10.5.3 and Active Directory Binding

Hi gang!
Ever since I updated to 10.5.3, I am having all sorts of issues with AD binding to our domain now.
I'll try to keep it short...
It started with a Kerberos prompt from Entourage 2008. I was prompted with an update Kerberos window to enter my password. Entered my password but got an error that my password was invalid.
Navigated and opened the kerberos.app and noticed no ticket. Tried to create a new ticket. I was prompted with my account does not exist.
Opened directory utility and saw that my AD domain was red and my server was not responding.
Tried to unbind, got an error that the account and every other account I tried was invalid, again. Could not unbind even after restarting a few times.
So I decided to reset everything by deleting the DirectoryService directory from Library/Preferences and restarted.
Re-entered all my company information to now get an INVALID ERROR!
I cannot bind now no matter what information I enter.
And if it does pass all the steps and bind, the forest information and domain administration is not entered or received. Red dot server not responding.
I even reinstalled 10.5.3.
Still cannot bind.
Anyone know what gives?

Ok here is what I did to fix our AD/OD issues.
Login in as root.
Unbind both AD/OD and delete them.
On the Mac Server remove all three entries pertaining to machine in OD.
machine$, machine.local, LKDC......
from a terminal you can type with no quotes "dscl . -read /Users/Admin AuthenticationAuthority" to get the Hash value.
On AD delete the machine record for the computer your trying to bind (if it exists)
Delete contents of /Library/Preferences/DirectoryService (not the folder!)
Delete system keychain /Library/Keychain/System.keychain
Empty Trash
Open up Terminal Go > Utilities > Terminal
type with no quotes: "sudo rm -fr /var/db/krb5kdc"
Then type with no quotes: "sudo /usr/libexec/configureLocalKDC"
this will recreate the Hash value for the machine.
Reboot (Important)
Login as root.
Open directory Services.
Bind to OD, then to AD.
Under services make sure your "/Active Directory/All Domains" is higher than your OD record if you want authentication from AD.
Open up your Date & Time preferences and sync clock with your AD server.
Reboot.
Login. (It did take awhile before I could login, about 5-15 minutes)
I hope this helps.

Similar Messages

  • Lion 10.7.3 and Active Directory Bind

    Hi Group!
    I've searched high and low for this with no luck.
    Hope someone can help.
    After installing 10.7.3, we've noticed a new problem with joining the Macs to AD and creating mobile accounts now.
    After the AD bind is successful, the check in 'Require confirmation before creating a mobile account' is there.
    And we can't turn it off! It's almost like it's FORCED upon us.
    Is there a way to turn this off permanently?!?
    Beside just going into Directory Utility and unchecking it?
    Because even when you do that, it comes right back on.
    Half my folks here have no clue what to do with this prompt at login.

    Whats up guys! Thanks for the response and sorry for the delay!
    I tried that, Strontium90, no good! I was able to disable mobileconfirm using your command line, but we're still prompted with the same message when a new user logs in. See screenshots:
    Thoughts?

  • Snow Leopard and Windows 2003 Active Directory Binding Issues

    Ok I have a new imac 27" with snow leopard (completely patched).
    I am attempting to join it to an active directory domain.
    First the prequel:
    * I have opened full traffic to and from the machine and our domain controllers
    * I have enabled full logging on the firewall and there are no blocked packets
    * I have used wireshark to watch the traffic on the mac and there appear to be no anomalies (packets being sent out but not getting a response, dns requests that aren't answered, etc)
    * I have enabled full KDC logging on the domain controller in question and there are no errors in any of the event logs on either domain controller.
    * The domain admin account in question has Enterprise, Schema and Domain Admin rights
    * I have tried it both with and without an existing computer account and with every conceivable combination of caps and no caps on domain name, user and computer names.
    I am getting the following error at the very end of the process:
    "Unable to add server. Credential operation failed because an invalid parameter was provided (5102)"
    I enabled debugging on Directory Services and will post a log in a reply.
    Anyone have any ideas? I have been banging my head on this for a week with no luck.

    Here is the log with the Active Directory: entries grepped... the full log is far too large to reply to here, if you think you need it let me know and I can email it to you it is 548kb
    obviously machine names, usernames and ip addresses have been munged.
    2011-02-09 12:13:32 EST - T\[0x0000000100404000\] - Active Directory: copyNodeInfo called for /Active Directory
    2011-02-09 12:13:36 EST - T\[0x0000000100404000\] - Active Directory: copyNodeInfo called for /Active Directory
    2011-02-09 12:13:41 EST - T\[0x0000000100404000\] - Active Directory: copyNodeInfo called for /Active Directory
    2011-02-09 12:13:46 EST - T\[0x0000000100404000\] - Active Directory: copyNodeInfo called for /Active Directory
    2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: Bind Step 1 - Searching for Forest/Domain information
    2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: subdomain.domain.tld - Start checking servers for site "any"
    2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: Total Servers "any" LDAP - 2, Kerberos - 2, kPasswd - 2
    2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: Adding Server - "dc3.subdomain.domain.tld"
    2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: Adding Server - "dc1.subdomain.domain.tld"
    2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: subdomain.domain.tld - Finished checking servers for domain
    2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: DomainConfiguration reachabilityNotification - Node: subdomain.domain.tld - resolves - enabled
    2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: Bind Step 2 - Finding nearest Domain controllers
    2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: Bind Step 3 - Verifying credentials
    2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: subdomain.domain.tld - Start checking servers for site "any"
    2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: Total Servers "any" LDAP - 2, Kerberos - 2, kPasswd - 2
    2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: Adding Server - "dc3.subdomain.domain.tld"
    2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: Adding Server - "dc1.subdomain.domain.tld"
    2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: subdomain.domain.tld - Finished checking servers for domain
    2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: DomainConfiguration reachabilityNotification - Node: subdomain.domain.tld - resolves - enabled
    2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: EstablishConnectionUsingReplica - Node subdomain.domain.tld - New connection requested
    2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: FindSuitableReplica - Node subdomain.domain.tld - Attempting Replica connect to dc3.subdomain.domain.tld.
    2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: watchReachability watching socket = 21, xxx.xxx.164.71 -> xxx.xxx.174.77
    2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: VerifiedServerConnection - Verified server connectivity - dc3.subdomain.domain.tld.
    2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: CheckWithSelect - good socket to host dc3.subdomain.domain.tld. from poll and verified LDAP
    2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: FindSuitableReplica - Node subdomain.domain.tld - Established connection to dc3.subdomain.domain.tld.
    2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: kadmEntry port is nil, will use default 464
    2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: populateKerberosToDomain - Bailing no domain cache for
    2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: Password verify for [email protected] succeeded - cache MEMORY:vyvyIt4
    2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: Switching active cache to MEMORY:vyvyIt4
    2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: Secure BIND Session Success with server dc3.subdomain.domain.tld.:389 using cache MEMORY:vyvyIt4 user [email protected]
    2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: Processing Site Search with found IP
    2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: No site name available
    2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: subdomain.domain.tld - Start checking servers for site "any"
    2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: Total Servers "any" LDAP - 2, Kerberos - 2, kPasswd - 2
    2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: Adding Server - "dc3.subdomain.domain.tld"
    2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: Adding Server - "dc1.subdomain.domain.tld"
    2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: subdomain.domain.tld - Finished checking servers for domain
    2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: Updating Mappings from inSchema.........
    2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: Updated schema for node name subdomain.domain.tld
    2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: Configuration naming context = cn=Partitions,CN=Configuration,DC=subdomain,DC=domain,DC=tld
    2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: Top domain set as <cn=subdomain,cn=partitions,cn=configuration,dc=subdomain,dc=domain,dc=tld>
    2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: Updating domain hierarchy cache
    2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: Updating policies from domain subdomain.domain.tld
    2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: Updated policies for node name subdomain.domain.tld
    2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: Bind Step 4 - Searching for existing computer
    2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: EstablishConnectionUsingReplica - Node subdomain.domain.tld - New connection requested
    2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: watchReachability watching socket = 18, xxx.xxx.164.71 -> xxx.xxx.174.77
    2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: VerifiedServerConnection - Verified server connectivity - dc3.subdomain.domain.tld.
    2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: establishConnectionUsingReplica - Node subdomain.domain.tld - Previous replica = dc3.subdomain.domain.tld. responded
    2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: kadmEntry port is nil, will use default 464
    2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: populateKerberosToDomain - Bailing no domain cache for
    2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Password verify for [email protected] succeeded - cache MEMORY:zXpbfEi
    2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Switching active cache to MEMORY:zXpbfEi
    2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Secure BIND Session Success with server dc3.subdomain.domain.tld.:389 using cache MEMORY:zXpbfEi user [email protected]
    2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Doing Computer search for Ethernet address - 10:9a:dd:56:1b:1d
    2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Bind Step 4 - no mapping for Ethernet MAC address
    2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Doing DN search for account - machinename
    2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: stopWatching socket = 21, xxx.xxx.164.71 -> xxx.xxx.174.77
    2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: LDAP connection closed - dc3.subdomain.domain.tld.:389 - cache MEMORY:vyvyIt4 user [email protected]
    2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Destroying cache name MEMORY:vyvyIt4 user [email protected]
    2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Closing All Connections
    2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: stopWatching socket = 18, xxx.xxx.164.71 -> xxx.xxx.174.77
    2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: LDAP connection closed - dc3.subdomain.domain.tld.:389 - cache MEMORY:zXpbfEi user [email protected]
    2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Destroying cache name MEMORY:zXpbfEi user [email protected]
    2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Bind Step 5 - Bind/Join computer to domain
    2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: EstablishConnectionUsingReplica - Node subdomain.domain.tld - New connection requested
    2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: watchReachability watching socket = 18, xxx.xxx.164.71 -> xxx.xxx.174.77
    2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: VerifiedServerConnection - Verified server connectivity - dc3.subdomain.domain.tld.
    2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: establishConnectionUsingReplica - Node subdomain.domain.tld - Previous replica = dc3.subdomain.domain.tld. responded
    2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: kadmEntry port is nil, will use default 464
    2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: populateKerberosToDomain - Bailing no domain cache for
    2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Password verify for [email protected] succeeded - cache MEMORY:10xG6op
    2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Switching active cache to MEMORY:10xG6op
    2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Secure BIND Session Success with server dc3.subdomain.domain.tld.:389 using cache MEMORY:10xG6op user [email protected]
    2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Looking for existing Record of machinename
    2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Doing DN search for account - machinename
    2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: EstablishConnectionUsingReplica - Node subdomain.domain.tld - New connection requested
    2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: watchReachability watching socket = 21, xxx.xxx.164.71 -> xxx.xxx.174.77
    2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: VerifiedServerConnection - Verified server connectivity - dc3.subdomain.domain.tld.
    2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: establishConnectionUsingReplica - Node subdomain.domain.tld - Previous replica = dc3.subdomain.domain.tld. responded
    2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: kadmEntry port is nil, will use default 464
    2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: populateKerberosToDomain - Bailing no domain cache for
    2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Switching active cache to MEMORY:10xG6op
    2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Secure BIND Session Success with server dc3.subdomain.domain.tld.:389 using cache MEMORY:10xG6op user [email protected]
    2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: KerberosID Found for account CN=MACHINENAME,CN=Computers,DC=subdomain,DC=domain,DC=tld - MACHINENAME$
    2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Existing record found @ CN=MACHINENAME,CN=Computers,DC=subdomain,DC=domain,DC=tld with [email protected].
    2011-02-09 12:13:50 EST - T\[0x0000000102481000\] - Active Directory: Setting Computer Password FAILED for existing record......
    2011-02-09 12:13:50 EST - T\[0x0000000102481000\] - Active Directory: Computer password change date is 2011-02-04 18:21:01 -0500
    2011-02-09 12:13:50 EST - T\[0x0000000102481000\] - Active Directory: Schtldled computer password change every 1209600 seconds - starting 2011-02-09 12:13:50 -0500
    2011-02-09 12:13:50 EST - T\[0x0000000102481000\] - Active Directory: Closing All Connections
    2011-02-09 12:13:50 EST - T\[0x0000000102481000\] - Active Directory: stopWatching socket = 21, xxx.xxx.164.71 -> xxx.xxx.174.77
    2011-02-09 12:13:50 EST - T\[0x0000000102481000\] - Active Directory: LDAP connection closed - dc3.subdomain.domain.tld.:389 - cache MEMORY:10xG6op user [email protected]
    2011-02-09 12:13:50 EST - T\[0x0000000102481000\] - Active Directory: stopWatching socket = 18, xxx.xxx.164.71 -> xxx.xxx.174.77
    2011-02-09 12:13:50 EST - T\[0x0000000102481000\] - Active Directory: LDAP connection closed - dc3.subdomain.domain.tld.:389 - cache MEMORY:10xG6op user [email protected]
    2011-02-09 12:13:50 EST - T\[0x0000000102481000\] - Active Directory: Destroying cache name MEMORY:10xG6op user [email protected]
    2011-02-09 12:13:50 EST - T\[0x00000001026AA000\] - Active Directory: Failed to changed computer password in Active Directory domain
    2011-02-09 12:13:50 EST - T\[0x0000000102481000\] - Active Directory: copyNodeInfo called for /Active Directory
    2011-02-09 12:13:51 EST - T\[0x0000000102481000\] - Active Directory: copyNodeInfo called for /Active Directory
    Message was edited by: aelana

  • Mountain Lion and Active Directory

    Hi Group!
    We recently moved our Macs to Mountain Lion in our domain, all with an Active Directory bind.
    Since our deployment, we are noticing account AD lockouts typically from the login window.
    We first noticed this with 10.8. Each deployment was upgraded and is now running 10.8.1. But the problem still prevails.
    Anyone else experiencing this?

    This is what I wrote to my IT today..
    am I the only one?/
    I am a Mac Based graphic designer in PC /AD environment. I need to access AD server through out the day.
    I know it has been a while since I raised this issue. But Mac/OSX performance in AD world is getting worse and worse.  It does affect our productivity and job progress.
    Issues are:
    1)      File access from Finder or within application. There is a constant spinning “beach ball” or turning dotted circles. Sometimes it takes up to 5 minutes for finder window to display the contents.  (I believe top record has been over 30 minutes) Collapsing arrow to view the contents of the folder may take another minute.
    2)      Unable to save e-mail attachments  to local drive. I want to do this so that email attachment can be accessed faster if I access it locally. This could be a permission issue.
    There is minor issue of…
    3)      VPN.. I wanted to access server from home. And it worked for Leopard.. but ever since I  upgraded to Lion I can’t log on.. and I am on Mountain Lion on my personal MacBook Pro and iMac at home.
    4)      Not refreshing fast enough for updated/modified files to appear on the server.
    My work around is that I use all my e-mails on PC.. but files created on Mac needs to be attached via email so.. Is upgrading our Mac to newer OSX ML an option? Do you think they have better integration with AD environment. Also, is it possible to have OSX dedicated shared server/drive mounted for easier access.
    Any suggestion or help will be deeply appreciated.
    Thanks.
    ghj

  • Looking for successful auth debug between cisco 1113 acs 4.2 and Active Directory

    Hello,
    Does anyone have a successful authentication debug using cisco 1113 acs 4.2 and Active Directory?  I'm not having success in setting this up and would like to see what a successful authentication debug looks.  Below is my current situation:
    Oct  6 13:52:23: TPLUS: Queuing AAA Authentication request 444 for processing
    Oct  6 13:52:23: TPLUS: processing authentication start request id 444
    Oct  6 13:52:23: TPLUS: Authentication start packet created for 444()
    Oct  6 13:52:23: TPLUS: Using server 110.34.5.143
    Oct  6 13:52:23: TPLUS(000001BC)/0/NB_WAIT/46130160: Started 5 sec timeout
    Oct  6 13:52:23: TPLUS(000001BC)/0/NB_WAIT: socket event 2
    Oct  6 13:52:23: T+: Version 192 (0xC0), type 1, seq 1, encryption 1
    Oct  6 13:52:23: T+: session_id 763084134 (0x2D7BBD66), dlen 26 (0x1A)
    Oct  6 13:52:23: T+: type:AUTHEN/START, priv_lvl:15 action:LOGIN ascii
    Oct  6 13:52:23: T+: svc:LOGIN user_len:0 port_len:6 (0x6) raddr_len:12 (0xC) data_len:0
    Oct  6 13:52:23: T+: user: 
    Oct  6 13:52:23: T+: port:  tty515
    Oct  6 13:52:23: T+: rem_addr:  10.10.10.10
    Oct  6 13:52:23: T+: data: 
    Oct  6 13:52:23: T+: End Packet
    Oct  6 13:52:23: TPLUS(000001BC)/0/NB_WAIT: wrote entire 38 bytes request
    Oct  6 13:52:23: TPLUS(000001BC)/0/READ: socket event 1
    Oct  6 13:52:23: TPLUS(000001BC)/0/READ: Would block while reading
    Oct  6 13:52:23: TPLUS(000001BC)/0/READ: socket event 1
    Oct  6 13:52:23: TPLUS(000001BC)/0/READ: read entire 12 header bytes (expect 16bytes data)
    Oct  6 13:52:23: TPLUS(000001BC)/0/READ: socket event 1
    Oct  6 13:52:23: TPLUS(000001BC)/0/READ: read entire 28 bytes response
    Oct  6 13:52:23: T+: Version 192 (0xC0), type 1, seq 2, encryption 1
    Oct  6 13:52:23: T+: session_id 763084134 (0x2D7BBD66), dlen 16 (0x10)
    Oct  6 13:52:23: T+: AUTHEN/REPLY status:4 flags:0x0 msg_len:10, data_len:0
    Oct  6 13:52:23: T+: msg:  Username:
    Oct  6 13:52:23: T+: data: 
    Oct  6 13:52:23: T+: End Packet
    Oct  6 13:52:23: TPLUS(000001BC)/0/46130160: Processing the reply packet
    Oct  6 13:52:23: TPLUS: Received authen response status GET_USER (7)
    Oct  6 13:52:30: TPLUS: Queuing AAA Authentication request 444 for processing
    Oct  6 13:52:30: TPLUS: processing authentication continue request id 444
    Oct  6 13:52:30: TPLUS: Authentication continue packet generated for 444
    Oct  6 13:52:30: TPLUS(000001BC)/0/WRITE/46130160: Started 5 sec timeout
    Oct  6 13:52:30: T+: Version 192 (0xC0), type 1, seq 3, encryption 1
    Oct  6 13:52:30: T+: session_id 763084134 (0x2D7BBD66), dlen 15 (0xF)
    Oct  6 13:52:30: T+: AUTHEN/CONT msg_len:10 (0xA), data_len:0 (0x0) flags:0x0
    Oct  6 13:52:30: T+: User msg: <elided>
    Oct  6 13:52:30: T+: User data: 
    Oct  6 13:52:30: T+: End Packet
    Oct  6 13:52:30: TPLUS(000001BC)/0/WRITE: wrote entire 27 bytes request
    Oct  6 13:52:30: TPLUS(000001BC)/0/READ: socket event 1
    Oct  6 13:52:30: TPLUS(000001BC)/0/READ: read entire 12 header bytes (expect 16bytes data)
    Oct  6 13:52:30: TPLUS(000001BC)/0/READ: socket event 1
    Oct  6 13:52:30: TPLUS(000001BC)/0/READ: read entire 28 bytes response
    Oct  6 13:52:30: T+: Version 192 (0xC0), type 1, seq 4, encryption 1
    Oct  6 13:52:30: T+: session_id 763084134 (0x2D7BBD66), dlen 16 (0x10)
    Oct  6 13:52:30: T+: AUTHEN/REPLY status:5 flags:0x1 msg_len:10, data_len:0
    Oct  6 13:52:30: T+: msg:  Password:
    Oct  6 13:52:30: T+: data: 
    Oct  6 13:52:30: T+: End Packet
    Oct  6 13:52:30: TPLUS(000001BC)/0/46130160: Processing the reply packet
    Oct  6 13:52:30: TPLUS: Received authen response status GET_PASSWORD (8)
    Oct  6 13:52:37: TPLUS: Queuing AAA Authentication request 444 for processing
    Oct  6 13:52:37: TPLUS: processing authentication continue request id 444
    Oct  6 13:52:37: TPLUS: Authentication continue packet generated for 444
    Oct  6 13:52:37: TPLUS(000001BC)/0/WRITE/46130160: Started 5 sec timeout
    Oct  6 13:52:37: T+: Version 192 (0xC0), type 1, seq 5, encryption 1
    Oct  6 13:52:37: T+: session_id 763084134 (0x2D7BBD66), dlen 16 (0x10)
    Oct  6 13:52:37: T+: AUTHEN/CONT msg_len:11 (0xB), data_len:0 (0x0) flags:0x0
    Oct  6 13:52:37: T+: User msg: <elided>
    Oct  6 13:52:37: T+: User data: 
    Oct  6 13:52:37: T+: End Packet
    Oct  6 13:52:37: TPLUS(000001BC)/0/WRITE: wrote entire 28 bytes request
    Oct  6 13:52:37: TPLUS(000001BC)/0/READ: socket event 1
    Oct  6 13:52:37: TPLUS(000001BC)/0/READ: read entire 12 header bytes (expect 33bytes data)
    Oct  6 13:52:37: TPLUS(000001BC)/0/READ: socket event 1
    Oct  6 13:52:37: TPLUS(000001BC)/0/READ: read entire 45 bytes response
    Oct  6 13:52:37: T+: Version 192 (0xC0), type 1, seq 6, encryption 1
    Oct  6 13:52:37: T+: session_id 763084134 (0x2D7BBD66), dlen 33 (0x21)
    Oct  6 13:52:37: T+: AUTHEN/REPLY status:7 flags:0x0 msg_len:27, data_len:0
    Oct  6 13:52:37: T+: msg:  Error during authentication
    Oct  6 13:52:37: T+: data: 
    Oct  6 13:52:37: T+: End Packet
    Oct  6 13:52:37: TPLUS(000001BC)/0/46130160: Processing the reply packet
    Oct  6 13:52:37: TPLUS: Received Authen status error
    Oct  6 13:52:37: TPLUS(000001BC)/0/REQ_WAIT/46130160: timed out
    Oct  6 13:52:37: TPLUS(000001BC)/0/REQ_WAIT/46130160: No sock_ctx found while handling request timeout
    Oct  6 13:52:37: TPLUS: Choosing next server 101.34.5.143
    Oct  6 13:52:37: TPLUS(000001BC)/1/NB_WAIT/46130160: Started 5 sec timeout
    Oct  6 13:52:37: TPLUS(000001BC)/46130160: releasing old socket 0
    Oct  6 13:52:37: TPLUS(000001BC)/1/46130160: Processing the reply packet
    Oct  6 13:52:49: TPLUS: Queuing AAA Authentication request 444 for processing
    Oct  6 13:52:49: TPLUS: processing authentication start request id 444
    Oct  6 13:52:49: TPLUS: Authentication start packet created for 444()
    Oct  6 13:52:49: TPLUS: Using server 172.24.5.143
    Oct  6 13:52:49: TPLUS(000001BC)/0/NB_WAIT/46130160: Started 5 sec timeout
    Oct  6 13:52:49: TPLUS(000001BC)/0/NB_WAIT: socket event 2
    Oct  6 13:52:49: T+: Version 192 (0xC0), type 1, seq 1, encryption 1
    Oct  6 13:52:49: T+: session_id 1523308383 (0x5ACBD75F), dlen 26 (0x1A)
    Oct  6 13:52:49: T+: type:AUTHEN/START, priv_lvl:15 action:LOGIN ascii
    Oct  6 13:52:49: T+: svc:LOGIN user_len:0 port_len:6 (0x6) raddr_len:12 (0xC) data_len:0
    Oct  6 13:52:49: T+: user: 
    Oct  6 13:52:49: T+: port:  tty515
    Oct  6 13:52:49: T+: rem_addr:  10.10.10.10
    Oct  6 13:52:49: T+: data: 
    Oct  6 13:52:49: T+: End Packet
    Oct  6 13:52:49: TPLUS(000001BC)/0/NB_WAIT: wrote entire 38 bytes request
    Oct  6 13:52:49: TPLUS(000001BC)/0/READ: socket event 1
    Oct  6 13:52:49: TPLUS(000001BC)/0/READ: Would block while reading
    Oct  6 13:52:49: TPLUS(000001BC)/0/READ: socket event 1
    Oct  6 13:52:49: TPLUS(000001BC)/0/READ: read entire 12 header bytes (expect 43bytes data)
    Oct  6 13:52:49: TPLUS(000001BC)/0/READ: socket event 1
    Oct  6 13:52:49: TPLUS(000001BC)/0/READ: read entire 55 bytes response
    Oct  6 13:52:49: T+: Version 192 (0xC0), type 1, seq 2, encryption 1
    Oct  6 13:52:49: T+: session_id 1523308383 (0x5ACBD75F), dlen 43 (0x2B)
    Oct  6 13:52:49: T+: AUTHEN/REPLY status:4 flags:0x0 msg_len:37, data_len:0
    Oct  6 13:52:49: T+: msg:   0x0A User Access Verification 0x0A  0x0A Username:
    Oct  6 13:52:49: T+: data: 
    Oct  6 13:52:49: T+: End Packet
    Oct  6 13:52:49: TPLUS(000001BC)/0/46130160: Processing the reply packet
    Oct  6 13:52:49: TPLUS: Received authen response status GET_USER (7)
    The 1113 acs failed reports shows:
    External DB is not operational
    thanks,
    james

    Hi James,
    We get External DB is not operational. Could you confirm if under External Databases > Unknown User           Policy, and verify you have the AD/ Windows database at the top?
    this error means the external server might not correctly configured on ACS external database section.
    Another point is to make sure we have remote agent installed on supported windows server.
    http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/4.2/installation/guide/remote_agent/rawi.html#wp289013
    Also provide the Auth logs from the server running remote agent, e.g.:-
    AUTH 10/25/2007 15:21:31 I 0376 1276 External DB [NTAuthenDLL.dll]:
    Attempting Windows authentication for user v-michal
    AUTH 10/25/2007 15:21:31 E 0376 1276 External DB [NTAuthenDLL.dll]: Windows
    authentication FAILED (error 1783L)
    thanks,
    Vinay

  • Sun java directory server and Active Directory

    We are using two different directory servers Sun java directory server and active directory.
    My question is how we can have password synchronization between these two directory servers.
    I have checked Sun Java[TM] System Identity Synchronization for Windows 1 2004Q3
    http://www.sun.com/download/products.xml?id=41537425
    It seems that it's supported platforms is only for solaris and windows , but I have installed my Sun java directory server on linux and obviously it doesn't work for me.
    I would be grateful if anyone can suggest a solution to work around this situation.
    I have checked identity manager , I would like to know that if I can do this using this product.
    http://www.sun.com/software/products/identity_mgr/specs.jsp
    --regards.
    Sara

    Yes RHEL 4 is a supported OS with DSEE 6.0.
    Identity Synchronization for Windows is a part of DSEE that allows synchronization of users, passwords and groups between Sun Directory Server and Active Directory bi-directionally without altering the users environments, ie it does not require that users change their current habits.
    Identity Manager is a complete identity management solution that is targetting enterprise work flow when it comes to user provisioning and de-provisioning, but also allows to build authentication and password change forms that will provision the passwords to many different systems including Sun Directory Server and Active Directory but also IBM mainframes, legacy applications, databases...
    If you are implementing a complete identity management solution, then go with Identity Manager. If you need a lightweight and fast solution for just synchronizing users and passwords between Sun DS and MS AD, Identity Synchronization for Windows should be your choice.
    Regards,
    Ludovic.

  • ### How to make integration between UCCX and Active Directory##

    Hello,
    I want to know what is the right procedure to perform a right integration between the UCCX and the Active Directory?
    Waiting Yours Reply,,,,
    Thanks a lot......

    What version?
    Assuming a current version (5.0 and higher): there is NO direct integration between CCX and Active Directory. The CCX server must not be joined to a domain.
    CCX uses UC Manager End Users for synchronized usernames and passwords. If UC Manager is synchronized with an LDAP source, such as Active Directory, then this will carry forward to CCX. CCX would pass authentication requests to CCX through AXL. UCM would perform the LDAP authentication and inform CCX of the success/failure.

  • Cucm 9.1.2 and Active Directory(Windows Server 2003 Standart Edition SP2)

      Hello!
     Can CUCM 9.1.2 support an integration with Active Directory(Windows Server 2003 Standart Edition SP2)? How do I have to write down LDAP Manager Distinguished Name? I can find supporting only Active Directory 2003 in documentations without reference to Operation System.

    Yes, it is possible.
    Check this how-to if you have any doubts about the process.
    http://blog.ipexpert.com/2010/04/28/cucm-and-active-directory-integration/
    http://www.markholloway.com/blog/?p=1189

  • Difference between Windows NT domain registry and Active Directory registry

    What are the difference(s) ?

    Frank, thanks for your response :)
    I want WebSphere Application Server to take advantage of a directory service. There are multiple options available for a directory service. 
    In my configuration the requirement is to make WebSphere Application server to use Microsoft's Active Directory. 
    While I was going through (WebSphere) documentation, I see following note.
    " With Windows NT domain registry support for Windows 2000 and 2003 domain
    controllers, WebSphere Application Server only supports Global groups that are the Security type. It is recommended that you use the Active Directory registry support rather than a Windows NT domain registry if you use Windows 2000 and 2003 domain controllers
    because the Active Directory supports all group scopes and types. The Active Directory also supports a nested group that is not support by Windows NT domain registry. The Active Directory is a centralized control registry."
    You can find the above note in this link (somewhere after 7th line)
    http://www-01.ibm.com/support/knowledgecenter/SSAW57_7.0.0/com.ibm.websphere.nd.multiplatform.doc/info/ae/ae/csec_localos.html?cp=SSAW57_7.0.0%2F3-11-5-1-0-0
    Does it mean that they are recommending to use Active Directory over Windows NT (which is an older approach) with windows server 2000 or windows server 2003 because Active directory is
    advanced ?
    I was under the impression that, Active Directory was started with Microsoft Windows Server 2003 and Windows NT registry was used till Windows 2000 server.
    After going through above links, 
    Windows NT registry in an old method. However, it is compatible with Windows Server 2000 and Windows server 2003 but it is recommended to use Active directory with Windows Serve 2003 as it is more advanced. And the same is recommended in WebSphere documentation
    (I am aware that support for Windows Server 2000 is over and only extended support is available for Windows Server 2003 however this is to clear doubt). Is my understanding correct ? And does windows server 2000 also support both i.e we can use either Windows
    NT registry or Active directory and similarly, Either of them (Windows NT or Active Directory) could be used with Windows Server 2003 ?
    And if I got it correct, Is Windows NT and Active Directory, both directory service offering from Microsoft? While NT being an old method and Active Directory being a new/advanced approach ?

  • Step by step process to create domain name and active directory in windows 7 64 bit

    Step by step process to create domain and active directory in windows 7 64 bit
    I work in an organization
    I want to create a domain name SBBYDP and make it server for other computers
    I want that, all users’ have a personal account while they use any computer from this organization, even they use any computer from this network they use their own account to login to network.
    And this may be in Active directory option.
    I installed windows 7 professional edition 64 bit
    Can any person help me? Step by step process, I always thanks full all of you

    Hi,
    You must use the Windows Server platform system for the AD service, you can refer the following KB first:
    Active Directory
    http://technet.microsoft.com/en-us/library/bb742424.aspx
    AD DS Deployment Guide
    http://technet.microsoft.com/zh-cn/library/cc753963(v=ws.10).aspx
    Hope this helps.
    We
    are trying to better understand customer views on social support experience, so your participation in this
    interview project would be greatly appreciated if you have time.
    Thanks for helping make community forums a great place.

  • Word 2013 and Active Directory attribut

    Hi,
    I'm working with WS2008R2 SP1 AD and Office standard 2013 and W7 SP1 x64. Our compagny wants to create .dotm/.dotx with automatic fields.
    For example, we want that when a user opens a .dotx his name appears automatically. This one is easy it's the {AUTHOR \*MERGEFORMAT}.
    But What we want to do is to do the same for the:
    - street adress
    - email adress
    - the job title
    All informations are in our Active Directory, but it seems that Word does not read directly the Active Directory info but some cached info on the computer.
    So, is there a way or workaround to create some .dotx with the possibility to extrat some AD fields attribut attached with some user and at the end to build a semi automatic doc with the information of the user who has open this .dotx/.dotm?
    So far, clues say that I have to write some vba script and 2 kind of solution/workaround:
    The first lead is:
    To retrieve the user account properties from Active Directory, we have to turn to some VBA scripts, no way to achieve this via any built-in features.
    As far as I know, you can bind to the user account object by using the
    GetObject function and the LDAP provider.
    Then use the GetInfo method to initialize the local cache with attributes of the user account object. This step will ensure that the most up-to-date attribute values of the ADSI object are retrieved.
    For example:
    Set objUser = GetObject _
    ("LDAP://...")
    objUser.GetInfo
    If you want to get this attributes when you create a new document based on a template (.dotx/.dotm), you'll need to use the
    AutoNew macro.
    the second lead is:
    http://heureuxoli.developpez.com/office/word/creermodele/#L2-G
    Thank you in advance for any king od answer.
    best regards

    Hello,
    Have you tried these two methods? What is the result and what is your decision?
    If you're familiar with Visual Studio IDE and .Net Framework, I would recommend that you create a application-level or document-level Add-In for word. Because it's easy to access the AD with managed code, and it's suitable in your case. You can check the
    MSDN document here for the related objects you need to use in .Net Framework to access AD:
    https://msdn.microsoft.com/en-us/library/gg145037(v=vs.110).aspx
    But if you just want to use VBA for Word, this kb article tells you how to do this via ADO connection:
    https://support.microsoft.com/kb/187529/en-us?wa=wsignin1.0
    If you want to know something about Active Directory itself, then it's not the correct forum, you can open up new thread in the AD forums for help.
    Thanks for your understanding.
    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click
    HERE to participate the survey.

  • DNS, Certificates, and Active Directory - School Setup Issues

    Our school has been piloting a small iPad depolyment.  I have been struggling with getting Profile Manager to work correctly since August of last year. Here's the setup:
    1. Active Directory DNS/DHCP server (set as "school.local"--yes, I know .local is bad form, but it was set before I got here). I have changed the "Digest" to "Basic" setting
    2. Mac Mini server that has its own external IP and hostname ("mac.school.org") and is also bound to the AD server for user authentication for services (Profile Manager, WebDAV, wiki, etc.). I have a self-signed SSL certificate installed under the name "mac.school.org"
    3. About 90 iPads, and a handfull of Mac desktops
    In a perfect world, users would be able to login (with their AD credentials) to the Profile Manager self-service portal using the external hostname of the mac server ("mac.school.org/mydevices"), install the Trust Profile, and enroll the device (iPad, Mac, etc).
    However, this is not the case.  The setup seems to work for awhile; quite perfectly in fact. But then for reasons unknown to me, everything just "breaks" and Profile Manager ceases to work like it should. Here are some of issues I am seeing:
    a.) DNS service on the Mac server turns itself ON randomly.  DNS should NOT be running this server, correct? All DNS lookups internally are done by the AD server. I've used changeip and everything matches (both say "mac.school.org")
    b.) Whenever we use VPN, and at other seemingly random times, the server's hostname changes from "mac.school.org" to "mac.school.local" I would make the server external only, but it needs to have an internal IP to talk to the AD server.
    c.) AD binding breaks randomly and I have to rebind the server to AD
    d.) When enrolling devices, Profile Manager starts rejecting certificates (not a trusted source, etc.) and I have to destroy OD and PM and start all over again.
    I know this is a lot and I'm not necessarily expecting anyone to answer all of these questions. I guess I'm wondering if anyone could point me in the right direction? I've looked for help with these issues all over the place, but none of the environments I read about are quite like the one I'm in.

    Yes, I am not giving the real domain name here.
    No prob. just checking, sometimes people have weird domain names never know if they are real or they expect them to be real or they put domain names owned by someone else on their internal network eek.
    Not really needed to use mac.school.org internally, that is in local LAN. The thing to understand about DNS is the scope for which a DNS zone is relevant WRT a client machine — inside LAN or on Internet, and which DNS server is authoritative for a domain. Authoritative in the sense of 'the final word'.
    Go to Network Utility on your mac, type in your real domain name (whatever you are changing to school.org to hide it) what comes back. On my server I see the below (I have replaced my real, Internet legal domain, to 'example.com')
    In my setup I have, on the LAN, setup the Mac server to be authoritative for domain 'example.com'. On the Internet however it is another external DNS server.
    So you have set DNS forwarders on the Mac machine?
    I really don't believe that the machine's hostname is changing, it is statically configured. What I believe is happening is that DNS name resolution is telling you different things at different times because you are using different DNS servers.
    On mac machine terminal type $less /etc/resolv.conf and copy paste what it says. In server app Services | DNS right side does it say you have forwarders?
    Still it is not good to have two DNS domains in your internal LAN, there is no need to have school.org on the mac DNS unless it is going to be fully setup to be authoritative in the internal LAN for the domain school.org. You can have school.org on the Internet (Internet scope of users point 1) and school.local on internal machine (LAN scope of users).
    Lookup has started…
    Trying "example.com"
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53292
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
    ;; QUESTION SECTION:
    ;example.com.                   IN        ANY
    ;; ANSWER SECTION:
    example.com.     10800          IN        SOA          example.com. admin.example.com. 2013010907 3600 900 1209600 86400
    example.com.     10800          IN         NS          server.example.com.
    example.com.     10800          IN         MX          10 server.example.com.
    ;; ADDITIONAL SECTION:
    server.example.com. 10800       IN          A          192.168.1.20
    Received 145 bytes from 127.0.0.1#53 in 2 ms

  • Active Directory binding not working

    Hi
    I'm trying to bind to my active directory at work.
    On tiger I used the following settings
    serverdomain.ad
    the servers name is machine
    Which worked fine.
    On leopard when I use either serverdomain.ad or machine.serverdomain.ad I get the following error message
    (loosely translated from swedish)
    An unknown combination of domain and treecollection was used. You should use a complete DNS-name for the domain and tree collection (i.e something.company.se)
    Does anyone know what I should use..the FQDN is machine.serverdomain.ad - shouldnt that work?

    The answer was dns.. my client was using the correct nameserver.
    The binding worked after that..although I'm not sure its autenticating as it should

  • Failed JNDI - Active Directory binding

    Hello everyone,
    First off, forgive me if I'm posting to the wrong place and please let me know where I should post.
    I have a very simple Java application (more or less copied from the Sun tutorial on JNDI) and am trying to connect to a Win 2003 R2 domain controller with active directory configured and populated.
    No matter what I try I get
    Problem searching directory: javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece]; remaining name 'RootDSE'
    I can bind using any of the standard win32 programs including ldp.exe. I can also bind and browse using Softerra LDAP Administrator without problems. I'm obviously missing something, but I can't see what. Please help.
    There is no authentication info in the code because I'm hoping that's not needed as long as I'm logged into the windows machine I'm running this on.
    Here's the code:
    package printerfinder00;
    import java.util.Hashtable;
    import java.util.jar.Attributes;
    import javax.naming.Context;
    import javax.naming.InitialContext;
    import javax.naming.NameClassPair;
    import javax.naming.NamingEnumeration;
    import javax.naming.NamingException;
    import javax.naming.directory.DirContext;
    import javax.naming.directory.SearchControls;
    import javax.naming.directory.SearchResult;
    import javax.naming.ldap.InitialLdapContext;
    public class Main {
    public static void main(String[] args) {
    Hashtable env = new Hashtable();
    String ldapURL = "ldap://dc01.hr.local:389/";
    env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
    env.put(Context.PROVIDER_URL, ldapURL);
    try {
    DirContext ctx = new InitialLdapContext(env, null);
    SearchControls searchCtls = new SearchControls();
    String returnedAtts[] = {"sn", "givenName", "mail"};
    searchCtls.setReturningAttributes(returnedAtts);
    searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
    String searchFilter = "(&(objectClass=user)(mail=*))";
    String searchBase = "RootDSE";
    int totalResults = 0;
    NamingEnumeration answer = ctx.search(searchBase, searchFilter, searchCtls);
    while (answer.hasMoreElements()) {
    SearchResult sr = (SearchResult) answer.next();
    totalResults++;
    System.out.println(">>>" + sr.getName());
    Attributes attrs = (Attributes) sr.getAttributes();
    if (attrs != null) {
    try {
    System.out.println(" surname: " + attrs.get("sn").get());
    System.out.println(" firstname: " + attrs.get("givenName").get());
    System.out.println(" mail: " + attrs.get("mail").get());
    } catch (NullPointerException e) {
    System.out.println("Errors listing attributes: " + e);
    System.out.println("Total results: " + totalResults);
    ctx.close();
    } catch (NamingException e) {
    System.err.println("Problem searching directory: " + e);
    }

    I think the error message is quite descriptive !
    Problem searching directory: javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece]; remaining name 'RootDSE'
    Firstly you have not supplied any credentials or configured an authentication mechanism, hence you cannot perfom a search.
    For simple authentication, it would be something of the form: String adminName = "FOOBAR\\administrator";
    String adminPassword = "xxxxxxx";
    //set security credentials, note using simple cleartext authentication
    env.put(Context.SECURITY_AUTHENTICATION,"simple");
    env.put(Context.SECURITY_PRINCIPAL,adminName);
    env.put(Context.SECURITY_CREDENTIALS,adminPassword);Secondly, your search base is incorrect (although you haven't got to the stage where this will generate an error)
    BTW, The search base will be a distinguished name of the form:"dc=foobar,dc=com"If you are perfoming this from a Windows client, and want to utilise single sign-on, then you will want to refer to the post titled "JNDI, Active Directory and Authentication (Part 1) (Kerberos)" available at http://forum.java.sun.com/thread.jspa?threadID=579829&tstart=300
    Good luck...

  • Active Directory Binding Problems

    Hi all,
    I'm trying to bind to Active Directory but keep on getting the "unknown error occurred" at step 5.
    I captured the adplugin debug log, the only error I can see is the following:
    2006-03-30 15:53:48 BST - ADPlugin: Setting Computer Password FAILED Deleted Record......
    Has anyone had the same problem? If so any ideas how to overcome it?
    See Complete debug log below.
    2006-03-30 15:33:07 BST - ADPlugin: PeriodicTask Called.......
    2006-03-30 15:33:07 BST - ADPlugin: Calling OpenDirNode
    2006-03-30 15:33:07 BST - ADPlugin: Calling CustomCall
    2006-03-30 15:33:07 BST - ADPlugin: Calling CustomCall
    2006-03-30 15:33:07 BST - ADPlugin: Calling CustomCall
    2006-03-30 15:33:07 BST - ADPlugin: Calling CloseDirNode
    2006-03-30 15:33:35 BST - ADPlugin: Calling OpenDirNode
    2006-03-30 15:33:35 BST - ADPlugin: Calling CustomCall
    2006-03-30 15:33:35 BST - ADPlugin: Doing CheckServerRecords......
    2006-03-30 15:33:35 BST - ADPlugin: student.hastings.ac.uk - Start checking servers for site "any"
    2006-03-30 15:33:35 BST - ADPlugin: Total Servers "any" LDAP - 2, Kerberos - 1, kPasswd - 1
    2006-03-30 15:33:35 BST - ADPlugin: No matching _kerberos records for server - "napier.student.hastings.ac.uk"
    2006-03-30 15:33:36 BST - ADPlugin: Server #1 picked - "rutherford.student.hastings.ac.uk"
    2006-03-30 15:33:36 BST - ADPlugin: student.hastings.ac.uk - Finished checking servers for domain
    2006-03-30 15:33:36 BST - ADPlugin: Got rootDSE for server rutherford.student.hastings.ac.uk to determine forest
    2006-03-30 15:33:36 BST - ADPlugin: Determined Forest of hastings.ac.uk from Domain Controller rutherford.student.hastings.ac.uk
    2006-03-30 15:33:36 BST - ADPlugin: Found Default Domain student.hastings.ac.uk
    2006-03-30 15:33:36 BST - ADPlugin: Global Catalogs - Start checking servers for site "any"
    2006-03-30 15:33:36 BST - ADPlugin: Total Servers "any" LDAP - 3, Kerberos - 2, kPasswd - 2
    2006-03-30 15:33:36 BST - ADPlugin: Server #1 picked - "rutherford.student.hastings.ac.uk"
    2006-03-30 15:33:36 BST - ADPlugin: Server #2 picked - "kepler.hastings.ac.uk"
    2006-03-30 15:33:36 BST - ADPlugin: Found Forest Domain GC hastings.ac.uk
    2006-03-30 15:33:36 BST - ADPlugin: hastings.ac.uk - Start checking servers for site "any"
    2006-03-30 15:33:36 BST - ADPlugin: Total Servers "any" LDAP - 2, Kerberos - 2, kPasswd - 2
    2006-03-30 15:33:36 BST - ADPlugin: Server #1 picked - "kepler.hastings.ac.uk"
    2006-03-30 15:33:36 BST - ADPlugin: Server #2 picked - "galileo.hastings.ac.uk"
    2006-03-30 15:33:36 BST - ADPlugin: Found Forest Domain hastings.ac.uk
    2006-03-30 15:33:36 BST - ADPlugin: Something wrong, unable to determine domain information from Config container......
    2006-03-30 15:33:36 BST - ADPlugin: Finished CheckServerRecords......
    2006-03-30 15:33:36 BST - ADPlugin: Created KerberosClient record Generation ID 165422016
    2006-03-30 15:33:36 BST - ADPlugin: Rebuilt Kerberos File
    2006-03-30 15:33:36 BST - ADPlugin: Calling CloseDirNode
    2006-03-30 15:33:36 BST - ADPlugin: Calling OpenDirNode
    2006-03-30 15:33:36 BST - ADPlugin: Calling CustomCall
    2006-03-30 15:33:36 BST - ADPlugin: Doing CheckServerRecords......
    2006-03-30 15:33:37 BST - ADPlugin: PeriodicTask Called.......
    2006-03-30 15:33:41 BST - ADPlugin: Good credentials for [email protected]
    2006-03-30 15:33:41 BST - ADPlugin: No existing connection in connection mgr for [email protected]@student.hastings.ac.uk:389
    2006-03-30 15:33:41 BST - ADPlugin: Secure BIND Session with server rutherford.student.hastings.ac.uk:389
    2006-03-30 15:33:41 BST - ADPlugin: Read Context information from server for configurationNamingContext of CN=Configuration,DC=hastings,DC=ac,DC=uk
    2006-03-30 15:33:41 BST - ADPlugin: Processing Site Search with found IP
    2006-03-30 15:33:41 BST - ADPlugin: Returning connection to pool for domain student.hastings.ac.uk with dsStatus 0.
    2006-03-30 15:33:41 BST - ADPlugin: student.hastings.ac.uk - Start checking servers for site "any"
    2006-03-30 15:33:41 BST - ADPlugin: Total Servers "any" LDAP - 2, Kerberos - 1, kPasswd - 1
    2006-03-30 15:33:41 BST - ADPlugin: No matching _kerberos records for server - "napier.student.hastings.ac.uk"
    2006-03-30 15:33:41 BST - ADPlugin: Server #1 picked - "rutherford.student.hastings.ac.uk"
    2006-03-30 15:33:41 BST - ADPlugin: student.hastings.ac.uk - Finished checking servers for domain
    2006-03-30 15:33:42 BST - ADPlugin: Got rootDSE for server rutherford.student.hastings.ac.uk to determine forest
    2006-03-30 15:33:42 BST - ADPlugin: Determined Forest of hastings.ac.uk from Domain Controller rutherford.student.hastings.ac.uk
    2006-03-30 15:33:42 BST - ADPlugin: Found Default Domain student.hastings.ac.uk
    2006-03-30 15:33:42 BST - ADPlugin: Global Catalogs - Start checking servers for site "any"
    2006-03-30 15:33:42 BST - ADPlugin: Total Servers "any" LDAP - 3, Kerberos - 2, kPasswd - 2
    2006-03-30 15:33:42 BST - ADPlugin: Server #1 picked - "rutherford.student.hastings.ac.uk"
    2006-03-30 15:33:42 BST - ADPlugin: Server #2 picked - "kepler.hastings.ac.uk"
    2006-03-30 15:33:42 BST - ADPlugin: Found Forest Domain GC hastings.ac.uk
    2006-03-30 15:33:42 BST - ADPlugin: hastings.ac.uk - Start checking servers for site "any"
    2006-03-30 15:33:42 BST - ADPlugin: Total Servers "any" LDAP - 2, Kerberos - 2, kPasswd - 2
    2006-03-30 15:33:42 BST - ADPlugin: Server #1 picked - "kepler.hastings.ac.uk"
    2006-03-30 15:33:42 BST - ADPlugin: Server #2 picked - "galileo.hastings.ac.uk"
    2006-03-30 15:33:42 BST - ADPlugin: Found Forest Domain hastings.ac.uk
    2006-03-30 15:33:42 BST - ADPlugin: Good credentials for [email protected]
    2006-03-30 15:33:42 BST - ADPlugin: Retrieved existing connection from connection mgr [email protected]@student.hastings.ac.uk:389
    2006-03-30 15:33:42 BST - ADPlugin: Read Context information from server for configurationNamingContext of CN=Configuration,DC=hastings,DC=ac,DC=uk
    2006-03-30 15:33:42 BST - ADPlugin: Returning connection to pool for domain student.hastings.ac.uk with dsStatus 0.
    2006-03-30 15:33:42 BST - ADPlugin: Finished CheckServerRecords......
    2006-03-30 15:33:42 BST - ADPlugin: Created KerberosClient record Generation ID 165422022
    2006-03-30 15:33:42 BST - ADPlugin: Rebuilt Kerberos File
    2006-03-30 15:33:42 BST - ADPlugin: Closing All Connections - Connection Manager
    2006-03-30 15:33:42 BST - ADPlugin: Closing Connection - [email protected]@student.hastings.ac.uk:389
    2006-03-30 15:33:42 BST - ADPlugin: Closing All Connections - Connection Manager Completed
    2006-03-30 15:33:42 BST - ADPlugin: Calling CloseDirNode
    2006-03-30 15:33:42 BST - ADPlugin: Calling OpenDirNode
    2006-03-30 15:33:42 BST - ADPlugin: Calling CustomCall
    2006-03-30 15:33:42 BST - ADPlugin: Verify called for [email protected]
    2006-03-30 15:33:43 BST - ADPlugin: Verify successful for [email protected]
    2006-03-30 15:33:43 BST - ADPlugin: Calling CloseDirNode
    2006-03-30 15:33:43 BST - ADPlugin: Calling OpenDirNode
    2006-03-30 15:33:43 BST - ADPlugin: Calling CustomCall
    2006-03-30 15:33:43 BST - ADPlugin: Good credentials for [email protected]
    2006-03-30 15:33:43 BST - ADPlugin: No existing connection in connection mgr for [email protected]@student.hastings.ac.uk:389
    2006-03-30 15:33:43 BST - ADPlugin: Secure BIND Session with server rutherford.student.hastings.ac.uk:389
    2006-03-30 15:33:43 BST - ADPlugin: Read Context information from server for schemaNamingContext of CN=Schema,CN=Configuration,DC=hastings,DC=ac,DC=uk
    2006-03-30 15:33:47 BST - ADPlugin: Returning connection to pool for domain student.hastings.ac.uk with dsStatus 0.
    2006-03-30 15:33:47 BST - ADPlugin: Updating Mappings from Schema..........
    2006-03-30 15:33:47 BST - ADPlugin: Doing Computer search for Ethernet address - 00:0a:95:e4:05:84
    2006-03-30 15:33:47 BST - ADPlugin: Doing DN search for account - testibook
    2006-03-30 15:33:47 BST - ADPlugin: Good credentials for [email protected]
    2006-03-30 15:33:47 BST - ADPlugin: Retrieved existing connection from connection mgr [email protected]@student.hastings.ac.uk:389
    2006-03-30 15:33:47 BST - ADPlugin: Returning connection to pool for domain student.hastings.ac.uk with dsStatus -14136.
    2006-03-30 15:33:47 BST - ADPlugin: Calling CloseDirNode
    2006-03-30 15:33:47 BST - ADPlugin: Calling OpenDirNode
    2006-03-30 15:33:47 BST - ADPlugin: Calling CustomCall
    2006-03-30 15:33:47 BST - ADPlugin: Looking for existing Record of testibook
    2006-03-30 15:33:47 BST - ADPlugin: Doing DN search for account - testibook
    2006-03-30 15:33:47 BST - ADPlugin: Good credentials for [email protected]
    2006-03-30 15:33:47 BST - ADPlugin: Retrieved existing connection from connection mgr [email protected]@student.hastings.ac.uk:389
    2006-03-30 15:33:47 BST - ADPlugin: Returning connection to pool for domain student.hastings.ac.uk with dsStatus -14136.
    2006-03-30 15:33:47 BST - ADPlugin: Attempting Add Record......
    2006-03-30 15:33:47 BST - ADPlugin: Adding in OU = CN=Computers,DC=student,DC=hastings,DC=ac,DC=uk
    2006-03-30 15:33:47 BST - ADPlugin: Good credentials for [email protected]
    2006-03-30 15:33:47 BST - ADPlugin: Retrieved existing connection from connection mgr [email protected]@student.hastings.ac.uk:389
    2006-03-30 15:33:47 BST - ADPlugin: Returning connection to pool for domain student.hastings.ac.uk with dsStatus 0.
    2006-03-30 15:33:47 BST - ADPlugin: Good credentials for [email protected]
    2006-03-30 15:33:47 BST - ADPlugin: Retrieved existing connection from connection mgr [email protected]@student.hastings.ac.uk:389
    2006-03-30 15:33:47 BST - ADPlugin: Added record CN=testibook,CN=Computers,DC=student,DC=hastings,DC=ac,DC=uk
    2006-03-30 15:33:47 BST - ADPlugin: Returning connection to pool for domain student.hastings.ac.uk with dsStatus 0.
    2006-03-30 15:33:47 BST - ADPlugin: Setting Computer Password......
    2006-03-30 15:33:47 BST - ADPlugin: Changing Password for User [email protected] as [email protected]
    2006-03-30 15:35:47 BST - ADPlugin: Changing Password for User [email protected] as [email protected]
    2006-03-30 15:37:47 BST - ADPlugin: Changing Password for User [email protected] as [email protected]
    2006-03-30 15:39:48 BST - ADPlugin: Changing Password for User [email protected] as [email protected]
    2006-03-30 15:41:48 BST - ADPlugin: Changing Password for User [email protected] as [email protected]
    2006-03-30 15:43:48 BST - ADPlugin: Changing Password for User [email protected] as [email protected]
    2006-03-30 15:45:48 BST - ADPlugin: Changing Password for User [email protected] as [email protected]
    2006-03-30 15:47:48 BST - ADPlugin: Changing Password for User [email protected] as [email protected]
    2006-03-30 15:49:48 BST - ADPlugin: Changing Password for User [email protected] as [email protected]
    2006-03-30 15:51:48 BST - ADPlugin: Changing Password for User [email protected] as [email protected]
    2006-03-30 15:53:48 BST - ADPlugin: Good credentials for [email protected]
    2006-03-30 15:53:48 BST - ADPlugin: Existing connection too old in connection mgr [email protected]@student.hastings.ac.uk:389
    2006-03-30 15:53:48 BST - ADPlugin: Secure BIND Session with server rutherford.student.hastings.ac.uk:389
    2006-03-30 15:53:48 BST - ADPlugin: Deleting Record CN=testibook,CN=Computers,DC=student,DC=hastings,DC=ac,DC=uk...
    2006-03-30 15:53:48 BST - ADPlugin: Returning connection to pool for domain student.hastings.ac.uk with dsStatus 0.
    2006-03-30 15:53:48 BST - ADPlugin: Setting Computer Password FAILED Deleted Record......
    2006-03-30 15:53:48 BST - ADPlugin: Updating Local Admin Group
    2006-03-30 15:53:49 BST - ADPlugin: Cleaning Previous Additions to Local Admin Group
    2006-03-30 15:53:49 BST - ADPlugin: Sending lookupd flushcache at request!
    2006-03-30 15:53:49 BST - ADPlugin: Resetting memberd cache also!
    2006-03-30 15:53:49 BST - ADPlugin: Closing All Connections - Connection Manager
    2006-03-30 15:53:49 BST - ADPlugin: Closing Connection - [email protected]@student.hastings.ac.uk:389
    2006-03-30 15:53:49 BST - ADPlugin: Closing All Connections - Connection Manager Completed
    2006-03-30 15:53:49 BST - ADPlugin: Bind/Join failed - Launching kerberosautoconfig -u
    2006-03-30 15:53:49 BST - ADPlugin: Calling CloseDirNode
    Many Thanks
    Paul

    Hi Paul!
    I've personally never seen this error message, but a quick search on Google (which you may have already done as well) for "Setting Computer Password FAILED Deleted Record" found someone else who had the same problem. His issue was firewall related and was fixed by opening some ports for AD. He also provides a link to a Microsoft KB article about this.
    Hope this helps and good luck! bill
    1 GHz Powerbook G4   Mac OS X (10.4.5)  

Maybe you are looking for