?
Solved

LDAP Bind Function Call failed

Posted on 2014-02-18
6
Medium Priority
?
4,529 Views
Last Modified: 2015-05-07
Hi
 I am trying to test a group policy and when using gpupdate /force command I get
User Policy update has completed successfully.
Computer policy could not be updated successfully. The following errors were enc
ountered:

The processing of Group Policy failed. Windows could not authenticate to the Act
ive Directory service on a domain controller. (LDAP Bind function call failed).
Look in the details tab for error code and description.

To diagnose the failure, review the event log or run GPRESULT /H GPReport.html f
rom the command line to access information about Group Policy results.


We are using 2008 R2 Standard, and 2003 forest level for GP

the Client is  Windows 7

I have done some research and changed the password , locked / unlocked and run the command again and the same thing happens. The log shows as Error 49
0
Comment
Question by:adviceplease
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 20

Accepted Solution

by:
compdigit44 earned 2000 total points
ID: 39868969
Does the error happen on one workstation or all?
Are there any errors in the event logs on the server and client?
Do the workstation have multiple network connections?
1
 

Author Comment

by:adviceplease
ID: 39869703
Hi
 It just seems to be the one i am using, i have tried a couple of others and they seem ok,

the error log shows the below

- System

  - Provider

   [ Name]  Microsoft-Windows-GroupPolicy
   [ Guid]  {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}
 
   EventID 1006
 
   Version 0
 
   Level 2
 
   Task 0
 
   Opcode 1
 
   Keywords 0x8000000000000000
 
  - TimeCreated

   [ SystemTime]  2014-02-19T08:51:47.367877900Z
 
   EventRecordID 104195
 
  - Correlation

   [ ActivityID]  {8FE2A57D-7839-44FB-8F8D-CC64F8DBCA09}
 
  - Execution

   [ ProcessID]  1288
   [ ThreadID]  2852
 
   Channel System
 
   Computer cmrChrisStanley.celtic-manor.local
 
  - Security

   [ UserID]  S-1-5-18
 

- EventData

  SupportInfo1 1
  SupportInfo2 5012
  ProcessingMode 0
  ProcessingTimeInMilliseconds 1045
  ErrorCode 49
  ErrorDescription Invalid Credentials
  DCName  

there is only one live network connection, there is a VPN connection but this isn't being used
0
 
LVL 26

Expert Comment

by:Leon Fester
ID: 39870449
Error code 49 (Invalid credentials)

This error code might indicate that the user's password expired while the user is still logged on the computer.

To correct invalid credentials:
1.Change the user's password.
2.Lock/unlock the workstation.
3.Check if there are any system services running as the user account.
4.Verify the password in service configuration is correct for the user account.

http://technet.microsoft.com/en-us/library/cc727283(v=ws.10).aspx

I also saw another post about the logon time restrictions resulting in the group policy not being able to update the workstation too.

http://windoh.wordpress.com/2012/05/18/group-policy-error-ldap-bind-fails/

Another post mentioned invalid DNS entries in hosts. file
http://clintboessen.blogspot.com/2011/01/microsoft-windows-grouppolicy-event-id.html
http://clintboessen.blogspot.com/2011/01/microsoft-windows-grouppolicy-event-id.html
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 20

Expert Comment

by:compdigit44
ID: 39870775
Is the workstation in the same OU as the other workstations?
Are you using a wired or wireless connection?
Are there any error on the clients event logs?
On the GP are the SYSvol and Template versions at the same numbers?
Are other GP's processing on the workstation?
Have you tried to create a new computer GP and apply it to this workstation as a test?
0
 
LVL 25

Expert Comment

by:Coralon
ID: 39871830
You can also try removing the machine from the domain, and re-adding it.  This will completely re-establish the secure channel password.

Coralon
0
 
LVL 20

Expert Comment

by:compdigit44
ID: 39871920
If you do this you can reset the computer account password first then disjoin and rejoin the domain to retain the computers SID...
0

Featured Post

Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
Suggested Courses
Course of the Month10 days, 23 hours left to enroll

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question