LDAP bind error seen in sniffer traces

[David Pues]

Hi,

I'm troubleshooting a problem where I took some sniffer
traces.
The server sends out a bind request to the GC/DC, but this
fails. The response contains:

"8009030C: LdapErr: DSID-0C0903E2, comment:
AcceptSecurityContext error, data 0, v893"

What does this mean?

TIA,

David

 

[Eric Fleischman [MSFT]]

I've seen quite a few issues throw the DSID below, the most common of which
is:

305837 DNS, Intersite Messaging, Global Catalog, NTFRS, and "Invalid
http://support.microsoft.com/?id=305837

~Eric

 

[Jason Robarts [MSFT]]

The DSID is an internal code. It can help PSS determine the cause of the
problem. I expect this one is closely related to the "Invalid Credentials"
portion of the KB article Eric referenced. The first 800903C is the error
code - SEC_E_LOGON_DENIED. If you look at the LDAP error code returned I
expect it is Invalid Credentials. You could get the AcceptSecurityContext
message if anything is wrong with the blob passed as the SaslCredential. It
looks like its attempting to use NTLM. Typical Kerberos errors can be
excluded. The most common causes in this case are a bad account or bad
password.

The IWAM account would be a good place to start. You might look at:
http://support.microsoft.com/default.aspx?scid=kb;en-us;275167 and see if it
applies.

--
This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

In the traces, I see in the bind request:

SaslCredentials Mechanism: GSS-SPNEGO
SaslCredentials Credential: NTLMSSP@<computer
name>IWAM_<computer name><computer name>

Does this help? Is that the IWAM_ account trying to do the
bind?

What does "DSID-0C0903E2" mean?

TIA,

D/

-----Original Message-----
I've seen quite a few issues throw the DSID below, the most common of which
is:

305837 DNS, Intersite Messaging, Global Catalog, NTFRS, and "Invalid
http://support.microsoft.com/?id=305837

~Eric


--
Eric Fleischman [MSFT]
Directory Services
This posting is provided "AS IS" with no warranties, and confers no rights

Are you sure you are binding with a valid DN and password? Have you tried
replicating the same actions in a tool like LDP from the Support Tools?
I've seen that error occur when I used a faulty DN or password.

Robbie Allen
http://www.rallenhome.com/


Hi,

I'm troubleshooting a problem where I took some sniffer
traces.
The server sends out a bind request to the GC/DC, but this
fails. The response contains:

"8009030C: LdapErr: DSID-0C0903E2, comment:
AcceptSecurityContext error, data 0, v893"

What does this mean?

TIA,

David

.