DCDIAG error
rizea
numeserver LDAP bind failed with error 31.a device attached to the system is
not functioning.
Multumesc anticipat
Ovidiu Pismac[GeCAD]
"PSS ID Number: 826902
Article Last Modified on 9/20/2003
----------------------------------------------------------------------------
----
The information in this article applies to:
a.. Microsoft Windows 2000 Server
----------------------------------------------------------------------------
----
SYMPTOMS
When you try to browse the drives of a domain controller or to map a drive
to a domain controller from any client computer, you cannot do so if you try
to connect by using the domain controller name. You can browse the drives or
map a drive if you try to connect by using the IP address of the domain
controller. When you try to troubleshoot the issue, the following symptoms
may occur:
a.. After you try to connect to the domain controller by using the
Universal Naming Convention (UNC) path (\\Servername), you receive the
following warning message in the system event log:Event ID: 3034
Type: Warning
Source: MRxSmb
Description:
The redirector was unable to initialize security context or query context
attributes.
b.. If you use a Lightweight Directory Access Protocol (LDAP) utility,
such as Ldp.exe, to try to connect to the domain controller, you receive the
following error message:
ldap_bind_sW failed with 0x52(82 (Local Error)
c.. If you run the Dcdiag.exe utility to test the connectivity of the
domain controller, you receive the following error message:
DCDiag results in: LDAP bind failed with error 31
d.. If you try to manually force replication from a domain controller that
you can browse the drives of or that you can map a drive to by using the
server name to the domain controller that you cannot connect to by using the
server name, you receive the following error message:
Target Principal Name Is Incorrect
CAUSE
This issue may occur if there is an incorrect value in the
userAccountControl attribute for the domain controller that you cannot
connect to by server name.
RESOLUTION
To determine if this issue is caused by a name resolution problem, first
verify that the domain controller records appear correctly in Windows
Internet Name Service (WINS) and Domain Name System (DNS). If the records
are correct in WINS and DNS, use the Active Directory Service Interfaces
(ADSI) Edit utility to edit the userAccountControl attribute value. (The
ADSI Edit utility is located in the Support Tools folder on the Windows 2000
CD-ROM.) To edit the value, follow these steps.
Warning If you use the ADSI Edit snap-in, the LDP utility, or any other LDAP
version 3 client, and you incorrectly modify the attributes of Active
Directory objects, you can cause serious problems. These problems may
require you to reinstall Microsoft Windows 2000 Server, Microsoft Windows
Server 2003, Microsoft Exchange 2000 Server, Microsoft Exchange Server 2003,
or both Windows and Exchange. Microsoft cannot guarantee that problems that
occur if you incorrectly modify Active Directory object attributes can be
solved. Modify these attributes at your own risk.
1.. Click Start, point to Programs, point to Windows 2000 Support Tools,
point to Tools, and then click ADSI Edit.
2.. Expand Domain NC, expand DC=Domain Components, and then expand
OU=Domain Controllers.
3.. Right-click the domain controller that you cannot browse the drives of
or map a drive to, and then click Properties.
4.. In the Select which properties to view box, click Both.
5.. In the Select a property to view box, click userAccountControl.
6.. In the Edit Attribute box, type 532480, click Set, click Apply, and
then click OK.
7.. Quit ADSI Edit.
8.. Use the Netdom.exe utility to reset the security channel between the
domain controller and one of its replication partners. (Netdom.exe is
located in the Support Tools folder on the Windows 2000 CD-ROM.) To reset
the security channel, follow these steps on the domain controller that you
cannot browse or map a network drive to:
1.. Set the Startup type of the Kerberos Key Distribution Center service
to Manual, and then stop the service. (Because you are trying to reset the
password for a Windows domain controller, you must complete this procedure
before you go to step 8b.) To do so, follow these steps:
1.. Click Start, point to Programs, point to Administrative Tools, and
then click Services.
2.. In the right pane, right-click Kerberos Key Distribution Center,
and then click Properties.
3.. In the Startup type box, click Manual.
4.. Click Stop, and then click OK.
2.. At a command prompt, type the following command, where
Replication_Partner_Server_Name is the fully qualified DNS or NetBIOS name
of a domain controller in the same domain as the local computer, and
domainname\administrator_id is the NetBIOS domain name and administrator ID
respectively:
netdom resetpwd /server:Replication_Partner_Server_Name
/userd:domainname\administrator_id /passwordd:*
Adding the asterisk (*) value to the /passwordd: parameter specifies
that you will be prompted for the password.
9.. Restart the domain controller, and wait several minutes for
replication to occur.
Note After you restart the domain controller, you can restart the Kerberos
Key Distribution Center service and then reset its Startup type to
Automatic.
MORE INFORMATION
For additional information about how to install the Windows 2000 Support
Tools, click the following article number to view the article in the
Microsoft Knowledge Base:
301423 HOW TO: Install the Windows 2000 Support Tools to a Windows 2000
Server-Based Computer
For more information about the Dcdiag.exe utility, visit the following
Microsoft Web site:
http://www.microsoft.com/windows2000/techinfo/reskit/tools/new/dcdiag-o.asp
For more information about the how to force Active Directory directory
service replication, visit the following Microsoft Web site:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windowsserver2003/proddocs/entserver/dssite_force_repl.asp
For additional information about how to use Ldp.exe, click the following
article number to view the article in the Microsoft Knowledge Base:
224543 Using Ldp.exe to Find Data in the Active Directory
For additional information about the Netdom.exe utility, click the following
article number to view the article in the Microsoft Knowledge Base:
260575 HOW TO: Use Netdom.exe to Reset Machine Account Passwords of a
Windows 2000 Domain Controller"
--
--
Ovidiu Pismac , MCSE,MCSA Messaging
GeCAD Software
***
Continutul acestui mesaj trebuie considerat "ca atare", fara a fi scos din
contextul in care a fost trimis. Acest mesaj nu implica nici o obligatie sau
responsabilitate din partea expeditorului sau al angajatorului acestuia.
Va rugam sa continuati discutia pe acest forum si nu prin mesaj direct catre
expeditor.
Adresa de email cu care a fost expediat acest mesaj a fost modificata
intentionat pentru a preveni includerea automata pe listele de spam (a se
inlocui .rom cu .ro)
***
"rizea" <rizea....@idah.ro> wrote in message
news:uNMdIG$OEHA...@TK2MSFTNGP10.phx.gbl...