P
Paul.Nicholson
Everything fine until we had to reboot one of our DC's
(which also happens to be our exchange server).
Immediatly after getting reports of certain users missing
from global address book. Not just excluded but replaced
with blank entries. Their addresses could not be resolved.
Eventually discovered that the Authenticated User
security group was missing from the Users OU in AD,
(cannot explain how this has changed) repacing this
resolved the problem.
Problem we have now (which may or may not be related) is
to do with RAS client authentication, as before working
prior to above DC reboot, now failing to authenticate
user (Returning 930 The Authentication server didnot
respond to authentication requests in a timely fashion.
I have gone through everything i can find on the
Microsoft site but still it won't authenticate users. I
have enabled tracing and the iassam log states
[2644] 14:20:20:960: NT-SAM Names handler received
request with user identity clericu.
[2644] 14:20:20:960: Prepending default domain.
[2644] 14:20:20:960: SAM-Account-Name
is "NEASDOM\clericu".
[2644] 14:20:20:960: NT-SAM Authentication handler
received request for NEASDOM\clericu.
[2644] 14:20:20:960: Processing MS-CHAP v2 authentication.
[2644] 14:20:20:976: LogonUser succeeded.
[2644] 14:20:20:976: NT-SAM User Authorization handler
received request for NEASDOM\clericu.
[2644] 14:20:20:976: Opening LDAP connection to
mail_server.neas.northy.nhs.uk.
[2644] 14:20:20:992: Access denied -- purging Kerberos
ticket cache.
[2644] 14:20:20:992: Retrying LDAP connection to
mail_server.neas.northy.nhs.uk.
[2644] 14:20:21:023: LDAP connect failed: Access is
denied.
[2644] 14:20:21:148: Using downlevel dial-in parameters.
[2644] 14:20:21:148: NTDomain::getConnection failed:
Access is denied.
[2644] 14:20:21:148: Could not open an LDAP connection to
domain NEASDOM.
[2644] 14:20:21:148: Per-user attribute retrieval failed:
Access is denied.
We have enabled RRAS on another Server to see if this is
a local problem but this is acting the same.
Can anyone enlighted me as to how I give access so that
the LDAP connection won't fail?
(which also happens to be our exchange server).
Immediatly after getting reports of certain users missing
from global address book. Not just excluded but replaced
with blank entries. Their addresses could not be resolved.
Eventually discovered that the Authenticated User
security group was missing from the Users OU in AD,
(cannot explain how this has changed) repacing this
resolved the problem.
Problem we have now (which may or may not be related) is
to do with RAS client authentication, as before working
prior to above DC reboot, now failing to authenticate
user (Returning 930 The Authentication server didnot
respond to authentication requests in a timely fashion.
I have gone through everything i can find on the
Microsoft site but still it won't authenticate users. I
have enabled tracing and the iassam log states
[2644] 14:20:20:960: NT-SAM Names handler received
request with user identity clericu.
[2644] 14:20:20:960: Prepending default domain.
[2644] 14:20:20:960: SAM-Account-Name
is "NEASDOM\clericu".
[2644] 14:20:20:960: NT-SAM Authentication handler
received request for NEASDOM\clericu.
[2644] 14:20:20:960: Processing MS-CHAP v2 authentication.
[2644] 14:20:20:976: LogonUser succeeded.
[2644] 14:20:20:976: NT-SAM User Authorization handler
received request for NEASDOM\clericu.
[2644] 14:20:20:976: Opening LDAP connection to
mail_server.neas.northy.nhs.uk.
[2644] 14:20:20:992: Access denied -- purging Kerberos
ticket cache.
[2644] 14:20:20:992: Retrying LDAP connection to
mail_server.neas.northy.nhs.uk.
[2644] 14:20:21:023: LDAP connect failed: Access is
denied.
[2644] 14:20:21:148: Using downlevel dial-in parameters.
[2644] 14:20:21:148: NTDomain::getConnection failed:
Access is denied.
[2644] 14:20:21:148: Could not open an LDAP connection to
domain NEASDOM.
[2644] 14:20:21:148: Per-user attribute retrieval failed:
Access is denied.
We have enabled RRAS on another Server to see if this is
a local problem but this is acting the same.
Can anyone enlighted me as to how I give access so that
the LDAP connection won't fail?