active-directory – 由于LDAP绑定问题导致GPUpdate失败

前端之家收集整理的这篇文章主要介绍了active-directory – 由于LDAP绑定问题导致GPUpdate失败前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。
当我在我的工作站上运行gpupdate时,我收到以下错误.
Computer policy could not be updated successfully. The following errors were encountered:

The processing of Group Policy Failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
User Policy could not be updated successfully. The following errors were encountered:

The processing of Group Policy Failed. Windows could not authenticate to the Active Directory service on a domain controller. (LDAP Bind function call Failed). Look in the details tab for error code and description.

To diagnose the failure,review the event log or run GPRESULT /H GPReport.html from the command line to access information about Group Policy results.

运行gpresult / h给出用户没有RSoP数据

查看事件日志,我可以看到与gpupdate相关联的错误代码49 Invalid Credentials.但是,当我使用ldp.exe测试ldap绑定时,凭据可以正常工作.

有人见过像这样的问题吗?我把头发拉出来试图找出发生了什么.

我自己能解决这个问题.事实证明,本地计算机帐户缓存了(正确)失败的错误凭据.感谢@ greg-askew让我指向了正确的方向.对于那些偶然发现寻找解决方案的人:

>从https://technet.microsoft.com/en-us/sysinternals/pxexec.aspx下载PsExec(sysinternals的一部分)
>从提升的命令提示符运行PsExec.exe -i -s cmd.exe(这将在本地计算机帐户上下文中打开另一个命令窗口).
>从该窗口,运行rundll32.exe keymgr.dll,KRShowKeyMgr(这将打开带有缓存凭据列表的gui).
>在那个gui中,删除任何看起来可疑的凭据(在我的情况下,凭据是以我的PDC命名的).

从缓存中删除凭据后,它立即重新开始工作.

猜你在找的Windows相关文章