AD return 8009030C: LdapErr: DSID-0C09043E, comment: AcceptSecurityContext error, data 0, vece
16,149
Error 49 is invalid credentials. It's a common mistake to use Windows logon name (e.g. JohnS) instead of LDAP DN (e.g. cn=John Smith, ou=Users, dc=example, dc=com). AD may also accept user principal name e.g. [email protected].
Author by
tangjie
Updated on June 28, 2022Comments
-
tangjie almost 2 years
I use Java's LdapContext to authenticate to one AD server. It works well on Windows7 home basic,enterprise, professional version.But AD throws resultcode 49 when the client is running on Windows7 ultimate and Vista ultimate. What's wrong with these two operating system? And how I fix that?
-
geoffc almost 13 yearsAdditionally, the default container Users in AD is actually CN=Users not OU=Users as you might assume.
-
tangjie almost 13 yearsThanks. But why I can use Windows logon name on Windows7 home but can't use it on Windows7 Ulitimate?
-
Kirill Kovalenko almost 13 years@tangjie: I don't think that the issue manifestation has something to do with windows edition that you use... Use network sniffer such as MS Network Monitor or Wireshark to see what is really going on and what is the difference...
-
tangjie almost 13 yearsMy colleague has found the reason:Win7 Ultimate uses NTLM V2.If we change it to NTLM V1,it's ok. You may add [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "lmcompatibilitylevel"=dword:00000000 (00000003 using NTLM V2)
