EventID: 1006 (Network Steve Forum)

EventID: 1006

Hello,

My active directory machine faced 1006 error and I'm unable access LDAP on it. Event says:

<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provider Name="Microsoft-Windows-GroupPolicy" Guid="{AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}" />
<EventID>1006</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>1</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2015-07-22T12:13:26.280184300Z" />
<EventRecordID>625225</EventRecordID>
<Correlation ActivityID="{5CA68EA8-B814-45AA-A87D-17870F1B7525}" />
<Execution ProcessID="248" ThreadID="3776" />
<Channel>System</Channel>
<Computer>APSERVER.pasta.lt</Computer>
<Security UserID="S-1-5-18" />
</System>
- <EventData>
<Data Name="SupportInfo1">1</Data>
<Data Name="SupportInfo2">5288</Data>
<Data Name="ProcessingMode">0</Data>
<Data Name="ProcessingTimeInMilliseconds">1482</Data>
<Data Name="ErrorCode">49</Data>
<Data Name="ErrorDescription">Invalid Credentials</Data>
<Data Name="DCName" />
</EventData>
</Event>

And this event is generated by SYSTEM user. I know that event says credentials is invalid, but on SYSTEM user? How? How I can correct it?

FYI

Also when running gpupdate /force on this machine, it returns error on computer GPOs

July 22nd, 2015 8:28am

On the domain controller, from an admin command prompt, run the following commands, what are the output results?

DCDIAG /C /V >C:\dcdiag.txt

net share

repadmin /syncall

Free Windows Admin Tool Kit Click here and download it now

July 22nd, 2015 3:41pm

Is your DC a role holder? If not can it reach the role holder?

If the DC is not a role holder then from an admin command prompt type: "NLTest /sc_verify:pasta.lt"

What are the results?

Below is additional information on the event id

Error code 49 (Invalid credentials)

This error code might indicate that the user's password expired while the user is still logged on the computer.

To correct invalid credentials:

Change the user's password.
Lock/unlock the workstation.
Check if there are any system services running as the user account.
Verify the password in service configuration is correct for the user account.

July 22nd, 2015 3:45pm

On dcdiag command found some interesting things:

Starting test: CheckSecurityError
* Dr Auth: Beginning security errors check!
Found KDC APSERVER for domain pasta.lt in site Default-First-Site-Name
Checking machine account for DC APSERVER on DC APSERVER.
* SPN found :LDAP/APSERVER.pasta.lt/pasta.lt
* SPN found :LDAP/APSERVER.pasta.lt
* SPN found :LDAP/APSERVER
* SPN found :LDAP/APSERVER.pasta.lt/PASTA
* SPN found :LDAP/cceedb94-fbbe-48aa-8da7-a43e391311f5._msdcs.pasta.lt
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/cceedb94-fbbe-48aa-8da7-a43e391311f5/pasta.lt
* SPN found :HOST/APSERVER.pasta.lt/pasta.lt
* SPN found :HOST/APSERVER.pasta.lt
* SPN found :HOST/APSERVER
* SPN found :HOST/APSERVER.pasta.lt/PASTA
* SPN found :GC/APSERVER.pasta.lt/pasta.lt
[APSERVER] No security related replication errors were found on this DC! To target the connection to a specific source DC use /ReplSource:<DC>.

......................... APSERVER passed test CheckSecurityError

and this:

Starting test: DFSREvent
The DFS Replication Event Log.
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
A warning event occurred. EventID: 0x800008A4
Time Generated: 07/22/2015 10:26:10
Event String:
The DFS Replication service has detected an unexpected shutdown on volume C:. This can occur if the service terminated abnormally (due to a power loss, for example) or an error occurred on the volume. The service has automatically initiated a recovery process. The service will rebuild the database if it determines it cannot reliably recover. No user action is required.
Additional Information:
Volume: C:
GUID: DEBA0700-641B-11DF-BFBD-806E6F6E6963
......................... APSERVER passed test DFSREvent

Also lots of these:

* The System Event log test
An error event occurred. EventID: 0x000003EE
Time Generated: 07/23/2015 08:21:25
Event String:
The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller. (LDAP Bind function call failed). Look in the details tab for error code and description.

Repadmin output:

CALLBACK MESSAGE: SyncAll Finished.
SyncAll terminated with no errors.

Netshare looks normal:

Share name Resource Remark

-------------------------------------------------------------------------------
ADMIN$ C:\Windows Remote Admin
Termrep$ D:\Termrep
C$ C:\ Default share
D$ D:\ Default share
IPC$ Remote IPC
Z$ Z:\ Default share
NETLOGON C:\Windows\SYSVOL\sysvol\pasta.lt\SCRIPTS Logon server share
SYSVOL C:\Windows\SYSVOL\sysvol Logon server share
The command completed successfully.

Free Windows Admin Tool Kit Click here and download it now

July 23rd, 2015 2:40am

Yes, apserver is role holder. On it is Domain Controller, DNS, File server and Remote Desktop Service roles. Nltest returns:

nltest /sc_verify:pasta.lt

I_NetLogonControl failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN

Also tryed this:

nltest /dclist:pasta.lt
Get list of DCs in domain 'pasta.lt' from '\\APSERVER.pasta.lt'.
APSERVER.pasta.lt [PDC] [DS] Site: Default-First-Site-Name
The command completed successfully

July 23rd, 2015 2:51am

Also I ran repadmin /replsum
Replication Summary Start Time: 2015-07-23 09:56:59
Beginning data collection for replication summary, this may take awhile: ....
Source DSA largest delta fails/total %% error
Destination DSA largest delta fails/total %% error

Free Windows Admin Tool Kit Click here and download it now

July 23rd, 2015 3:03am

This topic is archived. No further replies will be accepted.