Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Cannot Reset Password 2
- Thread starter SIO3
- Start date
juniper911
Technical User
Hello
Not sure of your entire circumstance but this article may help
Not sure of your entire circumstance but this article may help
- Thread starter
- #3
Juniper911, Thanks for the article.
The issue here is that, for three days now, I can no longer reset domain users password and cannot create new users in the Active directory user.
I have gone to UserParameters in ADSIedit and cleared it, but still can reset Domain users password.
What Could be wrong?
The issue here is that, for three days now, I can no longer reset domain users password and cannot create new users in the Active directory user.
I have gone to UserParameters in ADSIedit and cleared it, but still can reset Domain users password.
What Could be wrong?
-
2
- #4
How many DCs do you have? Have you run a NETDIAG and DCDIAG to check for errors? Sounds like you have replication issues.
One thing to check is to make sure that you have not configured any TCP port filtering on your NIC. I recently ran into that and it was blocking access to all LDAP traffic.
I hope you find this post helpful.
Regards,
Mark
Check out my scripting solutions at
Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.
One thing to check is to make sure that you have not configured any TCP port filtering on your NIC. I recently ran into that and it was blocking access to all LDAP traffic.
I hope you find this post helpful.
Regards,
Mark
Check out my scripting solutions at
Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.
- Thread starter
- #5
I have a single DC.
DCDIAG did not show any error.
I still get the error massage when trying to reset Domain users password:
Windows cannot complete Password change for Mavison because: the system cannot find the specified file.
What else can I do to reset users password?
DCDIAG did not show any error.
I still get the error massage when trying to reset Domain users password:
Windows cannot complete Password change for Mavison because: the system cannot find the specified file.
What else can I do to reset users password?
OK, so you ran the DCDIAG but how about the NETDIAG?
Did you verify all services are running? Can other people change their password?
I hope you find this post helpful.
Regards,
Mark
Check out my scripting solutions at
Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.
Did you verify all services are running? Can other people change their password?
I hope you find this post helpful.
Regards,
Mark
Check out my scripting solutions at
Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.
- Thread starter
- #7
markdmac... thanks for your effort.
No one else can reset any password or create a new user account successfully in the domain controller.
Any particular services that I should check out for? Because there are many services running and many others not running.
No one else can reset any password or create a new user account successfully in the domain controller.
Any particular services that I should check out for? Because there are many services running and many others not running.
Look for anything that is configured as Automatic startup that is not running.
Again, what does NETDIAG tell you?
I ran into something like this recently, make sure that TCP/IP filters have not been configured on the server NIC.
I hope you find this post helpful.
Regards,
Mark
Check out my scripting solutions at
Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.
Again, what does NETDIAG tell you?
I ran into something like this recently, make sure that TCP/IP filters have not been configured on the server NIC.
I hope you find this post helpful.
Regards,
Mark
Check out my scripting solutions at
Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.
- Thread starter
- #9
I notice the following in NetDiag output...
Default gateway Test failed
Trust relationship Test skipped
Win services test skipped
IPsec test skipped
Did not really see any TCP/IP filter on the server NIC.
still cannot reset password or creat new account in the Domain Controller.
Default gateway Test failed
Trust relationship Test skipped
Win services test skipped
IPsec test skipped
Did not really see any TCP/IP filter on the server NIC.
still cannot reset password or creat new account in the Domain Controller.
TechyMcSe2k
Technical User
Do you not have internet access requiring a Gateway? If not, configure your gateway as 127.0.0.1 run NETDIAG again
_______________________________________
Great knowledge can be obtained by mastering the Google algorithm.
_______________________________________
Great knowledge can be obtained by mastering the Google algorithm.
I would recommend running NETDIAG /FIX.
I hope you find this post helpful.
Regards,
Mark
Check out my scripting solutions at
Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.
I hope you find this post helpful.
Regards,
Mark
Check out my scripting solutions at
Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.
- Thread starter
- #12
TechyMcSe2k... I have internet access and can access the internet on the DC.
makdmac.... I did NetDiag /Fix and noticed the follwing
=========
LDAP test. . . . . . . . . . . . . : Failed
[FATAL] Cannot do NTLM authenticated ldap_bind to 'ict-dc-001.ict.local': In
valid Credentials.
[FATAL] Cannot do Negotiate authenticated ldap_bind to 'ict-dc-001.ict.local
': Invalid Credentials.
[WARNING] Failed to query SPN registration on DC 'ict-dc-001.ict.local'.
[FATAL] No LDAP servers work in the domain 'ICT'.
=================
I tried again to reset a Domain user password but no succes yet
makdmac.... I did NetDiag /Fix and noticed the follwing
=========
LDAP test. . . . . . . . . . . . . : Failed
[FATAL] Cannot do NTLM authenticated ldap_bind to 'ict-dc-001.ict.local': In
valid Credentials.
[FATAL] Cannot do Negotiate authenticated ldap_bind to 'ict-dc-001.ict.local
': Invalid Credentials.
[WARNING] Failed to query SPN registration on DC 'ict-dc-001.ict.local'.
[FATAL] No LDAP servers work in the domain 'ICT'.
=================
I tried again to reset a Domain user password but no succes yet
You can't connect to AD because of LDAP problems. I recently battled this, but there can be a number of reasons for the problem.
Let's check the most obvious first.
On the server, right click your local area connection under network connections. Choose properties. Click Internet Protocol TCP/IP and choose properties. Click Advanced. Click the options tab. Click properties. Make sure all 3 radio buttons are set to to Permit All.
Report back when this is verified.
I hope you find this post helpful.
Regards,
Mark
Check out my scripting solutions at
Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.
Let's check the most obvious first.
On the server, right click your local area connection under network connections. Choose properties. Click Internet Protocol TCP/IP and choose properties. Click Advanced. Click the options tab. Click properties. Make sure all 3 radio buttons are set to to Permit All.
Report back when this is verified.
I hope you find this post helpful.
Regards,
Mark
Check out my scripting solutions at
Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.
- Thread starter
- #14
OK, then we will need to troubleshoot the LDAP problem.
Download Kerbtray to start with. Don't worry that it says it is a Win2000 Resource Kit Utility. It works fine with 2003.
Run that and you will get a little green icon in your tray. Right click that and choose Purge Tickets. That will reset your Kerberos tickets. Then restart the Kerberos Key Distribution service. Then reset DNS Server service.
Rerun NETDIAG /FIX and let me know if that fixes the LDAP problem.
I want to voice that I am worried you won't be able to restart the server for fear that AD won't be available to let you log in to the server again. So for now, let's try to avoid that.
I hope you find this post helpful.
Regards,
Mark
Check out my scripting solutions at
Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.
Download Kerbtray to start with. Don't worry that it says it is a Win2000 Resource Kit Utility. It works fine with 2003.
Run that and you will get a little green icon in your tray. Right click that and choose Purge Tickets. That will reset your Kerberos tickets. Then restart the Kerberos Key Distribution service. Then reset DNS Server service.
Rerun NETDIAG /FIX and let me know if that fixes the LDAP problem.
I want to voice that I am worried you won't be able to restart the server for fear that AD won't be available to let you log in to the server again. So for now, let's try to avoid that.
I hope you find this post helpful.
Regards,
Mark
Check out my scripting solutions at
Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.
One other thing to check, go into Device Manager and make sure you don't see the MS Loopback adapter listed under the Network Devices. You will also want to verify that your server doesn't have an "IP Network Address Translator" device under the Non-Plug and Play Drivers.
If either of those exist disable them.
I hope you find this post helpful.
Regards,
Mark
Check out my scripting solutions at
Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.
If either of those exist disable them.
I hope you find this post helpful.
Regards,
Mark
Check out my scripting solutions at
Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.
- Thread starter
- #17
markdmac... I have look at Device Manager and there is no MS Lookback adapter as well as IP Network Address Translator. Both are not there.
Let me state that reseting domain users passwords has been a successfully carried out severally until about two weeks ago when it has become an issue.
Meanwhile I am downloading the Kebtray and will post my finding when I am done.
Let me state that reseting domain users passwords has been a successfully carried out severally until about two weeks ago when it has become an issue.
Meanwhile I am downloading the Kebtray and will post my finding when I am done.
- Thread starter
- #18
I Have reset the Kerberos tickets severally using the Server 2000 Resource kit I downloaded, yet the LDAP error is still showing up and I cannot still reset users password.
Windows cannot complete password change for Mavison because: the system cannot find the specified file.
What is the name of this specified file?
Windows cannot complete password change for Mavison because: the system cannot find the specified file.
What is the name of this specified file?
Did anything happen two weeks ago that you can recall. Power cut/surge, any new software that may have been installed, any other system changes that may have been made?
Can users change their passwords at a workstation using ctrl alt delete?
Paul
MCTS: Exchange 2007, Configuration
MCSA:2003
MCSE:2003
MCITP:Enterprise Administrator
If there are no stupid questions, then what kind of questions do stupid people ask? Do they get smart just in time to ask questions?
Scott Adams
Please post complete DCDIAG and NETDIAG results for additional troubleshooting.
I hope you find this post helpful.
Regards,
Mark
Check out my scripting solutions at
Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.
I hope you find this post helpful.
Regards,
Mark
Check out my scripting solutions at
Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.
- Status
Similar threads
- Locked
- Question
- Locked
- Question