This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 6%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESH%3C/text%3E%3C/svg%3E)
Dear community,
TL;DR: two problems: Unable to contact Active Directory to access or verify claim types & central policy tab missing. Servers can reach each other when for example I ping them or search for AD users.
I'm setting up an environment with (a.o.) a Domain Controller and File Server and am running into an issue I hope you can help with. I'm trying to use Claim Types to specify access to SMB shares but keep running into the error 'Unable to contact Active Directory to access or verify claim types'. This occurs when I try to set a condition on a folder which is used as an SMB share.
My test setup looks as follows:
I've followed the steps as outlined on https://learn.microsoft.com/nl-nl/windows-server/identity/solution-guides/deploy-a-central-access-policy--demonstration-steps-and also consulted https://learn.microsoft.com/nl-nl/windows-server/identity/solution-guides/appendix-b--setting-up-the-test-environment
I've set up a Department Claim type, for now left the resource properties as they are as the departments I needed for now were already present. I created a Central Access Rule and Central Access Policy, applied the CAP through group policy, enabled support for claims, and deployed the policy.
In the advanced security settings > add screen for my SMB share, I can reach the DC without any issues to select a principal, but in the bottom under conditions I'm getting the error 'Unable to contact Active Directory to access or verify claim types'. Oddly enough, in the advanced security settings screen of the folder also the central policy tab is missing.
For good measure I ran gpupdate /force again, rebooted the servers, disabled the firewall on the DC, but still no luck. Does anyone have an idea where I'm going wrong?
ps: tried to add tags that better described this topic, but anything related to smb, file server, dc seemed to not work.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(57.599999999999994, 46%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EYD%3C/text%3E%3C/svg%3E)
Hi,
I would like to check if the issue has been fixed? If yes, please help accept answer, so that others meet a similar issue can find useful information quickly. If you have any other concerns or questions, please feel free to feedback.
Best Regards,
Danny
Hi,
I would like to check if the issue has been fixed? If yes, please help accept answer, so that others meet a similar issue can find useful information quickly. If you have any other concerns or questions, please feel free to feedback.
Best Regards,
Danny
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 87%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELB%3C/text%3E%3C/svg%3E)
I don't know if this pertains to your instance or not. We had an on premise domain controller issue, so we updated the DNS to a different domain controller/AD. The VM's we have in Azure had network security per VM set with custom DNS. Although we updated the IP to the new domain controller and applied changes, IPCONFIG /FLUSHDNS did not enable the VM to see the new domain controller IP for DNS. Our file share was throwing the same error. Then I saw a brief message in Azure that in order for the server to take the DNS changes, the server had to be rebooted. After was able to perform a server reboot, the error went away and we could share the folder via IP. The new IP was reflecting in the server DNS. It's possible your DNS on the server is pointing to an old/invalid DNS server. Thus unable to connect to your AD. I hope this helps someone.
Hi,
Please try these commands first:
Dcdiag /v >c:\dcdiag1.log
Repadmin /showrepl >C:\repl.txt
Repadmin /showreps *
If any error pops out, please provide us with the screenshots.
Thanks for your understanding.
Best regards,
Danny
-----------------------------
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hi Danny,
Thank you for taking your time to help me, I appreciate it very much :)
I believe you've already pointed me in the right direction: Repadmin /showreps * gives me an LDAP error: LDAP error 81 (Server Down) Win32 Err 58.
I'm a bit pressed for time today, but I'll investigate this further a.s.a.p. to see if something is wrong with the LDAP server and will post the results back.
regards,
Steven
Hi Steven,
Ok. I will wait for the outcome of your trial.
Thanks and best regards,
Danny
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 65%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EG%3C/text%3E%3C/svg%3E)
The correct command is: Repadmin /showrepl *
The command referenced above: Repadmin /showreps *
is responsible for the error: LDAP error 81 (Server Down) Win32 Err 58.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(124.80000000000001, 95%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDS%3C/text%3E%3C/svg%3E)
I just noticed the same error on one of my two DCs running Windows 2012 R2 Std servers that share AD and "load balance" DHCP and DNS. We didn't make any changes to both servers recently and only applied Windows updates so one of them must have caused this.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(198.4, 13%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPB%3C/text%3E%3C/svg%3E)
Hello I have the same problem, Someone can help us?.
Thanks!!
Hello I have the same problem, Someone can help us?.
Thanks!!