Questions, communicate with a Windows domain controller

I thought at first my user had a problem with Keychain and had finally called Apple Tech Support.  While on the line with Apple, we proved that it was not a question of Keychain, but rather a problem of communication with a windows domain controller. The key elements are:

* Multiple users and Macs are members of an Active Directory multi-domain forest

* iMac is a 27-inch, mid-2011w / 8 GB RAM

* OS X 10.11.2 (updated 10.11.3)

* Question appears isolated to this iMac (currently). All other iMac, Macbook Pro and Mac Pro is currently very well, several VIRTUAL LANs, and a MacBook connected to the connection of network iMacs can communicate properly with the domain.

* iMac seems not to contact no matter what domain controller when connecting, but connects to the resources of the network and domain controllers, after login. Permissions and access to the resources appear normal after login.

* User (s) cannot change passwords for mobile accounts or login with new mobile accounts, but accounts/passwords cached work very well.

* iMac uses Symantec EndPoint Protection for Mac (anti-virus) – REQUIRED BY THE POLICY.  I can't change.  I have come off for the test, but must replace as soon as the test is completed. This policy is set at a level about five grades of remuneration above me.

* It isn't really everything off the coast of the wall software installs on the computer.  The full Adobe Creative Cloud subscription is responsible, but so it is on just about every other mac I support.

The steps that have taken place:

(1) about a month ago, the user went to change his password, but wouldn't go to change password at the login window.  We were able to change their password on the network and could use the new password to connect to the network Active Directory controlled resources. We can connect to resources network successfully with the new password, after we connect locally with the old password.

(2) we get the red ball (the network resources are not available) to the login window. We are basically connecting with identification and passwords cached information.

(3) if we try to change their password through the system preferences / users and groups / / password Chang, we get the message that no domain controller is available.

(4) initially thought that it was a matter of trousseau, and we ended up calling Apple support, since Keychain first aid is no longer available in 10.11. Apple-Advisor while that remote, showed where it was not a question of Keychain because we could not change the password on the domain, because the iMac didn't communicate with a domain controller.

(5) while on the phone with Apple, we reset SMC and NVRAM without success.

(6) If you are going to untie the iMac in the domain, a message that the system cannot communicate with a domain controller.

(7) today, thinking that maybe there was a hardware problem with the ethernet connection, tried to use the private WiFi network. Still would not communicate with a controller domain, but, as if using the wired, could connect to network resources. This happens independently attempted account.

(8) used a MacBook on its network without any problem, it is not the connection port or switch

(9) moved his iMac to another connection on one VLAN different. Same question.

I'm open to suggestions. I have two days to work on this subject, around the planning of production of the user, while I'm off site for a week.

10) thinking that maybe it was something that happened with 10.11.2, he improved to 10.11.3 today. No change.

I don't want to try to clean and recharge its iMac, in the hope that this clears up the issue.

ANY SUGGESTIONS?

A few additional tests.

(1) Symantec deleted using Symantec CleanWipe, without modification. Has been reinstalled after additional tests and a reinstallation of the operating system.

(2) being ran reports, visualization and research now, but nothing is really coming out as noticeable. Only problem seems to be a helper of Adobe

(3) use a bootable USB key and had no problem with the thumb drive version, this isn't somehow a hardware problem.

4) entered the recovery partition and the re-installed El Capitan, in the hope that perhaps, is a pilot or something in the protocol stacks have been corrupt, a reinstall would correct. Reinstall has not corrected the problem.

I'm really strongly leaning towards here is something in a plist or somewhere configuration file that is corrupted, but I don't know where this would be right now.  Will continue research and testing. Last resort will be a wipe up to bare metal and a clean install. I will not migrate the profile of the user, but only its working files.

Tags: Mac OS & System Software

Similar Questions

  • Problem connecting to the ESX Server in the Windows domain controller workstation

    Nice day

    I'm trying to set up a lab for the test server ESX 4 on VMware Workstation 7.1.1 running in Ubuntu 10.04 LTS.

    Basic configuration is such;

    Windows 2008 R2 AD domain controller

    IP: 192.168.9.103

    SM: 255.255.255.0

    DG: 192.168.9.1

    ESX1 host

    IP: 192.168.9.109

    SM: 255.255.255.0

    DG: 192.168.9.1

    Both are configured with Bridged networking in my computer. I can ping the system Windows 2008 in my Ubuntu system, but cannot ping the ESX 4 server.  I can ping the DG of the Windows 2008 system, but cannot ping the DG of ESX4 system. I ping the ESX4 server by IP address and name for itself. I added a DNS entry in Windows 2008 for the server, ESX4. I can't ping the Windows Server 2008 of ESX4 host.

    There is an entry in/etc/hosts on the ESX host to IP address and the name of the ESX host. If I look at/etc/sysconfig/network-scripts/ifcfg-vwif0 I see doing a show at the 192.168.9.255, IPADDR 192.168.9.109 in sysconfig there is an entry for the ESX host name thats right, pointing to the front door of 192.168.9.1 using GATEWAYDEV = vswif0, n - route shows 192.168.9.1 as the UG.

    All tests seem to indicate a problem with the default gateway that is used to communicate between these 2 VM.

    If someone could please provide suggestions as to where I could look, I would appreciate it.

    Kind regards

    powderskier

    AFAIK, you must enable Supreme mode for the virtual ESX using Linux as a host.

    See my notes http://sanbarrow.com/vmx/vmx-network-advanced.html

    _________________________

    VMX-settings- WS FAQ -[MOAcd | http://sanbarrow.com/moa241.html]- VMDK-manual

  • force GBA v.5 to join the domain with a certain domain controller

    Hello world

    I try to join a CBS c. 5.3 to the domain.  My acs in A location, I can join without problem using my account. When I try to join the ACS in location B to the same domain with the same account, it does not work.

    I looked for the ad client debugging logs and noticed that the ACS in location B goes to some a domain controller. However, I would have expected the ACS to contact a different DC, located on the same site that GBA... This does not happen.

    My question: how to determine what contact DC GBA? Is it possible to force HQ to reach by connecting a certain DC?

    Thanks for any help or ideas?

    IDA

    Hello

    Please check your sites and services in your DNS configuration to see if the right domain controllers are sent to the ACS when attempting to connect to the domain. This function is essential and allows to optimize the links that GBA chooses to join the domain.

    The way this works is that ACS is trying to resolve dns records for the global catalog servers and domain controllers for the dns server configured in the initial installation script. Then the dns makes a decision based on the source ip address of the dns request and think that the ACS is in a specific site and returns the result which domain controllers and global catalogs is configured in this specific site.

    Let me know if this helps.

    Tarik Admani
    * Please note the useful messages *.

  • 2012 R2 in Windows domain controller goes to three options when you restart in hyper-v, but cannot boot from any option

    After that creating a differencing disk (Windows 2012 R2 MSDN) that points to a virtual hard drive in windows that was Sysprep, I went through all the measures to promote a domain controller, but then I get 3 options, one to stop and connect to DC, two to repair, and three to stop this PC, the virtual machine does not restart to something else than these three options. I have also set up the IP address to be in the same subnet as the host gave the DNS the same thing as the vm and can ping a Web site ok, but cannot get the malicious windows package to get from windows update then nothing else before I did this PC a 2013 R2 domain controller.

    Any help would be gladly appreciated, as I did the same for 2008 a few years ago, no problem - learn everything MS 2013 if all goes well soon on this...

    Marc

    This issue is beyond the scope of this site (for consumers) and to be sure, you get the best (and fastest) reply, we have to ask either on Technet (for IT Pro) or MSDN (for developers)

    If you give us a link to the new thread we can point to some resources it
  • Question AHCI with Bootcamp Windows 7 on Macbook Pro (please help!)

    Hello, I've been running into issues with my Early 2011 15 "Macbook Pro since I used Bootcamp to install Windows 7 64 bit Home Premium on my new Samsung 840 Evo SSD, I installed in it." What I read, it meets the criteria to run AHCI, but for some reason, I can do activate or install the Intel series 6 Chipset AHCI drivers.

    I was thrown around the web with people saying: they got their SSD to work on the Windows partition, but I can't understand what I'm doing wrong.

    Here is the link that I got more at Apple, which has all of the other information that you might be looking. If this isn't the case, please post and I will reply as soon as possible.

    https://discussions.Apple.com/message/26326822?ac_cid=op123456#26326822

    Help, please! It drives me crazy, and I really need this working classes begin about a month.

    Thank you in advance for your time and effort.

    Hello

    Thanks for the reply.

    As directed by the error that you have given, I suggest you follow the steps below to install the drive in compatibility mode and check if it helps.

    Make older programs in this version of Windows

    http://Windows.Microsoft.com/en-us/Windows/make-older-programs-run#1TC=Windows-7

    Let us know the status of the issue.

  • How can I communicate with live window what is their phone number

    What is windows live phone number

    Do not know any phone support... you can check this link.  Support for Windows Live Mail are at http://windowslivehelp.com/product.aspx?productid=15

    Kind regards...

  • PIX & lt; -> user policies VPN PIX and the Windows domain controller

    I've set up a star using IPsec VPN PIX network, all IP traffic is allowed to pass through.

    At the Center, there is a Windows 2003 Small Business Server.

    On remote sites, there is only Windows XP clients used by employees working remotely in the central office.

    Initially, I had a problem of authentication on the server, but I found a document suggesting the Kerberos setting to go to TCP instead of UDP and it solved this issue.

    Now, there is one problem remaining, I can authenticate and access the server resources such as file shares, I can connect to the server Exchange etc. But the client computers do not receive from the server group policies. The error message I am getting in Event Viewer Windows is Userenv id: 1054 - Microsoft suggestion is to check if the DNS works and works DNS, I can locate the DC etc. without problem.

    I tried to make LDAP queries on the server, and again, it works without problem.

    The NetBIOS resolution works very well.

    Basically, everything seems to work expect to get group strategies.

    Does anyone have any suggestions where I should look planned for the solution to this problem?

    Kind regards

    Flovin Olsen

    Here is a vbscript script you must run on every PC has the problem.

    -Cross-section below-

    Dim wshShell

    Set wshShell = WScript.CreateObject ("WScript.Shell")

    prefix = "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\."

    prefix wshShell.regWrite & "GroupPolicyMinTransferRate", 0, "REG_DWORD"

    Prefix2 = "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System\."

    wshShell.regWrite prefix2 & "GroupPolicyMinTransferRate", 0, "REG_DWORD"

    MsgBox "done."

    ---------stop cut -----------------

    Hope this helps

  • ACS 4.1 supported with Windows Server 2012 domain controller

    I put to level my domain controller / Active Directory from Windows Server 2003 to Windows Server 2012.

    In my environment, I use Cisco ACS 4.1 that is built into Windows Server 2003 Active Directory.

    ACS4.1 will be working perfectly with my new domain controller (Windows server 2012) or I need to improve my ACS too?

    Kind regards

    Junaid

    ACS 4.1 does not support the 2012 server that you should update

  • How to monitor the activities of internet users without using third-party software. We have some 60 windows domain user

    Hi all

    We have 60 knots which is connected with the windows domain. How to monitor the activities of internet users via the windows server

    without third-party software.

    Thanks in advance

    Alam

    Hello

    The business support, you can find forums on TechNet, please create a new post at the following link:

    http://social.technet.Microsoft.com/forums/en/category/WindowsServer/

  • Group Policy does not apply on Windows 7 with the Windows 2008 R2 domain controller

    Trying to troubleshoot a GP associated question where, seems, desktops (Win 7 Enterpise) do not receive the last group policy.  He doesn't seem to get at some point after an arbitrary time period (two or three weeks), but it is insanse.

    -Have you checked with the GPMC (connect to each domain controller individually) that all four domain controllers are running the same GP later version; no replication errors.

    -No errors appear on the workstation or server logs (logs\winlogon or event viewer-> Group Policy).

    -gpupdate/force runs without error

    -gpresult and RSoP both supplement fine, watch the GP is be applied correctly, to APPLY THE OLD GP SO!

    -No error up with whent the following undocumented debugging is also enabled: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Diagnostics] "GPSvcDebugLevel" = dword:00030002

    So, my little finger tells me that the problem is the GP are not be tire/replicated/either at the workplace in a timely mannger (reboot, gpupdate/force, etc.) but do not know how to see what is the interval, troubleshoot, etc.

    The server gurus hang out more in the TechNet forums.  This forum deals with questions of security of user, your question would be a better fit in the server instances:

    http://social.technet.Microsoft.com/forums/en-us/category/WindowsServer

  • How to synchronize the time on windows 7 with a domain controller?

    I have a mixed environment with computers Windows 7 and XP computers. A NET TIME command on the script works fine with the XP computers, time synchronization with that of the domain controller. But it does not work on Windows 7. When you try to run the command mannualy, I get the following error:

    Error system 1314
    User does not have a required privilege.
    How can I synchronize time with domain controller?
    Thank you
    Rafael

    Hi Rafael,

    Your question of Windows 7 is more complex than what is generally answered in the Microsoft Answers forums. It is better suited for the IT audience Pro on Microsoft Technet. Please post your question in the Technet forum. You can follow the link to your question:

    http://social.technet.Microsoft.com/forums/en-us/winserverDS/threads

  • Problem with to demote a domain controller

    Hi all

    I tried today demote a domain controller, but my domain environment is still need of this domain controller to work.
    I have windows Server 2003 Small Business DC as DC1 & lately I added windows Server 2008 R2 DC as DC2 in the new box as an additional area. Now, I need to downgrade the windows server 2003 SB (DC1) in an old box.
    I transferred FSMO (all 5 roles) and remove DC1 from the announcement. In addition, remove it AD users & computers and Services of & Sites AD and DNS... I used the steps in this link: http://www.petri.co.il/delete_failed_dcs_from_ad.htm
    When Dc1 is not connected to the network, you receive this error (see this picture of this link http://i41.tinypic.com/30upoxj.png) every time I opened all the consoles AD (AD users & computers, etc...).
    Also, when I tried to change the domain controller, it seems that he could not located the domain or domain controllers. Please, see this photo from this link: http://i43.tinypic.com/2n6afx1.png
    I can solve it reconnect DC1 to the network, but I don't want to keep it longer, and I don't know what Miss me? Also, I tried to use dcpromo to remove the domain controller DC1, but I got an error message that tells me that this is not the last domain controller in the forest and cannot proceed with the removal of the DC.
    Can you help me as soon as POSSIBLE, I'm right here.
    Waiting for your answer... Thank you!

    Hi Haitham2011,

    The question you have posted is related to Windows Server 2008 and would be better suited to the TechNet community. Please visit the link below to find a community that will provide the support you want.

    http://TechNet.Microsoft.com/en-us/WindowsServer/default

    I hope this helps.

  • We have DHCP role configured on the Windows Server 2008 added domain controller but we receive errors.

    We have DHCP role configured on adding Domain Controller(OS: Windows2008 R2). On the same, we get the error in the below event viewer.
    The name "domain name: 1 d" could not be registered on the interface with the IP . The computer with the IP did not allow the name to be claimed by this machine.

    Hello

    The question you have posted is related to the Windows 2008 Server and would be better suited to the TechNet community. Please visit the link below to find a community that will provide the best support.

    http://social.technet.Microsoft.com/forums/en/category/w7itpro

  • Cannot add Windows Vista PC to Windows 2008 domain. Error message: an attempt to resolve the DNS of a domain controller in the domain being joined has failed...

    When you try to add a new computer Windows Vista (hqseven) to a Windows 2008 network, I get the following error message... "An attempt to resolve the DNS of a domain controller in the domain being joined has failed. Ensure that this client is set to reach a DNS server that can resolve DNS names in the target domain. "Last year, I added two XP, a Windows 7 and another Vista box to the field.  I don't know why I can't add my new Windows Vista computer.

    I am able to get on the internet with the Vista PC. I can RDP to the domain controller (hqserver64) or any client. (using the name of host or static IP)  I can also do a ping of the domain controller (DC) or any another computer on my network using the host name.

    After initial search for information, I found the following error message when you do a nslookup from my new vista box.

    Nslookup mydomainname
    Server: hqserver64.mydomainname.net

    Address: 192.168.0.99

    hqserver64.mydomainname.NET cannot find mydomainname: Server failed.

    I do not understand why I suddenly get these error messages when I was able to reach this area in the past.

    Hello Stan Smith,

    Thank you for visiting the Microsoft answers community site. The question you have posted is related to Windows 7 in adomain of work environment and would be better suited to the TechNet community. Please visit the link below to find a community that will support what ask you

    http://social.technet.Microsoft.com/forums/en-us/w7itpronetworking/threads

    Hope this helps J

    Adam
    Microsoft Answers Support Engineer
    Visit our Microsoft answers feedback Forum and let us know what you think

  • I can't start a desktop connection remote with my file server, but I can't get to my domain controller. Other computers on the network can initiate together.

    Using server 2003 as DC and server 2003 as a FS. Problem computer running windows 7 upgraded to vista professional. I can open a desktop session with the domain controller remotely, but I can't launch with the fs. Other computers on the domain have no problem with a server opening. I have access to shared folders on the MSDS via LAN and can ping the fs. Also can not use MySQL on the fs with this computer. FS cannot launch the Office with the computer problem remotely but can with others.

    Hi Gary,.

    Thanks for posting in the Microsoft Community.

    The question you posted would be better suited in the TechNet Forums; We recommend that you post your question in the TechNet Forums to get help:

    http://social.technet.Microsoft.com/forums/en-us/smallbusinessserver/threads

    If you need Windows guru, do not hesitate to post your questions and we will be happy to help you.

Maybe you are looking for