• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 77
  • Last Modified:

Microsoft Security Update Issue

After installing August and September security patched the end users receive an error can not contact domain controller when users are attempting to change their password.

Domain controllers are running Windows Server 2008 R2 SP1,   clients are Windows 7, Windows 8.  

Is there a security patch needed on the domain controller to fix this issue?   Does anyone know steps to fix without uninstalling the security updates?
0
Member_2_4576574
Asked:
Member_2_4576574
  • 2
  • 2
1 Solution
 
btanExec ConsultantCommented:
Looks like it may be this case as shared in the forum
Check that you have UDP/TCP 464 (kpasswd) open between your clients and your DC's....
he default Active Directory service group did not have it open -- We just recently made the move to Win 10 so I figure maybe that's why it used to work.  Looks like Win7 defaulted to kpasswd but would fall back to SAM.  I'm thinking Windows 10 is kpasswd only.
I figured this one out by looking at the DNS SRV records and noticed the _kpasswd entries "[0][100][464] DCNAME.DOMAINNAME" and spotted a few drops in my firewall.
https://social.technet.microsoft.com/Forums/windowsserver/en-US/40107f29-5da8-4341-893f-245fc0882f44/users-get-the-system-cannot-contact-a-domain-controller-to-service-the-authentication-request?forum=winservergen
0
 
Member_2_4576574Author Commented:
This fixed the issue for us.  Thank you for the quick response.
0
 
McKnifeCommented:
Out of interest, which particular step solved it? (and why would this be needed, updates don't modify firewall rules?)
0
 
Member_2_4576574Author Commented:
Mcknife,  we opened up UDP/TCP 464 on our firewall.
0
 
btanExec ConsultantCommented:
As per advice given.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now