Solved

Microsoft Security Update Issue

Posted on 2016-09-30
5
56 Views
Last Modified: 2016-10-22
After installing August and September security patched the end users receive an error can not contact domain controller when users are attempting to change their password.

Domain controllers are running Windows Server 2008 R2 SP1,   clients are Windows 7, Windows 8.  

Is there a security patch needed on the domain controller to fix this issue?   Does anyone know steps to fix without uninstalling the security updates?
0
Comment
Question by:Member_2_4576574
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 64

Accepted Solution

by:
btan earned 500 total points (awarded by participants)
ID: 41823781
Looks like it may be this case as shared in the forum
Check that you have UDP/TCP 464 (kpasswd) open between your clients and your DC's....
he default Active Directory service group did not have it open -- We just recently made the move to Win 10 so I figure maybe that's why it used to work.  Looks like Win7 defaulted to kpasswd but would fall back to SAM.  I'm thinking Windows 10 is kpasswd only.
I figured this one out by looking at the DNS SRV records and noticed the _kpasswd entries "[0][100][464] DCNAME.DOMAINNAME" and spotted a few drops in my firewall.
https://social.technet.microsoft.com/Forums/windowsserver/en-US/40107f29-5da8-4341-893f-245fc0882f44/users-get-the-system-cannot-contact-a-domain-controller-to-service-the-authentication-request?forum=winservergen
0
 

Author Comment

by:Member_2_4576574
ID: 41823792
This fixed the issue for us.  Thank you for the quick response.
0
 
LVL 55

Expert Comment

by:McKnife
ID: 41824688
Out of interest, which particular step solved it? (and why would this be needed, updates don't modify firewall rules?)
0
 

Author Comment

by:Member_2_4576574
ID: 41826848
Mcknife,  we opened up UDP/TCP 464 on our firewall.
0
 
LVL 64

Expert Comment

by:btan
ID: 41855068
As per advice given.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
Here's a look at newsworthy articles and community happenings during the last month.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Suggested Courses

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question