My current job has had an issue with their domain since July 2023, I am new here and in general to IT so you will have to forgive my lack of knowledge.
Essentially, all users have a permanent password only IT can change because if they try, they receive the message "A device attached to the system is not functioning."
The event log gives an event id of 7 and reads:
- "The digitally signed Privilege Attribute Certificate (PAC) that contains the authorization information for client - in realm - could not be validated.
This error is usually caused by domain trust failures; Contact your system administrator."
There are 2 DC's, DC1 is the PDC but I noticed with nltest that workstations authenticate through the non-primary (DC2) which is a replicated DC of DC1. I'm not sure why that is.
The workstation and DC times match.
As far as I can tell, they're talking and there is a secure channel between them. nltest /sc_query is successful, as is all repadmin commands and a ping to/from each DC. I found a few posts about the "device attached to the system is not functioning" part but the solution is ultimately something I can't do, which is completely redo the domain by demoting the old and promoting a new DC. I think that is more of a fix-all instead of an actual solution.
DC1 & DC2 run at a server 2003 level.
Here's some other, possibly unrelated, information:
The only error I could find was two GPO's are not in sync and that Sysvol has errors. The sysvol errors pertain to two GPO's that are seldom used if at all.
I'm getting this when running dcdiag on DC1:
- "Starting test: FrsEvent
There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL
replication problems may cause Group Policy problems."
And I can't run nltest on DC1, it throws ERROR_NO_SUCH_DOMAIN for the exact same command/domain as when I ran it on DC2 which is successful. I don't know enough about AD to know if sc_query can be run on the PDC successfully.
To my knowledge, this just happened one day without any intentional changes done by IT. Any guidance would be greatly appreciated. I was told to contact Microsoft support about it on Spiceworks, but can't find proper contact details.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(156.8, 75%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPS%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 80%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETB%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)