No AD connection on server

Posted on 2012-09-20
Last Modified: 2012-09-25
I have a Windows Server 2008 that have some problems.

When I try to add a member to a group (Remote Desktop Users) I get this dialog when clicking "Advanced" telling me "The system detected a possible attempt to compromise security. Please ensure that you can contact the server that authenticated you. "
I tried to remove the machine from DNS to see if it reregistered, but it didn't (after reboot).

On the server where I am trying to add a user to a group, I get this event:
The Security System detected an authentication error for the server
ldap/ The failure code from authentication protocol 
Kerberos was "  (0x80080341)".

Open in new window

Level: Warning
IEvent ID: 40960

Any ideas?
Question by:Kasper Katzmann
    LVL 39

    Expert Comment

    by:Krzysztof Pytko
    Can you verify if you DC/server are activated (genuine) ?

    LVL 18

    Expert Comment

    by:Sushil Sonawane
    Remove the member server form domain and rejoin then check
    LVL 18

    Expert Comment

    Have you checked the DNS setting on this server ..Is it pointing to internal DNS ..??

    See below link if it help

    Accepted Solution

    Problem solved. It turned out to be due to an old error/mistake in group policy, that only allowed the servers to use DES_CBC_MD5. After removing the bad GPO the policy wasn't reset on the server.

    This is what I did to solve the problem:


    Opened Secpol.msc


    Went to Local Policies/Security Options


    Found Network security: Configure encryption types allowed for Kerberos and removed the tick from DES_CBC_MD5 (and all others if there were any)
    Thanks for your suggestions anyway. It could just as well have been any of that.

    Case closed :-)
    LVL 18

    Expert Comment

    Thats Great

    Author Closing Comment

    by:Kasper Katzmann
    I found the solution on my own

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Better Security Awareness With Threat Intelligence

    See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

    To effectively work with Diskpart on a Server Core, it is necessary to write some small batch script's, because you can't execute diskpart in a remote powershell session. To get startet, place the Diskpart batch script's into a share on your loca…
    You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
    This tutorial will show how to inventory, catalog, and restore media from legacy versions of Backup Exec into both 2012 and 2014 versions of the software. Select Storage from the tabs along the ribbon bar as the top: Ensure the proper storage devi…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    10 Experts available now in Live!

    Get 1:1 Help Now