AD Query does not recognize users, and the "adlog a dc" command returns "bad credentials or firewall blocks DCOM traffic".
SmartView Tracker/SmartLog displays the log message:
"AD Query unavailable for domain controller <Name>. Domain controller is down or firewall may be blocking DCOM traffic to the domain controller. See sk58881 for more information."
Identity Awareness Wizard authentication fails.
LAN Manager authentication level in the Domain Security Policy is set to: NTLMv2 response only/refuse LM and NTLM.
By default, AD Query tries to authenticate using NTLM.