Solved

Microsoft Security Update Issue

Posted on 2016-09-30
5
31 Views
Last Modified: 2016-10-22
After installing August and September security patched the end users receive an error can not contact domain controller when users are attempting to change their password.

Domain controllers are running Windows Server 2008 R2 SP1,   clients are Windows 7, Windows 8.  

Is there a security patch needed on the domain controller to fix this issue?   Does anyone know steps to fix without uninstalling the security updates?
0
Comment
Question by:Member_2_4576574
  • 2
  • 2
5 Comments
 
LVL 62

Accepted Solution

by:
btan earned 500 total points (awarded by participants)
ID: 41823781
Looks like it may be this case as shared in the forum
Check that you have UDP/TCP 464 (kpasswd) open between your clients and your DC's....
he default Active Directory service group did not have it open -- We just recently made the move to Win 10 so I figure maybe that's why it used to work.  Looks like Win7 defaulted to kpasswd but would fall back to SAM.  I'm thinking Windows 10 is kpasswd only.
I figured this one out by looking at the DNS SRV records and noticed the _kpasswd entries "[0][100][464] DCNAME.DOMAINNAME" and spotted a few drops in my firewall.
https://social.technet.microsoft.com/Forums/windowsserver/en-US/40107f29-5da8-4341-893f-245fc0882f44/users-get-the-system-cannot-contact-a-domain-controller-to-service-the-authentication-request?forum=winservergen
0
 

Author Comment

by:Member_2_4576574
ID: 41823792
This fixed the issue for us.  Thank you for the quick response.
0
 
LVL 53

Expert Comment

by:McKnife
ID: 41824688
Out of interest, which particular step solved it? (and why would this be needed, updates don't modify firewall rules?)
0
 

Author Comment

by:Member_2_4576574
ID: 41826848
Mcknife,  we opened up UDP/TCP 464 on our firewall.
0
 
LVL 62

Expert Comment

by:btan
ID: 41855068
As per advice given.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As network administrators; we know how hard it is to track user’s login/logout using security event log (BTW it is harder now in windows 2008 because user name is always “N/A” in the grid), and most of us either get 3rd party tools, or just make our…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

27 Experts available now in Live!

Get 1:1 Help Now