Naming information cannot be located because: logon attempt failed

0 comments

Posted on 20th March 2009 by Mike in Atlanta Computer Repair

, , , , , , , , ,

At a company I found that we couldnt open active directory users and computers without receiving the following error message.
Naming information cannot be located because: logon attempt failed contact your administrator to check and see if the domain…

When I tried to use Active Directory Domains and Trusts, this error message was displayed:
The configuration information describing this enterprise is not available. The logon attempt failed

dcdiag command errored with:
LDAP bind failed with error 1323, unable to update the password. The value provided as the current password is incorrect. ***Error: The machine could not attach to the DC because the credentials were incorrect. Check your credentials or specify credentials with /u:\ & /p:[ |*|""

Other symptoms included:

  • I would get kicked off of terminal services at random and denied access back in for random periods of time.
  • Users were being asked to enter their user/pass when connecting to a share (even though they had authenticated to the domain during winlogon)
    • Re-entering the user/pass wouldn't fix it
    • At random this behavior would disappear
  • Netdiag says everything passed

Since I was logged into the server as the administrator I knew my logon attempt hadn't failed.

I did some googling and found the following MS Knowledge base article:
http://support.microsoft.com/kb/257346

...which suggests that the "Access This Computer from the Network" group policy User Right was disabled for our Administrator account so I followed the instructions to no avail. I updated group policy to include the administrator's account and verified the change enforced using secedit had completed successfully...

I did more googling and found this article that suggest possible virus infections:
http://support.microsoft.com/kb/328691

...So I scanned for viruses, found a few and promptly removed them... but still the same behaviors persisted.

I googled more on the dcdiag errors and found that there may be an RPC problem. I verified RPC functionality using this knowledge base article and portqryv2.
http://support.microsoft.com/kb/310456

portqry.exe -n 10.10.10.2 -e 135 revealed that RPC was listing on random ports above 1024.
portqry.exe -n 10.10.10.2 -o 1026,1028,1056,1060,etc,etc revealed that all the ports shown in [brackets] from the above output were “listening” except for one
portqry.exe -n 10.10.10.2 -o {not listening port discovered in above step} -p UDP revealed this port was udp and listening just fine

but before I realized the port was a udp port i changed the ports to the 5000 – 5100 range to see if there was a port conflict or being blocked by firewalls, etc.
To manually set the port numbers RPC uses follow this article:
http://support.microsoft.com/kb/154596

I also ruled out DNS error possibilities, which I found a couple of misspellings, fixed them, and restarted DNS.

Somewhere amongst microsoft.com I found an article that suggested the network card drivers could be unsupported and to compare them to the WQHL. So as a final effort we checked the drivers… they were WQHL certified.. :-( After discussing the complications with the business owner we came to the conclusion that it could have something to do with the network cards (it’s about a 10 year old server, and it has been surged upon a time or two). So I switched over to the other onboard NIC rebooted, and all the problems went away!

All except on one computer… the owner’s laptop. Now he can’t log onto the domain.

Assuming his security credentials were cached and corrupted due to the server’s network card being flaky, I disjoined & rejoined the domain. Upon first try rebooting, the log on to box took forever to switch to the domain name. As a matter of fact it said something like “Waiting for the list of domains to generate”… I had to press ctrl+alt+del to get the message to go away and allow me to select the customer’s domain. When I tried to login though it said something about the domain is not available… but how could it not be available I just joined it and rebooted just fine… this turned out to be a DNS issue where his DNS was pointing to his ISP instead of the dns server at his office. I corrected this and re-dis-joined and re-re-joined the domain again, after rebooting the domain list propagated quickly but I couldnt login because my account wasn’t found in the domain or something… bleh… I went to the server and removed his computer name from the list of computers in active directory users and computers. Then I changed his computer name and re-re-dis-joined and re-re-rejoined the domain only to find myself back at the same problem where the domain was not available.

I found the following event ids in the system log:
Event ID:5719
Event ID:5721
Event ID:8021
Event ID:8032
Event ID:40960
Event ID:40961

Googled around somemore and found the fix!
Added “DNS” to the DependOnService key (under LanmanServer, dont remove lanmanserver from this key!) under the following registry key
HKLM\System\CurrentControlSet\Services\Netlogon

Thank you google!

No comments yet.

Leave a comment

If you are human, count objects:
Enable this image please
 I see:
- +
- +
- +
Ironclad CAPTCHA (Security Stronghold)

Switch to our mobile site