Re: domain logon issue
Hi,
Thanks for letting us know that my suggestion works.
I appreciate your time and effort in keeping it monitored. Please do not
hesitate to let me know if this problem reoccurs.
Thank you and have a nice day!
Sincerely
Morgan Che
Microsoft Online Support
Microsoft Global Technical Support Center
Get Secure! -
www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
--->From: "Fat Frog" <FatFrog@newsgroup.nospam>
--->References: <eHbg25ZqIHA.4928@TK2MSFTNGP04.phx.gbl>
<OLabOleqIHA.4284@TK2MSFTNGHUB02.phx.gbl>
--->Subject: Re: domain logon issue
--->Date: Tue, 29 Apr 2008 19:26:50 -0400
--->Lines: 266
--->X-Priority: 3
--->X-MSMail-Priority: Normal
--->X-Newsreader: Microsoft Outlook Express 6.00.2900.3138
--->X-RFC2646: Format=Flowed; Original
--->X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
--->Message-ID: <eUHyDClqIHA.3508@TK2MSFTNGP03.phx.gbl>
--->Newsgroups: microsoft.public.windows.server.general
--->NNTP-Posting-Host: gateway.jabil.com 198.51.174.14
--->Path: TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP03.phx.gbl
--->Xref: TK2MSFTNGHUB02.phx.gbl
microsoft.public.windows.server.general:37428
--->X-Tomcat-NG: microsoft.public.windows.server.general
--->
--->Thanks so much for the detailed help and instructions.
--->
--->So I first checked the DNS servers' IP addresses, and see if they were
--->entered correctly. As it turned out, both the primary and the secondary
DNS
--->servers' IP addresses had been wrong. They were the old ones, pointing
to
--->one that's no longer a DNS server, and two that's been retired.
--->
--->I have changed the DNS servers' IP addresses, and ran netdiag.exe, and
it
--->now shows "PASSED" where it showed "Failed" before:
--->
---> Testing DNS
---> Testing redirector and browser... Passed
---> Testing DC discovery.
---> Looking for a DC
---> Looking for a PDC emulator
---> Looking for an Active Directory DC
---> Gathering the list of Domain Controllers for domain 'MyDomainName'
---> Testing trust relationships... Passed
---> Testing Kerberos authentication... Passed
--->
--->I will keep an eye on the 1053 error in the event log, but so far I
haven't
--->seen one. This is a production server. I will not be able to reboot it
till
--->the weekend. I will post back if there is anything else regarding this
--->issue.
--->
--->Thanks again.
--->TL
--->
--->
--->
--->"Morgan che(MSFT)" <v-morche@online.microsoft.com> wrote in message
--->news:OLabOleqIHA.4284@TK2MSFTNGHUB02.phx.gbl...
--->> Hi,
--->>
--->> Thanks for posting here.
--->>
--->> From your description, I understand the domain member server running
--->> Windows Server 2003 SP1 takes 30 minutes to log on domain and you
found
--->> the
--->> Event ID 1053 in this problematic member server.
--->>
--->> Analysis and suggestion:
--->> ======================
--->>
--->> From the Dcdiag output, I suspect this error may caused by the
failure of
--->> DNS resolution. When client queried SRV record on DNS to locate a
domain
--->> controller, the DNS fails to respond the corresponding name
resolution or
--->> respond the incorrect name resolution.
--->>
--->> Please verify that if this computer is connected to the network,
configure
--->> the correct DNS server IP addresses, and at least one of the DNS
servers
--->> is
--->> running. If you use AD-integrated DNS, please make sure the DNS
setting on
--->> the current machine points to the DC. If you use standalone DNS,
please
--->> make sure you have correctly pointed to this DNS server.
--->>
--->> Also, please check if the DC you attempt to logon is running. If so,
--->> please
--->> restart netlogon services on this DC to register the corresponding SRV
--->> record on DNS and test the result.
--->>
--->> After doing this, if this issue still persists. To further narrow
down
--->> this
--->> issue, please assist me to collect the following informatiuon and
send me
--->> via
v-morche@microsoft.com:
--->>
--->> 1. How many computers are facing this problem?
--->>
--->> 2. Are there local DCs in the same subnet as the problematic computer?
--->>
--->>
--->> Logs collection:
--->>
--->> 1. please run "Dcdiag /a /v > C:\dcdiag.log" on the current domain
--->> controller.
--->>
--->> Note: we need to install the Windows 2003 support tools in the path of
--->> X:\Support\Tools\Support.msi of the Windows 2003 installation disc
--->>
--->> 2. please run "Netdiag /v > C:\netdiag.log" on the current domain
--->> controller.
--->>
--->> Note: we need to install the Windows 2003 support tools in the path of
--->> X:\Support\Tools\Support.msi of the Windows 2003 installation disc
--->>
--->> 3. Collect Userenv.log
--->>
--->> Please do as following steps on these problematic computer to obtain
--->> detailed troubleshooting information from the user environment debug
log.
--->>
--->> a. Start Registry Editor.
--->>
--->> b. Locate and then click the following registry subkey:
--->>
--->> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon
--->>
--->> c. Right-click and new add DWORD(32-bit) with the Value of
--->> "UserEnvDebugLevel"
--->>
--->> d. Type in 100002(Hexadecimal) or 65538(Decimal) in the Value data
box,
--->> and
--->> then click OK.
--->>
--->> e. Reboot the problematic computer to make the change take into
effect.
--->>
--->> The Userenv.log is located in the folder:
%SYSTEMDRIVE%\Debug\UserMode\
--->>
--->> 4. Collect Winlogon.log
--->>
--->> Please do as following steps on these problematic computer to enable
--->> winlogon.log as the delay occurs during computer startup:
--->>
--->> a. Start Registry Editor (Regedit.exe)
--->>
--->> b. Locate and click the following key in the registry:
--->>
--->> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
--->>
NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83
--->> A}.
--->>
--->> Please note: The above registry key is one path; it has been wrapped
for
--->> readability.
--->>
--->> c. Edit the following registry value:
--->>
--->> Value name: ExtensionDebugLevel
--->>
--->> Data type: DWORD
--->>
--->> Value data: 2
--->>
--->> d. Quit Registry Editor
--->>
--->> e. Reboot the computer
--->>
--->> The Winlogon.log file is created in the folder %systermroot%
--->> \Security\Logs
--->>
--->> Thanks for your time in advance. After receiving this requested
--->> information, I will do further research and get back to you with my
--->> suggestion.
--->>
--->> Have a good day!
--->>
--->>
--->> Sincerely
--->> Morgan Che
--->> Microsoft Online Support
--->> Microsoft Global Technical Support Center
--->>
--->> Get Secure! -
www.microsoft.com/security
--->> =====================================================
--->> When responding to posts, please "Reply to Group" via your newsreader
so
--->> that others may learn and benefit from your issue.
--->> =====================================================
--->> This posting is provided "AS IS" with no warranties, and confers no
--->> rights.
--->>
--->>
--->> --------------------
--->> --->From: "Fat Frog" <FatFrog@newsgroup.nospam>
--->> --->Subject: domain logon issue
--->> --->Date: Mon, 28 Apr 2008 22:12:21 -0400
--->> --->Lines: 74
--->> --->X-Priority: 3
--->> --->X-MSMail-Priority: Normal
--->> --->X-Newsreader: Microsoft Outlook Express 6.00.2900.3138
--->> --->X-RFC2646: Format=Flowed; Original
--->> --->X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
--->> --->Message-ID: <eHbg25ZqIHA.4928@TK2MSFTNGP04.phx.gbl>
--->> --->Newsgroups: microsoft.public.windows.server.general
--->> --->NNTP-Posting-Host: gateway.jabil.com 198.51.174.14
--->> --->Path:
TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP04.phx.gbl
--->> --->Xref: TK2MSFTNGHUB02.phx.gbl
--->> microsoft.public.windows.server.general:37351
--->> --->X-Tomcat-NG: microsoft.public.windows.server.general
--->> --->
--->> --->Hello.
--->> --->
--->> --->I am having problem on a member server running Windows Server
2003
--->> SP1.
--->> --->
--->> --->It took 30 minutes to log on to the domain after a reboot. The
server
--->> seemed
--->> --->to be forever hanging at "applying settings..." before it finally
--->> connected
--->> --->to the domain.
--->> --->
--->> --->I found a lot of errors with event ID 1053, source: userenv.
"Windows
--->> cannot
--->> --->determine the user or computer name. (The specified domain either
does
--->> not
--->> --->exist or could not be contacted.) Group Policy processing
aborted."
--->> --->____________________
--->> --->
--->> --->Running netdiag.ext shows some errors:
--->> --->
--->> --->Testing trust relationships... Failed
--->> --->Testing Kerberos authentication... Failed
--->> --->
--->> --->DC discovery test. . . . . . . . . : Failed
--->> ---> Find DC in domain 'MyDomainName':
--->> --->
--->> ---> [FATAL] Cannot find DC in domain 'MyDomainName'.
--->> --->[ERROR_NO_SUCH_DOMAIN]
--->> --->
--->> --->DC list test . . . . . . . . . . . : Failed
--->> ---> 'MyDomainName': Cannot find DC to get DC list from [test
--->> skipped].
--->> ---> List of DCs in Domain 'MyDomainName':
--->> --->
--->> --->Trust relationship test. . . . . . : Failed
--->> ---> Test to ensure DomainSid of domain 'MyDomainName' is correct.
--->> ---> 'MyDomainName': Cannot find DC to get DC list from [test
skipped].
--->> --->
--->> ---> [FATAL] Secure channel to domain 'MyDomainName' is broken.
--->> --->[ERROR_NO_LOGON_SERVERS]
--->> --->
--->> --->Kerberos test. . . . . . . . . . . : Skipped
--->> ---> 'MyDomainName': Cannot find DC to get DC list from [test
--->> skipped].
--->> --->LDAP test. . . . . . . . . . . . . : Failed
--->> --->
--->> ---> Cannot find DC to run LDAP tests on. The error occurred was:
The
--->> --->specified domain either does not exist or could not be contacted.
--->> --->
--->> ---> Find DC in domain 'MyDomainName':
--->> --->
--->> ---> [WARNING] Cannot find DC in domain 'MyDomainName'.
--->> --->[ERROR_NO_SUCH_DOMAIN]
--->> --->________________
--->> --->
--->> --->MS Help says:
--->> --->
--->> --->To verify that the domain controller can be contacted through
Domain
--->> Name
--->> --->System (DNS), try to access \\mydomain.com\sysvol\mydomain.com,
where
--->> --->mydomain.com is the fully qualified DNS name of your domain.
--->> --->
--->> --->This test also failed.
--->> --->________________
--->> --->
--->> --->I tried to connect to this server from a couple of client
computers.
--->> One
--->> --->client is ok.
--->> --->
--->> --->The other client got the following:
--->> --->
--->> --->The Mapped network drive could not be created because the
following
--->> error
--->> --->has occurred: The specified network name is no longer available.
--->> --->
--->> --->When I tried to connect to it via UNC, it also errored out:
--->> --->There are currently no logon servers available to service the
logon
--->> request.
--->> --->
--->> --->Sorry for the long post.
--->> --->Thanks for your help.
--->> --->TL
--->> --->
--->> --->
--->> --->
--->> --->
--->>
--->
--->
--->