Tuesday 30 June 2015

Solution: The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller.

The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller. (LDAP Bind function call failed). Look in the details tab for error code and description.

Looking at the detailed description in the Windows Event Viewer or the "Alert Context" tab in SCOM I found the following:

User: domain\joebloggs

Event Data:
< DataItem type =" System.XmlData " time =" 2011-01-15T08:00:01.4111071+02:00 " sourceHealthServiceId =" 353-3533535-4353535353 " >
< EventData >
  < Data Name =" SupportInfo1 " > 1 </ Data >
  < Data Name =" SupportInfo2 " > 5111 </ Data >
  < Data Name =" ProcessingMode " > 0 </ Data >
  < Data Name =" ProcessingTimeInMilliseconds " > 3422 </ Data >
  < Data Name =" ErrorCode " > 49 </ Data >
  < Data Name =" ErrorDescription " > Invalid Credentials </ Data >
  < Data Name =" DCName " />
  </ EventData >
  </ DataItem >

From this it appears that a user (joebloggs) is currently logged into this computer (although has disconnected their RDP session) has had their password expire. This can be confirmed with the qwinsta command:

C:\Users\adminuser>qwinsta
 SESSIONNAME       USERNAME                 ID  STATE   TYPE        DEVICE
 services                                    0  Disc
                   joebloggs                 1  Disc
                   adminuser                 2  Active

So we simply use the rwinsta command to boot out the appropriate user ID e.g.:

rwinsta 1

For more information on this error please refer to:
https://technet.microsoft.com/en-us/library/cc727283.aspx



0 comments:

Post a Comment