Samba related Error Messages

Error Code	Error Message	Samba Error Code- Description	Corrective Action
AUT30833	Authentication failure for AD realm <Realm Name> due to large time drift. Please make sure the system time on this device and Active Directory server <server name> are in sync.	STATUS_TIME_DIFFERENCE_AT_DC - Our Ivanti Connect Secure/Ivanti Policy Secure box and the AD server which was attempted to contact were out of sync.	The Ivanti Policy Secure appliance and the AD server are out of sync. Use NTP server for time synchronization. Ensure that the time difference is not more than 5 minutes.
AUT30835	Authentication failure for AD server <server name>: bad username or authentication information.	STATUS_LOGON_FAILURE -The attempted logon is invalid. This is either due to a bad username or authentication information.	The following are some of the possible causes: An invalid username and/or password was used LM Compatibility mismatch between the source and target For more information and corrective action, see Microsoft TechNet
AUT30836	Authentication failure for AD server <server name>: specified account does not exist	STATUS_NO_SUCH_USER - The username you typed does not exist!.	The most common causes are: Incorrect username AD replication to/from target server may not be completed. For more information and corrective action, see Microsoft TechNet
AUT30837	Authentication failure for AD server <server name>: AD Server does not have a computer account for this trust relationship	STATUS_NO_TRUST_SAM_ACCOUNT – Domain trust is broken When a trusted domain user is authenticated, the trust between the user domain and trusted domain is not accurate.	If the trust relationship between these two domains is downlevel type. To resolve this issue, recreate the trust between the Active Directory domains to eliminate the downlevel trust type. For more information, see Microsoft TechNet
AUT30899	Active Directory authentication server <server name>: Received access denied message from the server.	STATUS_ACCESS_DENIED - A process has requested access to an object, but has not been granted those access rights.	The most common causes are: Attempting to join a machine who’s name already exists in Active Directory Secure channel is broken Trust password mismatch Incorrect credentials NTLM blocking is enabled For corrective action, see Microsoft TechNet
AUT30914	Active Directory authentication server <server name>: No logon servers are currently available. Device could not connect to any domain controller of the domain.	STATUS_NO_LOGON_SERVERS - The domain controller was not reachable/resolvable. The winbindd failed to connect to Domain Controller.	Possible failure reason are DNS forwarder configurations issues, Invalid entries in HOST file, Network issues etc. For more information and corrective action, see Microsoft TechNet
AUT30924	Active Directory authentication server <server name>: Account name either does not exist or is not properly formed.	STATUS_INVALID_ACCOUNT_NAME - The name provided is not a properly formed account name.	Enter the correct username and password.
SYS30948	IO timeout happened on Active Directory authentication server <server name>.	STATUS_IO_TIMEOUT – The operations such as authentication, join, password change and so on attempted by Winbindd process has timed out. DC not resolved from DNS server DC and AD servers are slow and overloaded.	Check the DNS server configuration and domain name resolution from the DNS server. Check if the Kerberos realm is reachable from System > Troubleshooting tools > Prob Kerberos DNS setup.
AUT30949	Active Directory authentication server <server name>: Trust relationship failed with the trusted domain.	STATUS_TRUSTED_DOMAIN_FAILURE - The logon request failed because the trust relationship between the primary domain and the trusted domain failed.	Check if the Kerberos realm is reachable from System > Troubleshooting tools > Prob Kerberos DNS setup.
AUT30950	authentication server <server name>: Transport connection has been reset	STATUS_CONNECTION_RESET - The transport connection has been reset.	Fix network issues
AUT30951	Active Directory authentication server <server name> is unreachable	STATUS_HOST_UNREACHABLE - The remote system is not reachable by the transport.	Fix network issues
AUT30923	Active Directory authentication server <server name>: Received NTSTATUS code <error code>	STATUS_NO_TRUST_LSA_SECRET-Your connection to the domain is broken from this machine!	The possible causes are: Secure channel corruption with the host The computer object has been deleted from Active Directory Blocked ports on a firewall Try reset domain join.
AUT30923	Active Directory authentication server <server name>: Received NTSTATUS code <error code>	STATUS_INSUFFICIENT_RESOURCES- You have resource issues on your system that is preventing Netlogon from connecting or operating properly.	The possible causes are: Available physical memory exhaustion Paged pool or non-paged pool memory exhaustion Free System PTE (Page Table Entries) exhaustion To troubleshoot this issue, use Performance Monitor, Resource Monitor, Xperf, or other performance diagnostics tool.
AUT30923	Active Directory authentication server <server name> : Received NTSTATUS code <error code>	RPC_NT_CALL_CANCELLED- RPC communications are having problems that need to be resolved!	For corrective action, see Microsoft TechNet
AUT30923	Active Directory authentication server <server name> : Received NTSTATUS code <error code>	STATUS_NO_MEMORY- You have an out of memory condition on the system or in RPC	Domain controller, client, or target server may have exhausted virtual memory/page file or physical memory The possible fixes are: Check your page file usage with Performance Monitor Look for handle leaks with Performance Monitor, Resource Monitor, or Task Manage User ports may be exhausted
AUT30923	Active Directory authentication server <server name> : Received NTSTATUS code <error code>	STATUS_NETLOGON_NOT_STARTED-The Netlogon service is not started or the Domain Controller is not advertising!	The possible causes are: The Netlogon service is not started on the application server or domain controller Sysvol and/or Netlogon is not shared on the Domain Controller
AUT30923	Active Directory authentication server <server name>: Received NTSTATUS code <error code>	STATUS_ACCOUNT_RESTRICTION- Indicates a referenced user name and authentication information are valid, but some user account restriction has prevented successful authentication (such as time-of-day restrictions).	The possible causes are: The username and password are correct, but there is an account restriction on the user account (such as valid workstation, valid logon hours, etc.). The value under SubStatus should provide the restriction details. Active Directory Replication may not be complete
AUT30923	Active Directory authentication server <server name>: Received NTSTATUS code <error code>	STATUS_PASSWORD_RESTRICTION-When trying to update a password, this status indicates that some password update rule has been violated. For example, the password may not meet length criteria	User is attempting to reset password and it does not meet requirements specified by policy (length, history, complexity)
AUT30923	Active Directory authentication server <server name>: Received NTSTATUS code <error code>	STATUS_INVALID_WORKSTATION- The user account is restricted such that it may not be used to log on from the source workstation.	The possible causes are: The user is trying to logon from a machine they aren’t assigned to. Active Directory replication may not be complete
AUT30923	Active Directory authentication server <server name>: Received NTSTATUS code <error code>	STATUS_WRONG_PASSWORD- When trying to update a password, this return status indicates that the value provided as the current password is not correct.	The possible causes are: Your password is expired Your password is incorrect Active Directory Replication may not be complete
AUT30923	Active Directory authentication server <server name> : Received NTSTATUS code <error code>	STATUS_ACCOUNT_EXPIRED-The user's account has expired	The possible causes are: Your account is expired Active Directory Replication may not be complete
AUT30923	Active Directory authentication server <server name> : Received NTSTATUS code <error code>	STATUS_PASSWORD_EXPIRED- The user account's password has expired.	The possible causes are: Your password is expired Active Directory Replication may not be complete
AUT30923	Active Directory authentication server <server name> : Received NTSTATUS code <error code>	STATUS_INVALID_LOGON_HOURS- The user account has time restrictions and may not be logged onto at this time.	The possible causes are: You are set with logon hours restrictions and have attempted to logon outside of those time restrictions Active Directory Replication may not be complete
AUT30923	Active Directory authentication server <server name>: Received NTSTATUS code <error code>	STATUS_ACCOUNT_LOCKED_OUT-The user account has been automatically locked because too many invalid logon attempts or password change attempts have been requested.	The possible causes are: Your user/machine account is locked out. For joined machine account, delete the account and rejoin from Ivanti Policy Secure. For user account, unlock the user account from the AD server. Active Directory Replication may not be complete.
AUT30923	Active Directory authentication server <server name>: Received NTSTATUS code <error code>	STATUS_ACCOUNT_DISABLED- The referenced account is currently disabled and may not be logged on to.	The possible causes are: Your user account is disabled. Enable the user account from the AD server. Active Directory Replication may not be complete
AUT30923	Active Directory authentication server <server name> : Received NTSTATUS code <error code>	STATUS_INVALID_SERVER_STATE-Indicates the Sam Server was in the wrong state to perform the desired operation.	Domain controller may be shutting down or restarting. For corrective action, see Microsoft KB 942636 or KB 973667
AUT30923	Active Directory authentication server <server name>: Received NTSTATUS code <error code>	STATUS_TRUST_FAILURE- The network logon failed. This may be because the validation authority can't be reached.	Check the Domain join status Check the network connection
AUT30923	Active Directory authentication server <server name>: Received NTSTATUS code <error code>	STATUS_PASSWORD_MUST_CHANGE- The user's password must be changed before signing in.	The possible causes are: User has the “user must change password at next logon” flag set. Time to change your password! Active Directory Replication may not be complete
AUT30923	Active Directory authentication server <server name>: Received NTSTATUS code <error code>	STATUS_NO_SUCH_GROUP- The specified group does not exist.	Check the user group membership.

AUT30833

Authentication failure for AD realm <Realm Name> due to large time drift. Please make sure the system time on this device and Active Directory server <server name> are in sync.

STATUS_TIME_DIFFERENCE_AT_DC - Our Ivanti Connect Secure/Ivanti Policy Secure box and the AD server which was attempted to contact were out of sync.

The Ivanti Policy Secure appliance and the AD server are out of sync. Use NTP server for time synchronization. Ensure that the time difference is not more than 5 minutes.

AUT30835

Authentication failure for AD server <server name>: bad username or authentication information.

STATUS_LOGON_FAILURE -The attempted logon is invalid. This is either due to a bad username or authentication information.

The following are some of the possible causes:

An invalid username and/or password was used
LM Compatibility mismatch between the source and target

For more information and corrective action, see Microsoft TechNet

AUT30836

Authentication failure for AD server <server name>: specified account does not exist

STATUS_NO_SUCH_USER - The username you typed does not exist!.

The most common causes are:

Incorrect username
AD replication to/from target server may not be completed.

For more information and corrective action, see Microsoft TechNet

AUT30837

Authentication failure for AD server <server name>: AD Server does not have a computer account for this trust relationship

STATUS_NO_TRUST_SAM_ACCOUNT –

Domain trust is broken
When a trusted domain user is authenticated, the trust between the user domain and trusted domain is not accurate.

If the trust relationship between these two domains is downlevel type.

To resolve this issue, recreate the trust between the Active Directory domains to eliminate the downlevel trust type. For more information, see Microsoft TechNet

AUT30899

Active Directory authentication server <server name>: Received access denied message from the server.

STATUS_ACCESS_DENIED - A process has requested access to an object, but has not been granted those access rights.

The most common causes are:

Attempting to join a machine who’s name already exists in Active Directory
Secure channel is broken
Trust password mismatch
Incorrect credentials
NTLM blocking is enabled

For corrective action, see Microsoft TechNet

AUT30914

Active Directory authentication server <server name>: No logon servers are currently available. Device could not connect to any domain controller of the domain.

STATUS_NO_LOGON_SERVERS - The domain controller was not reachable/resolvable.

The winbindd failed to connect to Domain Controller.

Possible failure reason are DNS forwarder configurations issues, Invalid entries in HOST file, Network issues etc.

For more information and corrective action, see Microsoft TechNet

AUT30924

Active Directory authentication server <server name>: Account name either does not exist or is not properly formed.

STATUS_INVALID_ACCOUNT_NAME - The name provided is not a properly formed account name.

Enter the correct username and password.

SYS30948

IO timeout happened on Active Directory authentication server <server name>.

STATUS_IO_TIMEOUT –

The operations such as authentication, join, password change and so on attempted by Winbindd process has timed out.

DC not resolved from DNS server

DC and AD servers are slow and overloaded.

Check the DNS server configuration and domain name resolution from the DNS server. Check if the Kerberos realm is reachable from

System > Troubleshooting tools > Prob Kerberos DNS setup.

AUT30949

Active Directory authentication server <server name>: Trust relationship failed with the trusted domain.

STATUS_TRUSTED_DOMAIN_FAILURE - The logon request failed because the trust relationship between the primary domain and the trusted domain failed.

Check if the Kerberos realm is reachable from

System > Troubleshooting tools > Prob Kerberos DNS setup.

AUT30950

authentication server <server name>: Transport connection has been reset

STATUS_CONNECTION_RESET - The transport connection has been reset.

Fix network issues

AUT30951

Active Directory authentication server <server name> is unreachable

STATUS_HOST_UNREACHABLE - The remote system is not reachable by the transport.

Fix network issues

AUT30923

Active Directory authentication server <server name>: Received NTSTATUS code <error code>

STATUS_NO_TRUST_LSA_SECRET-Your connection to the domain is broken from this machine!

The possible causes are:

Secure channel corruption with the host
The computer object has been deleted from Active Directory
Blocked ports on a firewall

Try reset domain join.

AUT30923

Active Directory authentication server <server name>: Received NTSTATUS code <error code>

STATUS_INSUFFICIENT_RESOURCES- You have resource issues on your system that is preventing Netlogon from connecting or operating properly.

The possible causes are:

Available physical memory exhaustion
Paged pool or non-paged pool memory exhaustion
Free System PTE (Page Table Entries) exhaustion

To troubleshoot this issue, use Performance Monitor, Resource Monitor, Xperf, or other performance diagnostics tool.

AUT30923

Active Directory authentication server <server name> : Received NTSTATUS code <error code>

RPC_NT_CALL_CANCELLED- RPC communications are having problems that need to be resolved!

For corrective action, see Microsoft TechNet

AUT30923

Active Directory authentication server <server name> : Received NTSTATUS code <error code>

STATUS_NO_MEMORY- You have an out of memory condition on the system or in RPC

Domain controller, client, or target server may have exhausted virtual memory/page file or physical memory

The possible fixes are:

Check your page file usage with Performance Monitor
Look for handle leaks with Performance Monitor, Resource Monitor, or Task Manage
User ports may be exhausted

AUT30923

Active Directory authentication server <server name> : Received NTSTATUS code <error code>

STATUS_NETLOGON_NOT_STARTED-The Netlogon service is not started or the Domain Controller is not advertising!

The possible causes are:

The Netlogon service is not started on the application server or domain controller
Sysvol and/or Netlogon is not shared on the Domain Controller

AUT30923

Active Directory authentication server <server name>: Received NTSTATUS code <error code>

STATUS_ACCOUNT_RESTRICTION- Indicates a referenced user name and authentication information are valid, but some user account restriction has prevented successful authentication (such as time-of-day restrictions).

The possible causes are:

The username and password are correct, but there is an account restriction on the user account (such as valid workstation, valid logon hours, etc.). The value under SubStatus should provide the restriction details.
Active Directory Replication may not be complete

AUT30923

Active Directory authentication server <server name>: Received NTSTATUS code <error code>

STATUS_PASSWORD_RESTRICTION-When trying to update a password, this status indicates that some password update rule has been violated. For example, the password may not meet length criteria

User is attempting to reset password and it does not meet requirements specified by policy (length, history, complexity)

AUT30923

Active Directory authentication server <server name>: Received NTSTATUS code <error code>

STATUS_INVALID_WORKSTATION- The user account is restricted such that it may not be used to log on from the source workstation.

The possible causes are:

The user is trying to logon from a machine they aren’t assigned to.
Active Directory replication may not be complete

AUT30923

Active Directory authentication server <server name>: Received NTSTATUS code <error code>

STATUS_WRONG_PASSWORD- When trying to update a password, this return status indicates that the value provided as the current password is not correct.

The possible causes are:

Your password is expired
Your password is incorrect
Active Directory Replication may not be complete

AUT30923

Active Directory authentication server <server name> : Received NTSTATUS code <error code>

STATUS_ACCOUNT_EXPIRED-The user's account has expired

The possible causes are:

Your account is expired
Active Directory Replication may not be complete

AUT30923

Active Directory authentication server <server name> : Received NTSTATUS code <error code>

STATUS_PASSWORD_EXPIRED- The user account's password has expired.

The possible causes are:

Your password is expired
Active Directory Replication may not be complete

AUT30923

Active Directory authentication server <server name> : Received NTSTATUS code <error code>

STATUS_INVALID_LOGON_HOURS- The user account has time restrictions and may not be logged onto at this time.

The possible causes are:

You are set with logon hours restrictions and have attempted to logon outside of those time restrictions
Active Directory Replication may not be complete

AUT30923

Active Directory authentication server <server name>: Received NTSTATUS code <error code>

STATUS_ACCOUNT_LOCKED_OUT-The user account has been automatically locked because too many invalid logon attempts or password change attempts have been requested.

The possible causes are:

Your user/machine account is locked out. For joined machine account, delete the account and rejoin from Ivanti Policy Secure. For user account, unlock the user account from the AD server.
Active Directory Replication may not be complete.

AUT30923

Active Directory authentication server <server name>: Received NTSTATUS code <error code>

STATUS_ACCOUNT_DISABLED- The referenced account is currently disabled and may not be logged on to.

The possible causes are:

Your user account is disabled. Enable the user account from the AD server.
Active Directory Replication may not be complete

AUT30923

Active Directory authentication server <server name> : Received NTSTATUS code <error code>

STATUS_INVALID_SERVER_STATE-Indicates the Sam Server was in the wrong state to perform the desired operation.

Domain controller may be shutting down or restarting. For corrective action, see Microsoft KB 942636 or KB 973667

AUT30923

Active Directory authentication server <server name>: Received NTSTATUS code <error code>

STATUS_TRUST_FAILURE- The network logon failed. This may be because the validation authority can't be reached.

Check the Domain join status

Check the network connection

AUT30923

Active Directory authentication server <server name>: Received NTSTATUS code <error code>

STATUS_PASSWORD_MUST_CHANGE-

The user's password must be changed before signing in.

The possible causes are:

User has the “user must change password at next logon” flag set. Time to change your password!
Active Directory Replication may not be complete

AUT30923

Active Directory authentication server <server name>: Received NTSTATUS code <error code>

STATUS_NO_SUCH_GROUP- The specified group does not exist.

Check the user group membership.