none
Active Directory Users and Computer Freezes when setting passwords, Powershell and / or ADAC times out. RRS feed

  • Question

  • Good day

     

    We've got a the one domain with a single Domain Controller (1 NIC), After applying May patches we started experiencing this behavior were Active Directory Users and Computers freezes when trying to setup a password (5-6 minutes) and Powershell (AD module), times out due to ADWS default configuration., all other services like account management, authentication, dns name resolution work as expected.

     

    So far we've had:

    1) Remove patches - No change in behavior.

    2) Enabled Netlogon Debug Mode - No outstanding error messages.

    3) DCDIAG Tests - All passed

    4) DNS resource records - All reply with the valid ip address.

    5) Enabled Directory Services Debug Mode - only found this error: 0: 00002074: DSID-03120199, problem 1001 (NO_ATTRIBUTE_OR_VAL), data 0, Att 90204 (serverReferenceBL) but couldnt find any correlation to my problem.

    6) Enabled ADWS debug Mode - only found the time out error I initially refered to: SetOrChangePasswordCommon: got LdapException: System.DirectoryServices.Protocols.LdapException: The operation was aborted because the client side timeout limit was exceeded. 

    So far I've not been able to find anything that helps me further investigate or resolved this matter, Any help will be greatly appreciated.

    Wednesday, July 8, 2020 10:07 PM

Answers

  • Might try;

    • sfc /scannow
    • dism /online /cleanup-image /restorehealth


    The simplest solution may be to stand up a new one (about 20 mins work) for a test.

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Wednesday, July 8, 2020 10:20 PM

All replies

  • Might try;

    • sfc /scannow
    • dism /online /cleanup-image /restorehealth


    The simplest solution may be to stand up a new one (about 20 mins work) for a test.

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Wednesday, July 8, 2020 10:20 PM
  • Hello,
    Thank you for posting in our TechNet forum.

    1.What is your DC operaing system?
    2.What patches do you install (KB numbers)?
    3.Does "ADWS" mean "Active Directory Web Service "? I can see only "Web Server", there is no ADWS. 

    4.What do you meam "times out due to ADWS default configuration"?


    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, July 9, 2020 8:52 AM
    Moderator
  • Hey, thanks for your Reply,

    We're currently running 2012 R2,

    As for the patches we installed: KB556846 (Windows Security Update May 2020), KB4556798 (Internet Explorer May Security update) and KB4552923 (.Net May Security Update 2020)

    Active Directory Web Services is used for powershell and ADAC, it gets installed along with the main role., you can see the service running as Active directory Web Services.

    Friday, July 10, 2020 3:13 PM
  • Thanks for your reply,

    Since I couldnt find any other line of investigation that's like my final troubleshooting step, new server is getting setup, once is set and done, I'll get back to you with my findings.

    Friday, July 10, 2020 3:14 PM
  • Sounds good, you're welcome.

     

    (please don't forget to mark helpful replies as answer)

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Friday, July 10, 2020 3:23 PM
  • Hi,
    We can restart the first DC to see if it helps.
    If it does not work, we can check if this DC is working fine by running Dcdiag /v.
    If this DC is working fine, we can add the second DC to see whether we can set passwords, Powershell and / or ADAC.

    I am looking forward to your reply.

    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, July 13, 2020 3:28 AM
    Moderator