CrossRefValidation
Running enterprise tests on : corp.rgrayclamps.com
Starting test: LocatorCheck
......................... corp.rgrayclamps.com passed test LocatorCheck
Starting test: Intersite
......................... corp.rgrayclamps.com passed test Intersite
Primary
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = RGRAYDC1
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\RG
Starting test: Connectivity
......................... RGRAYDC1 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\RG
Starting test: Advertising
......................... RGRAYDC1 passed test Advertising
Starting test: FrsEvent
......................... RGRAYDC1 passed test FrsEvent
Starting test: DFSREvent
......................... RGRAYDC1 passed test DFSREvent
Starting test: SysVolCheck
......................... RGRAYDC1 passed test SysVolCheck
Starting test: KccEvent
......................... RGRAYDC1 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... RGRAYDC1 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... RGRAYDC1 passed test MachineAccount
Starting test: NCSecDesc
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=corp,
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=corp,
......................... RGRAYDC1 failed test NCSecDesc
Starting test: NetLogons
......................... RGRAYDC1 passed test NetLogons
Starting test: ObjectsReplicated
......................... RGRAYDC1 passed test ObjectsReplicated
Starting test: Replications
......................... RGRAYDC1 passed test Replications
Starting test: RidManager
......................... RGRAYDC1 passed test RidManager
Starting test: Services
......................... RGRAYDC1 passed test Services
Starting test: SystemLog
An Error Event occurred. EventID: 0x000016AD
Time Generated: 10/01/2010 06:17:23
Event String: The session setup from the computer TIMEATTD3 failed to authenticate. The following error occurred:
An Error Event occurred. EventID: 0xC0000010
Time Generated: 10/01/2010 06:30:02
Event String:
While processing a TGS request for the target server cifs/RGRAYAS4.corp.rgraycl
did not have a suitable key for generating a Kerberos ticket (the missing key has an ID of 8). The requested etypes were 18 17 23 24 -1
35. The accounts available etypes were 23 -133 -128 18 17 3 1 -140. Changing or resetting the password of rgrayas4_5_cifs will genera
te a proper key.
An Error Event occurred. EventID: 0x00000457
Time Generated: 10/01/2010 06:32:52
Event String:
Driver Kyocera CS-3060 KX required for printer !!rgraybg02!P01SC05 is unknown. Contact the administrator to install the driver b
efore you log in again.
An Error Event occurred. EventID: 0x00000457
Time Generated: 10/01/2010 06:32:55
Event String:
Driver Microsoft Office Document Image Writer Driver required for printer Microsoft Office Document Image Writer is unknown. Con
tact the administrator to install the driver before you log in again.
An Error Event occurred. EventID: 0x00000457
Time Generated: 10/01/2010 06:32:57
Event String:
Driver Kyocera CS 250ci KX required for printer !!SYSTEMCENTER!p01ex03 is unknown. Contact the administrator to install the driv
er before you log in again.
An Error Event occurred. EventID: 0x00000457
Time Generated: 10/01/2010 06:32:58
Event String:
Driver Microsoft Office Live Meeting 2007 Document Writer Driver required for printer Microsoft Office Live Meeting 2007 Documen
t Writer is unknown. Contact the administrator to install the driver before you log in again.
......................... RGRAYDC1 failed test SystemLog
Starting test: VerifyReferences
......................... RGRAYDC1 passed test VerifyReferences
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : corp
Starting test: CheckSDRefDom
......................... corp passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... corp passed test CrossRefValidation
Running enterprise tests on : corp.rgrayclamps.com
Starting test: LocatorCheck
......................... corp.rgrayclamps.com passed test LocatorCheck
Starting test: Intersite
......................... corp.rgrayclamps.com passed test Intersite
ASKER
Here is the secondary
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = RGRAYBG01
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\RG
Starting test: Connectivity
......................... RGRAYBG01 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\RG
Starting test: Advertising
......................... RGRAYBG01 passed test Advertising
Starting test: FrsEvent
......................... RGRAYBG01 passed test FrsEvent
Starting test: DFSREvent
......................... RGRAYBG01 passed test DFSREvent
Starting test: SysVolCheck
......................... RGRAYBG01 passed test SysVolCheck
Starting test: KccEvent
......................... RGRAYBG01 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... RGRAYBG01 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... RGRAYBG01 passed test MachineAccount
Starting test: NCSecDesc
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=corp,
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=corp,
......................... RGRAYBG01 failed test NCSecDesc
Starting test: NetLogons
......................... RGRAYBG01 passed test NetLogons
Starting test: ObjectsReplicated
......................... RGRAYBG01 passed test ObjectsReplicated
Starting test: Replications
......................... RGRAYBG01 passed test Replications
Starting test: RidManager
......................... RGRAYBG01 passed test RidManager
Starting test: Services
......................... RGRAYBG01 passed test Services
Starting test: SystemLog
An Error Event occurred. EventID: 0x000016AD
Time Generated: 10/01/2010 06:07:34
Event String:
The session setup from the computer PRESSDATACOLLEC failed to authen
ticate. The following error occurred:
An Error Event occurred. EventID: 0x000016AD
Time Generated: 10/01/2010 06:32:24
Event String:
The session setup from the computer SHIPPINGLABELS failed to authent
icate. The following error occurred:
......................... RGRAYBG01 failed test SystemLog
Starting test: VerifyReferences
......................... RGRAYBG01 passed test VerifyReferences
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : corp
Starting test: CheckSDRefDom
......................... corp passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... corp passed test CrossRefValidation
Running enterprise tests on : corp.rgrayclamps.com
Starting test: LocatorCheck
......................... corp.rgrayclamps.com passed test
LocatorCheck
Starting test: Intersite
......................... corp.rgrayclamps.com passed test Intersite
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = RGRAYBG01
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\RG
Starting test: Connectivity
......................... RGRAYBG01 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\RG
Starting test: Advertising
......................... RGRAYBG01 passed test Advertising
Starting test: FrsEvent
......................... RGRAYBG01 passed test FrsEvent
Starting test: DFSREvent
......................... RGRAYBG01 passed test DFSREvent
Starting test: SysVolCheck
......................... RGRAYBG01 passed test SysVolCheck
Starting test: KccEvent
......................... RGRAYBG01 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... RGRAYBG01 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... RGRAYBG01 passed test MachineAccount
Starting test: NCSecDesc
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=corp,
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=corp,
......................... RGRAYBG01 failed test NCSecDesc
Starting test: NetLogons
......................... RGRAYBG01 passed test NetLogons
Starting test: ObjectsReplicated
......................... RGRAYBG01 passed test ObjectsReplicated
Starting test: Replications
......................... RGRAYBG01 passed test Replications
Starting test: RidManager
......................... RGRAYBG01 passed test RidManager
Starting test: Services
......................... RGRAYBG01 passed test Services
Starting test: SystemLog
An Error Event occurred. EventID: 0x000016AD
Time Generated: 10/01/2010 06:07:34
Event String:
The session setup from the computer PRESSDATACOLLEC failed to authen
ticate. The following error occurred:
An Error Event occurred. EventID: 0x000016AD
Time Generated: 10/01/2010 06:32:24
Event String:
The session setup from the computer SHIPPINGLABELS failed to authent
icate. The following error occurred:
......................... RGRAYBG01 failed test SystemLog
Starting test: VerifyReferences
......................... RGRAYBG01 passed test VerifyReferences
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : corp
Starting test: CheckSDRefDom
......................... corp passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... corp passed test CrossRefValidation
Running enterprise tests on : corp.rgrayclamps.com
Starting test: LocatorCheck
......................... corp.rgrayclamps.com passed test
LocatorCheck
Starting test: Intersite
......................... corp.rgrayclamps.com passed test Intersite
On both dcs
Click Start, type "adsiedit.msc", find and right-click "DC=abc,DC=com,DC=au", choose Properties, switch to Security tab, click Advanced. On permissions tab, click ADD if Enterprise Read-only Domain Controllers was not listed. Type Enterprise Read-only Domain Controllers and click OK.
Then Allow the following permissions.
Replicating Directory Changes
Replication Synchronization
Manage Replication Topology
Finaly change pasword for the users that have problem logging in and hopefully your problem will be solved..
Click Start, type "adsiedit.msc", find and right-click "DC=abc,DC=com,DC=au", choose Properties, switch to Security tab, click Advanced. On permissions tab, click ADD if Enterprise Read-only Domain Controllers was not listed. Type Enterprise Read-only Domain Controllers and click OK.
Then Allow the following permissions.
Replicating Directory Changes
Replication Synchronization
Manage Replication Topology
Finaly change pasword for the users that have problem logging in and hopefully your problem will be solved..
after successful replication please run dcdiag again and post the results here
ASKER
OK. I followed the instructions. Here are the new dcdiags
Primary
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = RGRAYDC1
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\RG
Starting test: Connectivity
......................... RGRAYDC1 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\RG
Starting test: Advertising
......................... RGRAYDC1 passed test Advertising
Starting test: FrsEvent
......................... RGRAYDC1 passed test FrsEvent
Starting test: DFSREvent
......................... RGRAYDC1 passed test DFSREvent
Starting test: SysVolCheck
......................... RGRAYDC1 passed test SysVolCheck
Starting test: KccEvent
......................... RGRAYDC1 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... RGRAYDC1 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... RGRAYDC1 passed test MachineAccount
Starting test: NCSecDesc
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=corp,
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=corp,
......................... RGRAYDC1 failed test NCSecDesc
Starting test: NetLogons
......................... RGRAYDC1 passed test NetLogons
Starting test: ObjectsReplicated
......................... RGRAYDC1 passed test ObjectsReplicated
Starting test: Replications
......................... RGRAYDC1 passed test Replications
Starting test: RidManager
......................... RGRAYDC1 passed test RidManager
Starting test: Services
......................... RGRAYDC1 passed test Services
Starting test: SystemLog
An Error Event occurred. EventID: 0x000016AD
Time Generated: 10/01/2010 07:25:07
Event String: The session setup from the computer TIMEATTD4 failed to authenticate. The following error occurred:
An Error Event occurred. EventID: 0x000016AD
Time Generated: 10/01/2010 07:40:07
Event String: The session setup from the computer MARTHARUIZ failed to authenticate. The following error occurred:
An Error Event occurred. EventID: 0xC0001B77
Time Generated: 10/01/2010 07:43:07
Event String:
The Kaspersky Network Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 0 milliseconds: Restart the service.
An Error Event occurred. EventID: 0x000016AD
Time Generated: 10/01/2010 07:47:24
Event String: The session setup from the computer C01WA-5481B failed to authenticate. The following error occurred:
......................... RGRAYDC1 failed test SystemLog
Starting test: VerifyReferences
......................... RGRAYDC1 passed test VerifyReferences
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : corp
Starting test: CheckSDRefDom
......................... corp passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... corp passed test CrossRefValidation
Running enterprise tests on : corp.rgrayclamps.com
Starting test: LocatorCheck
Primary
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = RGRAYDC1
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\RG
Starting test: Connectivity
......................... RGRAYDC1 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\RG
Starting test: Advertising
......................... RGRAYDC1 passed test Advertising
Starting test: FrsEvent
......................... RGRAYDC1 passed test FrsEvent
Starting test: DFSREvent
......................... RGRAYDC1 passed test DFSREvent
Starting test: SysVolCheck
......................... RGRAYDC1 passed test SysVolCheck
Starting test: KccEvent
......................... RGRAYDC1 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... RGRAYDC1 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... RGRAYDC1 passed test MachineAccount
Starting test: NCSecDesc
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=corp,
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=corp,
......................... RGRAYDC1 failed test NCSecDesc
Starting test: NetLogons
......................... RGRAYDC1 passed test NetLogons
Starting test: ObjectsReplicated
......................... RGRAYDC1 passed test ObjectsReplicated
Starting test: Replications
......................... RGRAYDC1 passed test Replications
Starting test: RidManager
......................... RGRAYDC1 passed test RidManager
Starting test: Services
......................... RGRAYDC1 passed test Services
Starting test: SystemLog
An Error Event occurred. EventID: 0x000016AD
Time Generated: 10/01/2010 07:25:07
Event String: The session setup from the computer TIMEATTD4 failed to authenticate. The following error occurred:
An Error Event occurred. EventID: 0x000016AD
Time Generated: 10/01/2010 07:40:07
Event String: The session setup from the computer MARTHARUIZ failed to authenticate. The following error occurred:
An Error Event occurred. EventID: 0xC0001B77
Time Generated: 10/01/2010 07:43:07
Event String:
The Kaspersky Network Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 0 milliseconds: Restart the service.
An Error Event occurred. EventID: 0x000016AD
Time Generated: 10/01/2010 07:47:24
Event String: The session setup from the computer C01WA-5481B failed to authenticate. The following error occurred:
......................... RGRAYDC1 failed test SystemLog
Starting test: VerifyReferences
......................... RGRAYDC1 passed test VerifyReferences
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : corp
Starting test: CheckSDRefDom
......................... corp passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... corp passed test CrossRefValidation
Running enterprise tests on : corp.rgrayclamps.com
Starting test: LocatorCheck
ASKER
Are you sure I can change the password and log in?
Secondary
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = RGRAYBG01
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\RG
Starting test: Connectivity
......................... RGRAYBG01 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\RG
Starting test: Advertising
......................... RGRAYBG01 passed test Advertising
Starting test: FrsEvent
......................... RGRAYBG01 passed test FrsEvent
Starting test: DFSREvent
......................... RGRAYBG01 passed test DFSREvent
Starting test: SysVolCheck
......................... RGRAYBG01 passed test SysVolCheck
Starting test: KccEvent
......................... RGRAYBG01 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... RGRAYBG01 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... RGRAYBG01 passed test MachineAccount
Starting test: NCSecDesc
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=corp,
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=corp,
......................... RGRAYBG01 failed test NCSecDesc
Starting test: NetLogons
......................... RGRAYBG01 passed test NetLogons
Starting test: ObjectsReplicated
......................... RGRAYBG01 passed test ObjectsReplicated
Starting test: Replications
......................... RGRAYBG01 passed test Replications
Starting test: RidManager
......................... RGRAYBG01 passed test RidManager
Starting test: Services
......................... RGRAYBG01 passed test Services
Starting test: SystemLog
An Error Event occurred. EventID: 0x0000165B
Time Generated: 10/01/2010 07:30:31
Event String:
The session setup from computer 'MARTHARUIZ' failed because the secu
rity database does not contain a trust account 'MARTHARUIZ$' referenced by the s
pecified computer.
An Error Event occurred. EventID: 0x000016AD
Time Generated: 10/01/2010 07:54:19
Event String:
The session setup from the computer TIMEATTD4 failed to authenticate
. The following error occurred:
An Error Event occurred. EventID: 0xC0000010
Time Generated: 10/01/2010 08:07:03
Event String:
While processing a TGS request for the target server cifs/RGRAYAS4.c
orp.rgrayclamps.com, the account CWOLFO@CORP.RGRAYCLAMPS.CO
able key for generating a Kerberos ticket (the missing key has an ID of 8). The
requested etypes were 18 17 23 24 -135. The accounts available etypes were 2
3 -133 -128 18 17 3 1 -140. Changing or resetting the password of rgrayas
4_5_cifs will generate a proper key.
An Error Event occurred. EventID: 0x000016AD
Time Generated: 10/01/2010 08:17:24
Event String:
The session setup from the computer TIMEATTD3 failed to authenticate
. The following error occurred:
An Error Event occurred. EventID: 0x000016AD
Time Generated: 10/01/2010 08:17:24
Event String:
The session setup from the computer C01SHPLBL2 failed to authenticat
e. The following error occurred:
......................... RGRAYBG01 failed test SystemLog
Starting test: VerifyReferences
......................... RGRAYBG01 passed test VerifyReferences
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : corp
Starting test: CheckSDRefDom
......................... corp passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... corp passed test CrossRefValidation
Running enterprise tests on : corp.rgrayclamps.com
Starting test: LocatorCheck
......................... corp.rgrayclamps.com passed test
LocatorCheck
Starting test: Intersite
......................... corp.rgrayclamps.com passed test Intersite
Secondary
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = RGRAYBG01
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\RG
Starting test: Connectivity
......................... RGRAYBG01 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\RG
Starting test: Advertising
......................... RGRAYBG01 passed test Advertising
Starting test: FrsEvent
......................... RGRAYBG01 passed test FrsEvent
Starting test: DFSREvent
......................... RGRAYBG01 passed test DFSREvent
Starting test: SysVolCheck
......................... RGRAYBG01 passed test SysVolCheck
Starting test: KccEvent
......................... RGRAYBG01 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... RGRAYBG01 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... RGRAYBG01 passed test MachineAccount
Starting test: NCSecDesc
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=corp,
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=corp,
......................... RGRAYBG01 failed test NCSecDesc
Starting test: NetLogons
......................... RGRAYBG01 passed test NetLogons
Starting test: ObjectsReplicated
......................... RGRAYBG01 passed test ObjectsReplicated
Starting test: Replications
......................... RGRAYBG01 passed test Replications
Starting test: RidManager
......................... RGRAYBG01 passed test RidManager
Starting test: Services
......................... RGRAYBG01 passed test Services
Starting test: SystemLog
An Error Event occurred. EventID: 0x0000165B
Time Generated: 10/01/2010 07:30:31
Event String:
The session setup from computer 'MARTHARUIZ' failed because the secu
rity database does not contain a trust account 'MARTHARUIZ$' referenced by the s
pecified computer.
An Error Event occurred. EventID: 0x000016AD
Time Generated: 10/01/2010 07:54:19
Event String:
The session setup from the computer TIMEATTD4 failed to authenticate
. The following error occurred:
An Error Event occurred. EventID: 0xC0000010
Time Generated: 10/01/2010 08:07:03
Event String:
While processing a TGS request for the target server cifs/RGRAYAS4.c
orp.rgrayclamps.com, the account CWOLFO@CORP.RGRAYCLAMPS.CO
able key for generating a Kerberos ticket (the missing key has an ID of 8). The
requested etypes were 18 17 23 24 -135. The accounts available etypes were 2
3 -133 -128 18 17 3 1 -140. Changing or resetting the password of rgrayas
4_5_cifs will generate a proper key.
An Error Event occurred. EventID: 0x000016AD
Time Generated: 10/01/2010 08:17:24
Event String:
The session setup from the computer TIMEATTD3 failed to authenticate
. The following error occurred:
An Error Event occurred. EventID: 0x000016AD
Time Generated: 10/01/2010 08:17:24
Event String:
The session setup from the computer C01SHPLBL2 failed to authenticat
e. The following error occurred:
......................... RGRAYBG01 failed test SystemLog
Starting test: VerifyReferences
......................... RGRAYBG01 passed test VerifyReferences
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : corp
Starting test: CheckSDRefDom
......................... corp passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... corp passed test CrossRefValidation
Running enterprise tests on : corp.rgrayclamps.com
Starting test: LocatorCheck
......................... corp.rgrayclamps.com passed test
LocatorCheck
Starting test: Intersite
......................... corp.rgrayclamps.com passed test Intersite
ASKER
Do I have to change the password?
ASKER
If I do have to change it, should I do it from the computer or in AD?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
This aears to have worked
ASKER
Your the only one who came up with a solution that appears to have worked.
Great, Im glad that worked out and thank you for the grade and points. :)
ASKER