Secondary Domain Controller Not Authenticating Domain Users

Similar Messages

• Import not authenticating portal user

  I am using Portal 10.1.4 and am trying to import a portal from another Portal 10.1.4 instance. I have retrieved the import/export script from the web interface from the source system (in Navigator when selecting Export for the relevant Page Group).
  However, no matter what portal user and portal password I put on the command line, I am getting an authentication error:
  D:\>export107.bat -mode IMPORT -d export107.dump -c ORCL -s PORTAL -p <schema password> -company MyCompany -pu portal -pp <portalpassword>
  Verifying the environment variables...
  Verifying the Oracle Client version...
  IMPORT Mode Selected
  Verifying the portal schema passed...
  Verifying the availability of transport set...
  Verifying the status of transport set...
  Calling Oracle exp or imp utility based on the mode of operation....
  PL/SQL procedure successfully completed.
  Checking for privileges...
  Checking for version compatibility...
  Setting the Context...
  Error: Authentication failed for portal
  Cannot proceed with Import
  I have checked that the portal user is in the OID and that they have a portal profile (using the Portal Admin web interface).
  How do I properly set up a user which can be used in the import script? (i.e. the pu and pp command parameters)?
  Thanks

  The problem turned out to be an incorrect value for the company parameter. I think this is what was suggested above - and it works. Just use the default value for company when executing the import script

• Itunes is not authenticating my User Name when I try to remove Parental Control

  Why is iTunes store unable to "Authenticate" my User Name when I try to unlock the Parental Control? This started after I downloaded the latest version 10.5

  See Here  >  http://support.apple.com/kb/HT1808
  This will not necessarily work if the Device has been Modified.

• Ide 2 controller not detect

  hi, THIS IS NOT MSI PRODUCT,BUT  I NEED YOUR HELP ,AND IDEA  
  my intel SE440BX ide 2 cannot detect my cd-rom,and i try to read from windows(windows 98SE)device manager the secondary ide controller not detect,but at cMOS the both of ide was enable ,the CDROM is working ,pls help me.
  IF can't use ,do your know the configure the creative Sound blaster 16(CT2910)the IDE port,can your show the method

  does the cd-rom detect on bootup when you set the secondary master/slave to auto-detect?  
  When you say that the secondary ide not detect in windows, do you mean that you only get a primary ide controller?  Try going into the Main IDE controller properties (can't remember what it's called in 98), and make sure that both ide channels are enabled, this is done in device manager, it's in the same section as the primary/secondary ide controller's are.

• Secondary domain controller not able to connect from work stations.

  We are using primary and secondary domain controllers. In which the secondary domain controller act as a replication server. actually the problem occurs while accessing the secondary domain controller from work stations I get the following error:
   "The trust relationship between this workstation and the primary domain failed".
  Any one please give as a solution.
  Thank you.

  Hi,
  Most simple resolution would be unjoin/disjoin the computer from the domain and rejoin the computer account back to the domain.
  There might be multiple reasons for this kind of behavior.
  Here are a few of them:
  Single SID has been assigned to multiple computers.
  If the Secure Channel is Broken between Domain controller and workstations
  If there are no SPN or DNS Host Name mentioned in the computer account attributes
  Outdated NIC Drivers.
  According your description, the second one may be the cause of your problem.
  When a Computer account is joined to the domain, Secure Channel password is stored with computer account in domain controller. By default this password will change every 30 days (This is an automatic process, no manual intervention is required).
  Upon starting the computer, Netlogon attempts to discover a DC for the domain in which its machine account exists. After locating the appropriate DC, the machine account password from the workstation is authenticated against the password on the DC.
  If there are problems with system time, DNS configuration or other settings, secure channel’s password between Workstation and DCs may not synchronize with each other.
  A common cause of broken secure channel [machine account password] is that the secure channel password held by the domain member does not match that held by the AD. Often, this is caused by performing a Windows System Restore (or reverting
  to previous backup or snapshot) on the member machine, causing an old (previous) machine account password to be presented to the AD.
  Follow below link which explains typical symptoms when Secure channel broken,
  Typical Symptoms when secure channel is broken
  http://blogs.technet.com/b/asiasupp/archive/2007/01/18/typical-symptoms-when-secure-channel-is-broken.aspx
  For detailed information, please refer to the link below,
  Troubleshooting AD: Trust Relationship between Workstation and Primary Domain failed
  http://social.technet.microsoft.com/wiki/contents/articles/9157.troubleshooting-ad-trust-relationship-between-workstation-and-primary-domain-failed.aspx
  Hope this helps.
  Steven Lee
  TechNet Community Support

• Server 2012 Secondary Domain Controller not picking up AD nor DNS responsibilities

  I had a single Domain Controller providing AD, DNS and  DHCP.  I went through the steps to add a Secondary Domain Controller.  All the AD and DNS info shows up in the Secondary Server, however, when my original Domain Controller is turned
  off, the second Domain Controller is not taking over for AD and DNS.

  Hi Bayousmurf,
  Good that you made some progress. However, can you please provide us the information on how you acheived transfering FSMO role to another DC since you had some issue earlier?
  Your initial intention was to demote the original DC. Please follow the below link for the steps to demote the DC.
  http://technet.microsoft.com/en-in/library/jj574104.aspx
  Still if I power off the original DC the new one isn't taking up DNS.  Still looking into the DNS...
  Can you please elaborate what exactly you are looking for? When you power off original DC, you don't see DNS in new DC? Is your DNS active directory integrated? If not please follow the below procedure to make it as a AD integrated. Once done, then, power
  off original DC and look in new DC to see if DNS shows up.
  http://www.tomshardware.com/faq/id-1954324/configure-active-directory-integrated-dns-zone-windows-server-2012-dns-server.html
  Thanks,
  Umesh.S.K

• DC on VM Restored after crash - Does Not allow PCs to Join Domain, or Domain Users to Log in

  We currently had a RAID array crash and rebuilt our main server which housed VMs for our Web and DC.
  The main server was restored from a bare-metal backup from 6 months prior to the latest backup of the VMs (not sure if pertinent)
  Since the Restore, Domain computers cannot access file shares on the main server or VMs - "unspecified network error
  0x80004005
  Removed the main server from the Domain to re-join it due to some issues with logging in (even with a Domain Admin account) - Found that any PC removed from the domain was no longer able
  to rejoin - Receive (Network path was not found error)
  Domain Users cannot log in to their computers - Error reads "The trust relationship between this computer and the domain has been lost" - Domain Admin accounts can log in without
  problem.
  Have been working on it for two weeks and tried most of the things that I have found in others questions for related 
  DCDIAG results (run on DC VM) - More errors appear if run on the Server (Locator DcGetDcName(GC_Server_Required) call failed, error 1722 (same for PDC, TIME, GOOD_TIME, and KDC)
  Directory Server Diagnosis
  Performing initial setup:
     Trying to find home server...
     Home Server = DC1
     * Identified AD Forest. 
     Done gathering initial info.
  Doing initial required tests
     Testing server: Default-First-Site-Name\DC1
        Starting test: Connectivity
           ......................... DC1 passed test Connectivity
  Doing primary tests
     Testing server: Default-First-Site-Name\DC1
        Starting test: Advertising
           ......................... DC1 passed test Advertising
        Starting test: FrsEvent
           There are warning or error events within the last 24 hours after the
           SYSVOL has been shared.  Failing SYSVOL replication problems may cause
           Group Policy problems. 
           ......................... DC1 failed test FrsEvent
        Starting test: DFSREvent
           ......................... DC1 passed test DFSREvent
        Starting test: SysVolCheck
           ......................... DC1 passed test SysVolCheck
        Starting test: KccEvent
           ......................... DC1 passed test KccEvent
        Starting test: KnowsOfRoleHolders
           ......................... DC1 passed test KnowsOfRoleHolders
        Starting test: MachineAccount
           ......................... DC1 passed test MachineAccount
        Starting test: NCSecDesc
           ......................... DC1 passed test NCSecDesc
        Starting test: NetLogons
           ......................... DC1 passed test NetLogons
        Starting test: ObjectsReplicated
           ......................... DC1 passed test ObjectsReplicated
        Starting test: Replications
           ......................... DC1 passed test Replications
        Starting test: RidManager
           ......................... DC1 passed test RidManager
        Starting test: Services
           ......................... DC1 passed test Services
        Starting test: SystemLog
           A warning event occurred.  EventID: 0x80040022
              Time Generated: 01/15/2015   19:32:28
              Event String:
              The driver disabled the write cache on device \Device\Harddisk0\DR0.
           A warning event occurred.  EventID: 0x80040022
              Time Generated: 01/15/2015   19:32:28
              Event String:
              The driver disabled the write cache on device \Device\Harddisk0\DR0.
           A warning event occurred.  EventID: 0x80040022
              Time Generated: 01/15/2015   19:32:28
              Event String:
              The driver disabled the write cache on device \Device\Harddisk0\DR0.
           A warning event occurred.  EventID: 0x000003F6
              Time Generated: 01/15/2015   19:32:52
              Event String:
              Name resolution for the name DC1.Home.xxx.com timed out after none of the configured DNS servers responded.
           An error event occurred.  EventID: 0xC00038D6
              Time Generated: 01/15/2015   19:33:25
              Event String:
              The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data.
           A warning event occurred.  EventID: 0x00000420
              Time Generated: 01/15/2015   19:33:29
              Event String:
              The DHCP service has detected that it is running on a DC and has no credentials configured for use with Dynamic DNS registrations initiated by the DHCP service.   This is not a recommended security configuration.
   Credentials for Dynamic DNS registrations may be configured using the command line "netsh dhcp server set dnscredentials" or via the DHCP Administrative tool.
           A warning event occurred.  EventID: 0x00002724
              Time Generated: 01/15/2015   19:33:33
              Event String:
              This computer has at least one dynamically assigned IPv6 address.For reliable DHCPv6 server operation, you should use only static IPv6 addresses.
           A warning event occurred.  EventID: 0x000727AA
              Time Generated: 01/15/2015   19:36:34
              Event String:
              The WinRM service failed to create the following SPNs: WSMAN/DC1.Home.xxx.com; WSMAN/DC1. 
           A warning event occurred.  EventID: 0x00001695
              Time Generated: 01/15/2015   19:59:52
              Event String:
              Dynamic registration or deletion of one or more DNS records associated with DNS domain 'Home.xxx.com.' failed.  These records are used by other computers to locate this server as a domain controller (if the specified
  domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).  
           A warning event occurred.  EventID: 0x00001695
              Time Generated: 01/15/2015   19:59:52
              Event String:
              Dynamic registration or deletion of one or more DNS records associated with DNS domain 'DomainDnsZones.Home.xxx.com.' failed.  These records are used by other computers to locate this server as a domain controller
  (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).  
           A warning event occurred.  EventID: 0x00001695
              Time Generated: 01/15/2015   19:59:52
              Event String:
              Dynamic registration or deletion of one or more DNS records associated with DNS domain 'ForestDnsZones.Home.xxx.com.' failed.  These records are used by other computers to locate this server as a domain controller
  (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).  
           A warning event occurred.  EventID: 0x00000420
              Time Generated: 01/15/2015   20:20:21
              Event String:
              The DHCP service has detected that it is running on a DC and has no credentials configured for use with Dynamic DNS registrations initiated by the DHCP service.   This is not a recommended security configuration.
   Credentials for Dynamic DNS registrations may be configured using the command line "netsh dhcp server set dnscredentials" or via the DHCP Administrative tool.
           A warning event occurred.  EventID: 0x00002724
              Time Generated: 01/15/2015   20:20:25
              Event String:
              This computer has at least one dynamically assigned IPv6 address.For reliable DHCPv6 server operation, you should use only static IPv6 addresses.
           ......................... DC1 failed test SystemLog
        Starting test: VerifyReferences
           ......................... DC1 passed test VerifyReferences
     Running partition tests on : ForestDnsZones
        Starting test: CheckSDRefDom
           ......................... ForestDnsZones passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... ForestDnsZones passed test
           CrossRefValidation
     Running partition tests on : DomainDnsZones
        Starting test: CheckSDRefDom
           ......................... DomainDnsZones passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... DomainDnsZones passed test
           CrossRefValidation
     Running partition tests on : Schema
        Starting test: CheckSDRefDom
           ......................... Schema passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... Schema passed test CrossRefValidation
     Running partition tests on : Configuration
        Starting test: CheckSDRefDom
           ......................... Configuration passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... Configuration passed test CrossRefValidation
     Running partition tests on : Home
        Starting test: CheckSDRefDom
           ......................... Home passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... Home passed test CrossRefValidation
     Running enterprise tests on : Home.xxx.com
        Starting test: LocatorCheck
           ......................... Home.xxx.com passed test LocatorCheck
        Starting test: Intersite
           ......................... Home.xxx.com passed test Intersite
  All PCs can ping the DC, and get name resolution.  Checked IPs, DNS on both WS and DC (DC points to its own IP address with no other DNS), Forwarders for DNS appear to be working,
  as normal DNS name resolution and internet access works on all PCs.  Have tried disabling NIC card and installing another NIC.  All searches keep pointing back at the same things that I have tried.  I feel like I am missing something stupid.
   Please help

  The backup you used is too old. That is why your clients are experiencing trust relationship failures: the computer passwords are no longer matching so they are failing to connect to AD. You need to disjoin and join them again.
  I understand that this is the only DC you have so please make sure that the DC is not multihomed, that it points to its private IP address as primary DNS server and 127.0.0.1 as secondary one. Also, you might need to rebuild your SYSVOL folder if you keep
  getting the SYSVOL errors: https://support.microsoft.com/kb/315457?wa=wsignin1.0
  This posting is provided AS IS with no warranties or guarantees , and confers no rights.
  Ahmed MALEK
  My Website Link
  My Linkedin Profile
  My MVP Profile

• 530 5.7.1 Client was not authenticated - Exchange 2013 to external domains

  Hi all,
  I have an Exchange server 2013 on windows 2012 R2 and do all the configuration for sending and receiving the mail according to the document provided by Microsoft.
  But whenever I am trying to send mails from external domains to my exchange server domain I got the following error:
  530 5.7.1 Client was not authenticated
  Same thing I am getting If I am sending mail through outlook from my Exchange domains to external domain.
  But if I am selecting the
  <label for="ResultPanePlaceHolder_ReceiveConnector_Security_contentContainer_chkPermissionGroupAnonymousUsers" id="ResultPanePlaceHolder_ReceiveConnector_Security_contentContainer_chkPermissionGroupAnonymousUsers_label">Anonymous
  users in the security option of Default Frontend XXXX, I am able to send the mails through outlook.</label>
  <label for="ResultPanePlaceHolder_ReceiveConnector_Security_contentContainer_chkPermissionGroupAnonymousUsers" id="ResultPanePlaceHolder_ReceiveConnector_Security_contentContainer_chkPermissionGroupAnonymousUsers_label">But I don't
  want to use this option as it will enable to send the mails without validating the Exchange server user name and password.</label>
  SO can anyone please suggest some solutions to resolve this as using Anonymous users fro sending and receiving mails is not secure.
  Regards
  Pankaj Raman.
  <label for="ResultPanePlaceHolder_ReceiveConnector_Security_contentContainer_chkPermissionGroupAnonymousUsers" id="ResultPanePlaceHolder_ReceiveConnector_Security_contentContainer_chkPermissionGroupAnonymousUsers_label">
  </label>

  I have a java code for sending mails using the SMTP address of the servers. For sending a mail it required a valid user name and password. For all other SMTP servers if I have used invalid user name and password then I am getting the  530
  5.7.1 Client was not authenticated error, but
  if I am using my SMTP address and invalid user name and password then also I am able to send the mails.
  So I just want to know what I have to configure in the exchange 2013 server so that it will validate the user name and password.
  Regards
  Pankaj Raman.
  Hi Pankaj,
  Thank you for your question.
  Was invalid user name and password included in Java code?
  Did outlook send emails?
  If this issue happen on Java code instead of outlook?
  In fact, Exchange server didn’t validate user account and password, user account and password will be validated on domain controller,
  I suggest we create a new dedicated receive connector and enable “anonymous” permission for java code
  If there are any questions regarding this issue, please be free to let me know. 
  Best Regard,
  Jim
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
  Jim Xu
  TechNet Community Support

• Domain Users are not able to log in to Domain Computers - Administrators are able to do so

  I have Primary Domain Controller and Secondary one, The users can log in to both as I have changed the locally Policy to allow Domain users to log in. 
  But I am having problem with users who can not log in to computers joined the domain. I noticed that ONLY Administrators allowed to log in locally in the Policy and if want to add users, i will not be able to do so as Adding Users or Group is Disabled. 
  Advise is appreciated. 

  Hi,
  Please follow the below steps for checking whether either "Allow Logon Locally" or "Deny Logon Locally" is enabled in the default policy, 
  1. Go to start -> run -> tupe GPMC.MSC, to open Group Policy Management Console.
  2. In the  Group Policy Management Console,right click and edit the default policy and navigate to the node "Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment".
  3. In the "User Rights Assignment" node, check whether the options "Deny log on locally" or "Allow Logon Locally" are
  defined and groups added to those options to confirm the logon problem of domain users.
  NOTE: Also check the local policy, as you have mentioned "I have Primary Domain
  Controller and Secondary one, The users can log in to both as I have changed the locally Policy to allow Domain users to log in." 
  Regards,
  Gopi
  www.jijitechnologies.com

• Secondary Domain Controller

  Hi ,
  I have 2 physical servers srvr1 and srvr2 running windows server 2012 Standard , with 32RAM and 800GB for each , srvr1  is Domain controller , and I need to make secondary as backup in case the first one fail .
  my question is what is the best option
  install secondary domain on Srvr2 or on the hyper instance of srvr2 and why
  thanks in advanced

  thanks for the reply ...
  srvr2 is physical server and not hypervisor , i used it as applications server . so I was wondering what is the best practice user the hyper v role or the server itself
  thanks
  I recommend to always use dedicated servers for the DC role, so I would then suggest running it as a virtual machine.
  Enfo Zipper
  Christoffer Andersson – Principal Advisor
  http://blogs.chrisse.se - Directory Services Blog

• "Sharepoint 2013" is giving error that prevents local domain users authentication for "Team Foundation Server"

  I am getting 2 errors through the event viewer that prevents TFS 2013 authentication for local domain users, also this error started appearing after having TFS upgraded to [ 12.0.30723.0 (Tfs2013.Update3) ].
  1st Error (from administrative events):
  The Execute method of job definition Microsoft.SharePoint.Administration.SPUsageImportJobDefinition (ID a51a0244-765d-433b-8502-0bb0540ad1fd) threw an exception. More information is included below.
  Access to the path 'C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\15\LOGS' is denied.
  Tried so far:-
  - changed the path to another folder from "Diagnostic Logging" in another drive, but still getting the same error.
  2nd Error (from application server):
  DistributedCOM error
  The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
  {000C101C-0000-0000-C000-000000000046}
   and APPID 
  {000C101C-0000-0000-C000-000000000046}
   to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
  Which I already got fixed using the following steps on a thread I opened before (but still getting the same error).
  https://social.technet.microsoft.com/Forums/windows/en-US/3896e35c-b99a-4d30-b662-f92d337c8d6f/windows-servers-components-services-and-regedit-permissions-are-grayed-out-for-my-admin-account?forum=winservergen
  Other Fixes I tried
  - Found on another topic that it is not sharepoint that is causing the problem, but it is the generated ASP.NET web pages used for testing is causing the memory to fill up due to cashing on RAM, the fix suggested to change IIS cashing from RAM to HD to prevent
  loading up using w3wp.exe from processes. 
  Concern
  - by checking other topics for people having the same problem, it was mentioned that this error appeared after the lastest TFS update, is there is a fix for it ?

  Hi Kpdn, 
  Thanks for your post.
  All your participation and support are very important to build such harmonious/ pleasant / learning environment for MSDN community.
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• Authentication prompt issue when opening an office file in a document library with read permission for domain users

  An user as part of the domain users tries to open an office file from a document library but he got an authentication prompt asking him to authenticate. Domain users has only access to this library and not to the whole site. This uses to work in SharePoint
  2007 without any problem but not in SharePoint 2013, we didn't have a workflow on SP2007.
  Domain users has read access to only this document library in the site, but he shouldn't get an authentication prompt since he is part of the domain users and he is not trying to modify the document, he can open the document but gets two prompts, he can't
  also see the list using explorer view since nothings appears using the explorer view.
  Now, when opening the file, we can see..Updating Workflow Status, but we don't have any workflow working on this site or library, event any feature related to workflow.
  If we go to the event viewer in the server, we find this information,
  I also checked this thread but I couldn't find this scenario.
  https://social.technet.microsoft.com/Forums/sharepoint/en-US/91bc770b-bb70-4885-a4ad-a243edb88753/event-id-8026-workflow-soap-getworkflowdataforitem-failed-doc-library-no-workflow?forum=sharepointgeneralprevious
  I also created another list with the same permissions and using other office files but got the same behavior.
  Now, we have migrated this site from SP2007 to SP2013.
  Any ideas?

  OK, I am going to throw out a lot of ideas here so hopefully they get you closer to a diagnosis. Hang on :)
  Does it happen to work for some users but not others? If so, try logging in on the "good" computer with the "bad" username. This will tell you if the problem is related to the end-user's system. Also, once the user downloads a document
  successfully can they open and work on it in Word? Also, does the document library have any custom content types associated with it or does it just use 'Document'?
  I notice that there are other folks on the web that have run into this same problem and the similarity seems to be that they are either on SharePoint 2007 or have upgraded from 2007. Did this doc library start out as a 2007 library?
  What you might want to do is this: Make a site collection from scratch in 2013 (or find one that you know was created in 2013). Choose team site (or whatever you want) for the root web and set up the security the same way you have it on the malfunctioning
  library. Now, use windows explorer to copy and paste some of the documents to the new location. Be sure you recreate any needed content types. Now test it from the troubled user's computer.
  I'm thinking there may be something that is different about the library since it was migrated through various versions and updates since 2007. I've sometimes found that there can be problems (especially with user profiles but that's a different story) with
  things that go through this evolution.

• 7210 doesn't authenticate to secondary domain controller

  We've been testing a 7210 configured to authenticate to a domain controller's MS active directory. Our testing indicates that when our primary domain controller is off line that the 7210 does not attempt to authenticate to the secondary domain controller. I would have expected it to behave like any other device set to authenticate on our domain and to use the secondary controller if the primary domain controller becomes unavailable.
  Has anyone else noticed this behaviour and more importantly is there a way to configure the 7210 to ensure it will use the secondary if need be?
  Cheers.

  For others who may come across this we ended up putting a support call in to Sun. The answer from Sun is:
  "... have been informed that this is by design to occur like this. Many people don't believe it should so there is an
  RFE raised and development is occurring to resolve this under an internal bug."
  regards
  Stephen Meatheringham

• Sudden failed authentications for user@domain

  Hello,
  We are running 6 ACS 4.1 servers on Windows 2003 Servers. These servers are not the same as the Domain Controllers.
  Since many years, we have devices sending their username in the format domain\user and some other use user@domain. Everything was working well in our 6 ACS servers.
  Suddenly, this morning, as 06:00:25, on one single server, all the request using user@domain were reported as failed with the follwowing message in the ACS logs: "External DB user invalid or bad password".
  We first thought that the DC near the ACS server was the cause of the issue, but we observe that all the other ACS servers could process these user@domain AAA queries without problem. We then rebooted the ACS server and when it went back up, everything was running again like a charm.
  We could not find what happened at 06:00:25. There is no Windows Scheduled Tasks at that time, and there is no ACS DB Replication or Backup running at that time neither.
  Can someone help us troubleshooting that issue that affected only one single server in an unexpected way ?
  Thanks a lot,
  David Mayor

  Hello Anisha,
  I understand that with new installation, such post tasks are required. However, our installation is running in such a state for more than 2 or 3 years. And it is only over the past week that such problem happens twice.
  We have also observed one more thing: You know that the main problem started few seconds after 6 AM, in both days when it happened. We observed that between 00:02 (midnight + about 2 minutes) and 01:05 AM, the same problems happens also ! But, at 01:05 AM, the problem automatically goes away without any intervention. However, when it happens again at 6 AM, we have to restart the server, because otherwise it would not automatically recover.
  Didn't you find anything else than "error Windows authentication FAILED (error 1326L)" on the full log ?
  Thanks a lot,
  With my very best regards,
  David Mayor

• Office 2013 applications will not run as a domain users

  I have a windows 7 64-bit pc with 2013 office home and and business installed. When trying to access Office as a domain user the programs will not run. Is there a fix for this other than making the users local admins?

  Hi,
  Which version of Office 2013 did you deployed, Windows Installer-based version or the Click-to-Run version?
  Did you install the Office product with local administrator account? I notice that the users must be local administrators on their computers to install Office:
  http://technet.microsoft.com/en-us/library/ee624360.aspx
  If we add the local admin right to the user, can the Office programs be launched? If so, repair the Office programs and then remove the local admin right. See if it can work.
  Best regards,
  Rex Zhang
  TechNet Community Support