Please Read: Significant Update Planned, Migrating Forum Software This Month

See more
See less

Windows 7 64 bit Dcom/GPO Issues

  • Filter
  • Time
  • Show
Clear All
new posts

  • Windows 7 64 bit Dcom/GPO Issues

    Hi guys,

    I have been googling and tying fixes for 4 days now so this is my last resort.
    I assure you I have read most articles going.

    I joined the company 2 weeks ago and the office manager wanted the domain admin password changed due to the outgoing IT Engineer. No problem completely understand and I went about it.

    I then noticed on the DC (single DC running Windows 2008 SP2 in 2000 domain functionality we were getting)

    Event ID 12294

    The SAM database was unable to lockout the account of Administrator due to a resource error, such as a hard disk write failure (the specific error code is in the error data) . Accounts are locked after a certain number of bad passwords are provided so please consider resetting the password of the account mentioned above.

    And on checking AD the domain admin would be locked out, although I know it can't be it just states it is, so was still able to log in.

    By using account locking examiner software I was able to pin this down to 4 IBM lenovo Windows 7 64 bit pro laptops. It indicated that this was being caused by RPC server unavailable and even DCOM errors.

    On the clients I am getting the following errors, event ID1055 The processing of group policy failed. Windows could not resolve the computer name etc etc.

    Plus event id 40961 LsaSrv the security system could not establish a secured connection to the server LDAP/*******. No authentication process was available.

    Google both of these you will find them.

    I have run DCDIAG /Test: dns and all is fine, I can ping the dc from the clients.
    NSLOOKUP reverse and forward both work, unless there isn't a reverse record for the client. We have 20 clients so I believe reverse DNS wasn't needed previously.

    DCDIAG /s doesn't report any issues on the DC. I have checked that there is no rogue old DC's and there isn't.

    However these lockouts and errors continue to appear plus the default domain policy isn't getting applied although it does indicate the user is getting it applied, when using gpresult, just not the computer.

    I have disabled the windows firewall on these clients and removed any additional Symantec Endpoint protection, so they should be all open, firewall free.

    It seems to me an issue between these particular laptops, as we have desktops windows 7 64 bit and they are fine.

    I have disabled any aspect of IPV6 in case this was the issue then cleaned up DNS. We do have an internal wireless network which is joined to our domain and so laptops will get two IP's on the same range. I didn't think this should be an issue but just in case I have disabled the wireless adaptor as a test.

    I have updated all drivers and applied all Windows hot fixes with no luck

    I don't believe its a DNS or network issue, as all other clients are working. These are a mix of Windows 7 32 and 64 bit. I believe its just these machines.

    I am really getting to the end of my trouble shooting its worn me out, so any help would be appreciated

  • #2
    Re: Windows 7 64 bit Dcom/GPO Issues

    scheduled tasks on the machines in question?
    services running as administrator?
    programs with saved credentials to run-as administrator...?
    Please do show your appreciation to those who assist you by leaving Rep Point


    • #3
      Re: Windows 7 64 bit Dcom/GPO Issues

      I've checked services and tasks should of mentioned that sorry

      Although the run as is interesting ... Is there a way of finding these ?


      • #4
        Re: Windows 7 64 bit Dcom/GPO Issues

        It's ok I've found it.... I'll check it in the morning