GPUpdate failing due to LDAP Bind Issue

active-directory group-policy ldap windows-server-2012-r2

Solution 1:

I was able to fix this myself. It turns out that the local machine accounts had cached bad credentials that were (correctly) failing. Thanks to @greg-askew for pointing me in the right direction. For anyone who stumbles on this looking for a solution:

  1. Download PsExec (part of sysinternals) from https://technet.microsoft.com/en-us/sysinternals/pxexec.aspx
  2. From an elevated command prompt run PsExec.exe -i -s cmd.exe (This will open another command window in the Local Machine account context).
  3. From that window, run rundll32.exe keymgr.dll, KRShowKeyMgr (That will open a gui with a list of cached credentials).
  4. In that gui, delete any credentials that look suspicious (In my case the credentials were named after my PDC).

After deleting the credentials from the cache, it immediately started working again.

Related

Azure App Service - Outbound IP changed
https through an http-only proxy?
How do I "override" Server response header on a ReverseProxied website?
What characters are illegal in password in ssmtp.conf?
questions about nagle vs. delayed ack
How to allow SSH only from local network via iptables [closed]
Is there a way to make apt-get upgrade not show changelogs?
Diagnosing slow data processing on a VM
Nginx ip_hash does not load-balance connections to meteor backend
fail2ban regex not matching
Is ceph replication based on nodes or disks?
How to rescue a server with no free inodes (from DDOS)