AD Query does not recognize users, and the "adlog a dc" command returns "bad credentials or firewall blocks DCOM traffic".
adlog a dc
bad credentials or firewall blocks DCOM traffic
SmartConsole shows this log message:
"AD Query unavailable for domain controller <Name>. Domain controller is down or firewall may be blocking DCOM traffic to the domain controller. See sk58881 for more information."
Identity Awareness Configuration wizard authentication fails.
LAN Manager authentication level in the Domain Security Policy is set to "NTLMv2 response only/refuse LM and NTLM".
By default, AD Query tries to authenticate using NTLM.