• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 5435
  • Last Modified:

LDAP Bind Function Call failed

 I am trying to test a group policy and when using gpupdate /force command I get
User Policy update has completed successfully.
Computer policy could not be updated successfully. The following errors were enc

The processing of Group Policy failed. Windows could not authenticate to the Act
ive Directory service on a domain controller. (LDAP Bind function call failed).
Look in the details tab for error code and description.

To diagnose the failure, review the event log or run GPRESULT /H GPReport.html f
rom the command line to access information about Group Policy results.

We are using 2008 R2 Standard, and 2003 forest level for GP

the Client is  Windows 7

I have done some research and changed the password , locked / unlocked and run the command again and the same thing happens. The log shows as Error 49
1 Solution
Does the error happen on one workstation or all?
Are there any errors in the event logs on the server and client?
Do the workstation have multiple network connections?
advicepleaseAuthor Commented:
 It just seems to be the one i am using, i have tried a couple of others and they seem ok,

the error log shows the below

- System

  - Provider

   [ Name]  Microsoft-Windows-GroupPolicy
   [ Guid]  {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}
   EventID 1006
   Version 0
   Level 2
   Task 0
   Opcode 1
   Keywords 0x8000000000000000
  - TimeCreated

   [ SystemTime]  2014-02-19T08:51:47.367877900Z
   EventRecordID 104195
  - Correlation

   [ ActivityID]  {8FE2A57D-7839-44FB-8F8D-CC64F8DBCA09}
  - Execution

   [ ProcessID]  1288
   [ ThreadID]  2852
   Channel System
   Computer cmrChrisStanley.celtic-manor.local
  - Security

   [ UserID]  S-1-5-18

- EventData

  SupportInfo1 1
  SupportInfo2 5012
  ProcessingMode 0
  ProcessingTimeInMilliseconds 1045
  ErrorCode 49
  ErrorDescription Invalid Credentials

there is only one live network connection, there is a VPN connection but this isn't being used
Leon FesterSenior Solutions ArchitectCommented:
Error code 49 (Invalid credentials)

This error code might indicate that the user's password expired while the user is still logged on the computer.

To correct invalid credentials:
1.Change the user's password.
2.Lock/unlock the workstation.
3.Check if there are any system services running as the user account.
4.Verify the password in service configuration is correct for the user account.


I also saw another post about the logon time restrictions resulting in the group policy not being able to update the workstation too.


Another post mentioned invalid DNS entries in hosts. file
SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

Is the workstation in the same OU as the other workstations?
Are you using a wired or wireless connection?
Are there any error on the clients event logs?
On the GP are the SYSvol and Template versions at the same numbers?
Are other GP's processing on the workstation?
Have you tried to create a new computer GP and apply it to this workstation as a test?
You can also try removing the machine from the domain, and re-adding it.  This will completely re-establish the secure channel password.

If you do this you can reset the computer account password first then disjoin and rejoin the domain to retain the computers SID...
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Tackle projects and never again get stuck behind a technical roadblock.
Join Now