Something is really buggy with our Active Directory here at our company. We can query and ping everything just fine. The time is correct. We have restarted both of our Domain Controllers. We also use a Remote product called "DameWare" and we can't log on to our remote systems as we usually do, we can only log on with the local administrator accounts. If we try logging with our DomainAdmin accounts we get a error "The token supplied to the function is invalid." We also can't access Sharepoint or any other Intranet sites, unless we log in as the Administrator.

We are stumped! Please help!

• Edited by Xeetech23 16 hours 15 minutes ago

from your post I seems you don't have a clue about how this works or what goes wrong. I would advise to seek support in an other way if it is as blocking as it sounds. If you don't have a technical partner or service provider, contact Microsoft Support.

(I'm usually all for gaining hands-on experience trying to solve issues, but this sounds a bit like 'I'm flying a 747 and the engines failed mid-flight. I know there is some fuel and the wings are still there...please help')

To check and troubleshoot this yourself, go back to the basics. Can you log locally on to a client using domain credentials? any error message? What does event log tell you? Something relevant in Domain Controller event logs? Network connectivity ok?

Also consider what has changed to bring you in this situation.

Hey man, I am just looking for someone's advice on something new I may be able to try. There's no need to make idiotic senseless analogies that mean absolutely nothing. 

1) Yes I can log on any client or server using domain credentials. That is not the problem. The problem is our Intranet sites: (Sharepoint, Provide(a time keeping/ management program, etc) aren't allowing our users to authenticate to them with their domain credentials, it's only allowing the administrative account to be logged on to. 

2) Yes I have checked the event log. 

The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error.

(Everything with DNS & AD is properly up and running)

Error:
DameWare Mini Remote Control
System Error: -2146893048
Failed to establishing a security contect. OS Error Code: [SEC_E_INVALID_TOKEN] The token supplied to the function is invalid. :

(Our remote application error message)

There are no problems with network connectivity. 

We also started having the authentication problem with our sharepoint server yesterday and we rebooted the server and that took care of the problem. Now today, we are in this predicament.

• Edited by Xeetech23 15 hours 30 minutes ago

I would recommend that you check your DCs health and AD replication are in health state using dcdiag and repadmin commands. If something is wrong with your AD then you will notice it from these commands.

As for DameWare Mini Remote Control, I would recommend contacting its developers or asking in the product forums for assistance.

Thanks for your input. 

Ran the dcdiag cmd and everything came back fine. 

We only have two domain controllers. Ran the repadmin /replsummary and no errors came back. 

We now notice that our Axis camera network isn't authenticating for users now, too.

My bet is this is a certificate issue. Try loading the MMC for certificates and see if anything is expired.  I simple Google search found this

http://support.microsoft.com/kb/324345

All the certificates are good. Date and everything. Triple checked.

Do you have all the possible names on the certificates (FQDN, hostname)?

Sounds similar to this one: http://support.microsoft.com/en-ie/kb/324345

Make sure the servers can resolve DNS, use the NSLOOKUP command. If you have the RSAT tools installed run ldp.exe from a server and connect on ports 389 and 3268 to the domain controllers. Also have you tried RDP from MSTSC.exe ? Have you checked the NIC settings, are the static IP information correct? From a command prompt are you able to run GPUPDATE /FORCE command? Are you able to access the sysvol from the server? Did you check the remote settings, GPO's, local policy that can govern RDP access?

We have similar Problems since march patchday. DC was updated on March 11. Problems since then, AD auth seems to be broken.

Below is a link to the patches that were released, one of those patches was for remote desktop. Have you tried uninstalling the patch and seeing if it works?

https://technet.microsoft.com/en-us/library/security/ms15-mar.aspx