Cannot access Active Directory

[Ivan]

Hi,

I have a very strange problem. We have a windows 200 domain with two
domain controllers. They have been running for almost a year now and
without a problem. This morning we found that some processes were not
starting. When we checked the servers, it told us that it was due to
logon failures.

When I tried to open Active directory Users and Computers, I got an
error stating:
Naming information cannot be located because:
The logon attempt failed
Contact your system administrator to verify that your domain is
properly configured and is currently online.

Being a member of the enterprise administrator group, and with the
servers working fine for such a long time, I was surprised to see this
error. I even tried to access Active Directory after loging in using
the Administrator ID. I got the same message. I tried doing a netdiag
and found that the DC List test failed.
Everything else seemed fine, just the following seems wrong on
netdiag:

DC list test . . . . . . . . . . . : Failed


Trust relationship test. . . . . . : Passed
[WARNING] Don't have access to test your domain sid for domain
'DOMAIN'.

[Test skipped]
Secure channel for domain 'DOMAIN' is to
'\\server-001.domain.lcl'.


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed
[FATAL] Cannot do NTLM authenticated ldap_bind to
'server-001.domain.lcl': Invalid Credentials.
[FATAL] Cannot do Negotiate authenticated ldap_bind to
'server-001.domain.lcl': Invalid Credentials.
[WARNING] Failed to query SPN registration on DC
'server-001.domain.lcl'.
[WARNING] Failed to query SPN registration on DC
'server-003.domain.lcl'.

Bindings test. . . . . . . . . . . : Passed

Is there anyway to fix the active directory so that it will allow me
to get in and fix it. I tried dcdiag and that gave me the following:

DC Diagnosis

Performing initial setup:
[server-001] LDAP bind failed with error 1323,
Unable to update the password. The value provided as the current
password is
incorrect..
***Error: The machine could not attach to the DC because the
credentials
were incorrect. Check your credentials or specify credentials with
/u:<domain>\<user> & /p:[<password>|*|""]


Please help me fix this issue and figure out how this happened. I am
open to try out any suggestions.

Thanks in advance.

Regards,

Ivan.

 

[Eric Burke [MSFT]]

Hi Ivan,

If nothing else has changed in your environment, it's possible you might
have a virus. Please check for and try the following. If you have to boot
into DS restore mode, then just search the system32 folder for the following
files.

1. On the processes tab ended TASKMNGR.EXE in Task Manager.
2. Rename the following files in the system32 folder:
nt32.ini
nt16.ini
dll32nt.hlp
xvpll.hlp
dll32.hlp
httpsearch.ini
mdm.scr
gates.txt
taskmngr.exe
secedit.sdb
seced.bat
ocx.dll
dll16.ini
gg.bat
ocxdll.exe
Note: Some of these files may not be present

3. In the registry deleted the following Rundll32 value had taskmngr.exe
(note the
"N" in taskmngr) in it at:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

4. Add missing entries to gmptpl.inf (located @
C:\WINNT\SYSVOL\sysvol\<domainname>\Policies\{6AC1786C-016F-11D2-945F-00C04f
B984F9}\
MACHINE\Microsoft\Windows NT\SecEdit) by comparing against a known good

This virus changed the following value:
SeNetworkLogonRight

Note: This will only remove the effects of the original infection and does
not
remove any additional backdoors or viruses that have been put on the machine
once
the machine was infected. Customer should restore from verified media from a
known
good point before the machine was infected or format and reinstall the
infected
machine and perform data recovery.


--
Eric Burke [MSFT]
Microsoft Directory Services
--

This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this
message are best directed to the newsgroup/thread from which they
originated.

Hi,

I have a very strange problem. We have a windows 200 domain with two
domain controllers. They have been running for almost a year now and
without a problem. This morning we found that some processes were not
starting. When we checked the servers, it told us that it was due to
logon failures.

When I tried to open Active directory Users and Computers, I got an
error stating:
Naming information cannot be located because:
The logon attempt failed
Contact your system administrator to verify that your domain is
properly configured and is currently online.

Being a member of the enterprise administrator group, and with the
servers working fine for such a long time, I was surprised to see this
error. I even tried to access Active Directory after loging in using
the Administrator ID. I got the same message. I tried doing a netdiag
and found that the DC List test failed.
Everything else seemed fine, just the following seems wrong on
netdiag:

DC list test . . . . . . . . . . . : Failed


Trust relationship test. . . . . . : Passed
[WARNING] Don't have access to test your domain sid for domain
'DOMAIN'.

[Test skipped]
Secure channel for domain 'DOMAIN' is to
'\\server-001.domain.lcl'.


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed
[FATAL] Cannot do NTLM authenticated ldap_bind to
'server-001.domain.lcl': Invalid Credentials.
[FATAL] Cannot do Negotiate authenticated ldap_bind to
'server-001.domain.lcl': Invalid Credentials.
[WARNING] Failed to query SPN registration on DC
'server-001.domain.lcl'.
[WARNING] Failed to query SPN registration on DC
'server-003.domain.lcl'.

Bindings test. . . . . . . . . . . : Passed

Is there anyway to fix the active directory so that it will allow me
to get in and fix it. I tried dcdiag and that gave me the following:

DC Diagnosis

Performing initial setup:
[server-001] LDAP bind failed with error 1323,
Unable to update the password. The value provided as the current
password is
incorrect..
***Error: The machine could not attach to the DC because the
credentials
were incorrect. Check your credentials or specify credentials with
/u:<domain>\<user> & /p:[<password>|*|""]


Please help me fix this issue and figure out how this happened. I am
open to try out any suggestions.

Thanks in advance.

Regards,

Ivan.

 

[drerror]

Hello,



Actually I have a problem here in my office that we have a Server running on Windows 2003 and it’s a domain based server. Also we have an Antivirus Symantec Endpoint Protection but the problem is that I am unable to access the Active directory its saying



"[font='Times New Roman','serif']Naming information cannot be located because: The requested service provider could not be loaded or initialized. Verify that your domain is properly configured and is currently online[/font]".



We have been using it since one year with no issues of adding/deleting or modifying any user on this domain network.



1. Problem showed up when I tried to update my Antivirus online but it couldn't perform the action because the Internet was not working on it, but it’s working everywhere on the Network.

2. After that I checked every corner regarding IP/DNS settings but nothing seemed to be change.

3. Then I tried to reset the Symantec Password due to its network settings because I was unable to access its manager console but it actually took the rights from me to access the Active Directory. I Uninstalled it (Antivirus) thought maybe it will be allow me but it did not.

4. Now is there any possibility that I could retrieve AD database and restore it because I don't see any Restore Checkpoints in the restore/backup (ntbackup) section.



As we have a very small network so we never hired someone from IT specifically.

Kindly let me know as soon as possible if there is any way out or do I have re-install windows and reconfigure the whole network domain settings/profiles again.

Regards,

Shoaib. C