问题描述:

I have a problem with certain users authenticating onto a webpage that’s run internally, it’s is only a preprod environment. Most non-admin accounts can’t log in. What makes it even more of a strange occurrence is it hasn’t always been like this, and only started happening on or around the 18th of this month.

I have checked for updates on the affected servers, around that date, but the only thing I can find is a “Definition update for Microsoft endpoint protection KB2461484 1.219.2188.0

We have, a web server, a database server, and an application server all on individual servers. They are joined to our domain the DC is server 2012, as are the other servers. I have done some “Netmon” checking and as far as I can see the only difference between an accounts that works, and one that doesn’t, is the following entries under LDAP Bind.

For an account that is able to login the LDAP Message is as follows:

LDAPMessage:Bind Request, MessageID: 1

LDAPMessage:Bind Response, MessageID:1

LDAPMessage:Search Request, MessageID:2

LDAPMessage:Search Result Entry, MessageID:2

LDAPMessage:Unbind Request, MessageID: 3

For one of the accounts that are unable to logon the following is reported:

LDAPMessage:Bind Request, MessageID: 1

LDAPMessage:Bind Response, MessageID:1

LDAPMessage:Search Request, MessageID:2

LDAPMessage:Search Result Reference, MessageID:2

LDAPMessage:Unbind Request, MessageID: 3

For the account that is able to logon the LDAPMessage:Search Result Entry, MessageID:2 returns a lot more of the accounts attributes, than the other one. In fact the un-successful logon attempt doesn't have the same output when netmon is run as it logs in.

Also, by observing the login process with F12 the following is recorded

Logon success

This is the view I get for the account that is un-successful

un-successful login

Thanks for any help given

相关阅读:
Top