The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller. (LDAP Bind function call failed).
John H
How can I resolve the following error:
The processing of Group Policy failed. Windows could not authenticate to the
Active Directory service on a domain controller. (LDAP Bind function call
failed).
Here is some background info:
Domfile1 and domfile2, I have rebuilt with RAID 5, 3 146 gb drives, win2008
server enterprise x64 edition. Installed all Microsoft important and
critical updates, including SP2. I ran into some issues after joining these
servers to the domain, that sometimes within a few minutes or a hour or two
later, we lose trust relationship with our domain controller. Getting
prompts to log on to network share, when I should not get a logon prompt
under domain admin login. Also, while testing moving files from server to
share and back, that should take a minute, taking hours and timing out, or
locking up. I am working with HP. HP had me install about 50 driver and
firmware updates. This did not resolve the issue. HP has replaced the board
that contains the NIC,VGA monitor input, mouse and keyboard inputs, and usb
inputs, all on one board. This did not resolve the issue. We ran a crossover
cable from Dombumgr6 to domfile1, and we still lost network connectivity. I
had HP to replace the system or motherboard, also. This did not resolve the
issue. It appears once the trust or network connectivity is broken, the
server has to be rebuilt to get it operational again. Continuing to
investigate. I will open ticket with Microsoft on this issue, since server
hardware has been replaced and it is still occurring.
Meinolf Weber [MVP-DS]
Hello John,
You talk about rebuilding, please be more specific about that. What happens
before the rebuilding and how did you do it, form backup, image etc.? Authoritative
or non-authoritative restores? Also some infos about the complete domain
setup can be helpful, amount of DCs, sites etc.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
John H
It was a fresh build from scratch. Using HP SmartStart CD, to setup raid,
and format disk, this installed the basic motherboard drivers and patches.
Windows Server 2008 Enterprise x64 operating system was installed from CD,
We have a volume lincense. I used windows update to install latest Microsoft
Windows updates. Then I joined it to our domain.
We have a two node domain cluster, that is running Windows 2008 Enterprise
Server x64, with four resources that's capable of failing over. We have only
one domain "dom.gov."
We have had problems with our domain clusters failing daily. We have been
working with various support groups over a month on the issue. Microsoft
Support, Symantec Support, Enterprise Vault support, and HP Support with
different components of the event log that was giving us errors. We have
cleared 98% of the event log errors, and it is still happening. So we are
running out of options, so we are planning to rebuild our domain controllers
all over again.
The original domain controllers we had was Windows Server 2003, that was
migrated over to a windows 2008 server x64. In short Memory leaks were fixed
on these domain controller driver update and firmware updates were
completed. Numerous log dumps was emailed over to the various support
groups.
That brings me to the part I was working on. Setting up new servers to move
our domain controllers to. It appeared that the NIC card connectivity was
failing sporadically, which caused lost to the domain controller. So we had
HP hardware support to replace the NIC card. The problem still occured so we
had them to replace the motherboard, and the problem stil occured. Also, I
must mention hp support made sure we had the latest drivers and firmware
updates. They determined that it was a Operating System Problem or a
Network problem. We took one of the servers that I rebuild off of our
network, ran a direct connect using a crossover cable to another server
directly and we still was losing network connectivity sporadically.
We just had a break through yesterday, by moving from Microsoft Active
Directory support to Microsoft Network Support that resolved the problem
with the Network cards losing connectivity. Here was there solution:
1. On any and all active NICs, right-click > Properties > configure
� Set IPv4 Checksum Offload to None
� Set IPv4 Large Send Offload to Disable
� Set Receive Side Scaling to Disable
2. Open an Administrator command prompt and execute the following
commands
� Netsh int tcp set global rss=disabled
� Netsh int tcp set global chimney=disabled
***This appeared to have fix the NIC sporadically losing connection. ****
This fix above worked*******
Before this fix we were getting error logs, such as the ones below:
Log Name: System
Source: Microsoft-Windows-GroupPolicy
Date: 6/18/2009 2:42:22 PM
Event ID: 1006
Task Category: None
Level: Error
Keywords:
User: DOM\netadm5
Computer: DOMFILE2.dom.gov
Description:
The processing of Group Policy failed. Windows could not authenticate to the
Active Directory service on a domain controller. (LDAP Bind function call
failed). Look in the details tab for error code and description.
Computer DOMFILE2.dom.gov
Error: Failed to register for connectivity notification. Error code 1230.
User logon policy processing failed for DOM\netadm5 in 6 seconds.
Group Policy failed to discover the Domain Controller details in 5382
milliseconds.
"Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
news:ff16fb66282858...@msnews.microsoft.com...
Meinolf Weber [MVP-DS]
Hello John,
Nice to hear that you got it solved. Thanks for posting back.