Solved

Microsoft Security Update Issue

Posted on 2016-09-30
5
35 Views
Last Modified: 2016-10-22
After installing August and September security patched the end users receive an error can not contact domain controller when users are attempting to change their password.

Domain controllers are running Windows Server 2008 R2 SP1,   clients are Windows 7, Windows 8.  

Is there a security patch needed on the domain controller to fix this issue?   Does anyone know steps to fix without uninstalling the security updates?
0
Comment
Question by:Member_2_4576574
  • 2
  • 2
5 Comments
 
LVL 62

Accepted Solution

by:
btan earned 500 total points (awarded by participants)
ID: 41823781
Looks like it may be this case as shared in the forum
Check that you have UDP/TCP 464 (kpasswd) open between your clients and your DC's....
he default Active Directory service group did not have it open -- We just recently made the move to Win 10 so I figure maybe that's why it used to work.  Looks like Win7 defaulted to kpasswd but would fall back to SAM.  I'm thinking Windows 10 is kpasswd only.
I figured this one out by looking at the DNS SRV records and noticed the _kpasswd entries "[0][100][464] DCNAME.DOMAINNAME" and spotted a few drops in my firewall.
https://social.technet.microsoft.com/Forums/windowsserver/en-US/40107f29-5da8-4341-893f-245fc0882f44/users-get-the-system-cannot-contact-a-domain-controller-to-service-the-authentication-request?forum=winservergen
0
 

Author Comment

by:Member_2_4576574
ID: 41823792
This fixed the issue for us.  Thank you for the quick response.
0
 
LVL 54

Expert Comment

by:McKnife
ID: 41824688
Out of interest, which particular step solved it? (and why would this be needed, updates don't modify firewall rules?)
0
 

Author Comment

by:Member_2_4576574
ID: 41826848
Mcknife,  we opened up UDP/TCP 464 on our firewall.
0
 
LVL 62

Expert Comment

by:btan
ID: 41855068
As per advice given.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How to search SamAccount in AD but filtered by mail? 8 48
Duplicate SPN records 4 22
Bind Mac To Azure AD 1 35
3rd Party Single Sign on vendor 1 13
Mapping Drives using Group policy preferences Are you still using old scripts to map your network drives if so this article will show you how to get away for old scripts and move toward Group Policy Preference for mapping them. First things f…
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question