No AD connection on server

I have a Windows Server 2008 that have some problems.

When I try to add a member to a group (Remote Desktop Users) I get this dialog when clicking "Advanced" telling me "The system detected a possible attempt to compromise security. Please ensure that you can contact the server that authenticated you. "
Screen
I tried to remove the machine from DNS to see if it reregistered, but it didn't (after reboot).

On the server where I am trying to add a user to a group, I get this event:
The Security System detected an authentication error for the server
ldap/DC2.MyDOMAIN.dk. The failure code from authentication protocol 
Kerberos was "  (0x80080341)".

Open in new window


Level: Warning
IEvent ID: 40960
User: SYSTEM

Any ideas?
Kasper KatzmannSeniorkonsulentAsked:
Who is Participating?
 
Kasper KatzmannSeniorkonsulentAuthor Commented:
Problem solved. It turned out to be due to an old error/mistake in group policy, that only allowed the servers to use DES_CBC_MD5. After removing the bad GPO the policy wasn't reset on the server.

This is what I did to solve the problem:

1.

Opened Secpol.msc

2.

Went to Local Policies/Security Options

3.

Found Network security: Configure encryption types allowed for Kerberos and removed the tick from DES_CBC_MD5 (and all others if there were any)
Thanks for your suggestions anyway. It could just as well have been any of that.

Case closed :-)
0
 
Krzysztof PytkoSenior Active Directory EngineerCommented:
Can you verify if you DC/server are activated (genuine) ?

Regards,
Krzysztof
0
 
Sushil SonawaneCommented:
Remove the member server form domain and rejoin then check
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
Life1430Sr EngineerCommented:
Have you checked the DNS setting on this server ..Is it pointing to internal DNS ..??

See below link if it help
http://support.microsoft.com/kb/938457
0
 
Life1430Sr EngineerCommented:
Thats Great
0
 
Kasper KatzmannSeniorkonsulentAuthor Commented:
I found the solution on my own
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.