Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Microsoft Security Update Issue

Posted on 2016-09-30
5
Medium Priority
?
74 Views
Last Modified: 2016-10-22
After installing August and September security patched the end users receive an error can not contact domain controller when users are attempting to change their password.

Domain controllers are running Windows Server 2008 R2 SP1,   clients are Windows 7, Windows 8.  

Is there a security patch needed on the domain controller to fix this issue?   Does anyone know steps to fix without uninstalling the security updates?
0
Comment
Question by:Member_2_4576574
  • 2
  • 2
5 Comments
 
LVL 65

Accepted Solution

by:
btan earned 2000 total points (awarded by participants)
ID: 41823781
Looks like it may be this case as shared in the forum
Check that you have UDP/TCP 464 (kpasswd) open between your clients and your DC's....
he default Active Directory service group did not have it open -- We just recently made the move to Win 10 so I figure maybe that's why it used to work.  Looks like Win7 defaulted to kpasswd but would fall back to SAM.  I'm thinking Windows 10 is kpasswd only.
I figured this one out by looking at the DNS SRV records and noticed the _kpasswd entries "[0][100][464] DCNAME.DOMAINNAME" and spotted a few drops in my firewall.
https://social.technet.microsoft.com/Forums/windowsserver/en-US/40107f29-5da8-4341-893f-245fc0882f44/users-get-the-system-cannot-contact-a-domain-controller-to-service-the-authentication-request?forum=winservergen
0
 

Author Comment

by:Member_2_4576574
ID: 41823792
This fixed the issue for us.  Thank you for the quick response.
0
 
LVL 57

Expert Comment

by:McKnife
ID: 41824688
Out of interest, which particular step solved it? (and why would this be needed, updates don't modify firewall rules?)
0
 

Author Comment

by:Member_2_4576574
ID: 41826848
Mcknife,  we opened up UDP/TCP 464 on our firewall.
0
 
LVL 65

Expert Comment

by:btan
ID: 41855068
As per advice given.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
High user turnover can cause old/redundant user data to consume valuable space. UserResourceCleanup was developed to address this by automatically deleting user folders when the user account is deleted.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question