none
Event ID 1006 Group Policy Processing Failure

    Question

  • Environment:  2010 Exchange SP1.  Two Sites.  Each site has 1 MBX Server, 1 CAS/HUB Server, and 1 UM Server.  At our main site the MBX server and the UM server are thowing the following error:

    In the past two weeks the following error has been showing up to 14 times a day.  No new updates/patches or changes to these servers.

    Count

    Level

    Computer

    Log

    Date and Time

    Source

    Category

    Event

    User

    Notes

    14

    Error

    server Name/domain name

    System

    7/24/2011 10:23:24 PM

    Microsoft-Windows-GroupPolicy

     

    1006

    domain name\IASADMIN

     

    The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller. (LDAP Bind function call failed). Look in the details tab for error code and description.

    On the details tab I have the following information:

    Log Name:      System
    Source:        Microsoft-Windows-GroupPolicy
    Date:          7/25/2011 8:21:51 AM
    Event ID:      1006
    Task Category: None
    Level:         Error
    Keywords:     
    User:          domain name\iasadmin
    Computer:      servername.domainname
    Description:
    The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller. (LDAP Bind function call failed). Look in the details tab for error code and description.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft-Windows-GroupPolicy" Guid="{AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}" />
        <EventID>1006</EventID>
        <Version>0</Version>
        <Level>2</Level>
        <Task>0</Task>
        <Opcode>1</Opcode>
        <Keywords>0x8000000000000000</Keywords>
        <TimeCreated SystemTime="2011-07-25T15:21:51.345597700Z" />
        <EventRecordID>114383</EventRecordID>
        <Correlation ActivityID="{02BB4EF0-6715-4EBE-AC5A-26D11C9304D6}" />
        <Execution ProcessID="800" ThreadID="7160" />
        <Channel>System</Channel>
        <Computer>server.domain name</Computer>
        <Security UserID="S-1-5-21-9122744-1988375122-1855928443-9309" />
      </System>
      <EventData>
        <Data Name="SupportInfo1">1</Data>
        <Data Name="SupportInfo2">5012</Data>
        <Data Name="ProcessingMode">0</Data>
        <Data Name="ProcessingTimeInMilliseconds">1203</Data>
        <Data Name="ErrorCode">49</Data>
        <Data Name="ErrorDescription">Invalid Credentials</Data>
        <Data Name="DCName">
        </Data>
      </EventData>
    </Event>

    I checked domain AD server\sysvol and the GUID being identified is not present.

    I have run GPUPDATE /force with no problems.

    I have done searches for error and can't find anything.  Don't know what IASADMIN role in Group Policy is and why attempting to update.

    Any recommendations.

     

     

    Monday, July 25, 2011 4:03 PM

Answers

  • Check for disconnected RDP Settinons on the servers.
    Sounds like the user domain\iasadmin has an old disconnected session...

    I like Gulab says...This is more AD Question.

    :Martina


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question.
    • Marked as answer by David-JFC Monday, July 25, 2011 9:25 PM
    Monday, July 25, 2011 7:03 PM

All replies

  • I would suggest to open the thread in Active Directory forum. They are the right people for Group Policy.
    http://social.technet.microsoft.com/Forums/en/winserverDS/threads


    Gulab | MCITP: Exchange 2010-2007 | Skype: Gulab.Mallah | Blog: www.ExchangeRanger.Blogspot.com
    Monday, July 25, 2011 4:10 PM
  • OK but since only on my Exchange 2010 servers maybe someone else has recently seen this issue?
    Monday, July 25, 2011 5:59 PM
    1. Find this user in AD or see if it exists locally on the server. User: domain name\iasadmin
    2. From the logs you posted it seems like this account has an expired pasword which a service may be running under.  This is trying to authenticate to AD but it's failing, most probably due to the expired password.  Find this account and set the right password or find the service which is using is and make sure the password s set correctly onit.
    3. The account seems to be realted to IIS, so check IIS service and within the IIS console.
    4. It also show you Execution ProcessID="800" ThreadID="7160" />, run task manager and see what this process maps  to.

    Sukh
    • Marked as answer by David-JFC Monday, July 25, 2011 9:25 PM
    • Unmarked as answer by David-JFC Monday, July 25, 2011 9:25 PM
    Monday, July 25, 2011 6:49 PM
  • Check for disconnected RDP Settinons on the servers.
    Sounds like the user domain\iasadmin has an old disconnected session...

    I like Gulab says...This is more AD Question.

    :Martina


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question.
    • Marked as answer by David-JFC Monday, July 25, 2011 9:25 PM
    Monday, July 25, 2011 7:03 PM
  • Now I feel stupid.  I was reading error to quickly and when I saw IASADMIN my first thought was IIS.  Miskovic your correct we have a disconnected stated for a user session and I'm unable to delete so will have to wait until next reboot.

    Sometimes it takes two sets of eyes to see the simple things in life!

     

    Monday, July 25, 2011 9:25 PM
  • Thanks for the update David-JFC!

    (If I were you, I would log off the sessions in Remote Desktop Manager, but that´s me :)

     

    :Martina


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question.
    Monday, July 25, 2011 9:33 PM
  • Has there been a recent change to the credentials of the Account you use to Login with ?

    If so, using Terminal Services Manager, disconnect and logoff the current sessions for the user accounts and then monitor whether the issue still pops up.

    • Proposed as answer by Dhanesh S Thursday, March 22, 2012 8:39 AM
    Thursday, March 22, 2012 8:39 AM