User account locked out from only one DC

Discussion in 'Active Directory' started by Wes, Jul 28, 2006.

  1. Wes

    Wes Guest

    I have two 2k3 DCs in a single site, single domain configuration. DC1 holds
    user files and profiles, DC2 runs Exchange 2k3.

    My password change cycle came up earlier this week. Once I changed my
    password, DC1 rejects me. If I try to access my shared folder hosted on
    DC1, I receive a connection credentials prompt. Entering my username and
    password fails, with a pop-up stating "Logon unsuccessful: The user name you
    typed is the same as the user name you logged in with. That user name has
    already been tried. A domain controller cannot be found to verify that user
    name". I can log in to my workstation (but am unable to load/save roaming
    profile) with my "new" password, Outlook will also connect to DC2/Exchange
    properly without asking for credentials.

    I tried resetting my password on the DC1. The password replicated to DC2
    and Exchange, but I still am locked out of anything to do with DC1. My mmc
    console will not accept my login/password, giving me an error message;
    "Naming information cannot be located because: Logon Failure: unknown user
    name or bad password. Contact your system admin"... etc x2, followed by a
    third dialog that says "The configuration information describing this
    enterprise is not available. Logon failure: unknown user name or bad
    password." If I RunAs domain admin the mmc works fine.

    In summary, DC2 recognized my user name and current password, DC1 rejects
    them and changing the password does not fix the problem.

    Any suggestions? Sorry for the long post.
    Wes, Jul 28, 2006
    1. Advertisements

  2. Wes

    Wes Guest

    I downloaded and ran repadmin.

    Showrepl works fine for DC2, but running it for DC1
    returns:[d:\srvrtm\ds\ds\src\util\repadmin\repbind.c, 154] LDAP error 82
    <Local Error> Win32 Err 8341.

    Showchanges DC2 returns the following for Source DC (DC1):
    [d:\srvrtm\ds\ds\src\util\repadmin\repgtchg.c, 885] LDAP error 49 <Invalid
    Credentials> Win32 Err 1323

    These will both run correctly (showing no changes) if I run as the domain
    administrator. My user account is currently a member of domain and
    enterprise admins.

    Does that information help at all? Any other utilities I can run?
    Wes, Jul 28, 2006
    1. Advertisements

  3. Wes

    cs Guest

    You may want telnet to check whether your port TCP 389 is it open ?

    Your both replication is not working . Else you can go to AD site and
    directory try replicate each other DC.

    cs, Jul 29, 2006
  4. Wes

    Wes Guest

    I believe 389 is open. From a cmd prompt, I ran: telnet [servername] 389 and
    received a blank command window.

    I performed "replicate now" from both DCs but the problems still exist.

    What next?


    Wes, Jul 31, 2006
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.