tudeatico
asked on
EVENT ID 1030 & 1090 USERENV
have three w2k3 server in a 2000 native domain. Since yesterday I started recieveing the following errors in my event logs
Error 1:Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1030
Date: 7/7/2004
Time: 3:23:18 PM
User: NT AUTHORITY\SYSTEM
Computer: Servername
Description:
Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Error 2:Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1097
Date: 7/7/2004
Time: 3:23:18 PM
User: NT AUTHORITY\SYSTEM
Computer: servername
Description:
Windows cannot find the machine account, The Local Security Authority cannot be contacted
¿Where is the problem????, is very important . A lot of thanks.
Error 1:Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1030
Date: 7/7/2004
Time: 3:23:18 PM
User: NT AUTHORITY\SYSTEM
Computer: Servername
Description:
Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Error 2:Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1097
Date: 7/7/2004
Time: 3:23:18 PM
User: NT AUTHORITY\SYSTEM
Computer: servername
Description:
Windows cannot find the machine account, The Local Security Authority cannot be contacted
¿Where is the problem????, is very important . A lot of thanks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
After upgrading from 2000 to 2003 and following recommended DNS practices, we still came into a 'DNS Island" issue. After pointing the DNS/DC to itself and then to an alternative DNS/DC server in the same site,, then flushing DNS cache on all DC's, reboot, all DNS issues cleared.
In Windows Server 2003, the recommended DNS configuration is to configure the DNS client settings on all DNS servers to use themselves as their own primary DNS server, and to use a different domain controller in the same domain as their alternative DNS server, preferably another domain controller in the same site. This process also works around the DNS "Island" problem in Windows 2000. You must always configure the DNS client settings on each domain controller's network interface to use the alternative DNS server addresses in addition to the primary DNS server address.
In Windows Server 2003, the recommended DNS configuration is to configure the DNS client settings on all DNS servers to use themselves as their own primary DNS server, and to use a different domain controller in the same domain as their alternative DNS server, preferably another domain controller in the same site. This process also works around the DNS "Island" problem in Windows 2000. You must always configure the DNS client settings on each domain controller's network interface to use the alternative DNS server addresses in addition to the primary DNS server address.
When you restart a Windows Server 2003 DC, the Application event log contains:
Event Source: Userenv
Event Category: None
Event ID: 1030
Date: <date>
Time: <time>
Type: Error
User: NT AUTHORITY\SYSTEM
Computer: <ServerName>
Description: Windows cannot query the list of Group Policy objects. A message that describes the reason for this was previously logged by the policy engine.
Event Source: Userenv
Event Category: None
Event ID: 1097
Date: <date>
Time: <time>
Type: Error
User: NT AUTHORITY\SYSTEM
Computer: <ServerName>
Description: Windows cannot find the machine account. No authority could be contacted for authentication.
The %SystemRoot%\Debug\Netlogo
<date> <time> [CRITICAL] NetpDcHandlePingResponse: DomainName.Com.: Netlogon is paused on the server. 0x14
<date> <time> [MISC] NetpDcGetName: DomainName.Com. using cached information
<date> <time> [MISC] DsGetDcName function returns 0: Dom:RTMS_PDC Acct:(null) Flags: DS NETBIOS RET_DNS
<date> <time> [SITE] DsrGetSiteName: Returning site name 'Default-First-Site-Name' from local cache.
<date> <time> [LOGON] SamLogon: Generic logon of DomainName.Com\(null) from (null) Package:Kerberos Entered
<date> <time> [LOGON] SamLogon: Generic logon of DomainName.Com\(null) from (null) Package:Kerberos Returns 0xC00002F5
This behavior will occur if any of the following is true:
1. Your one other domain controller are also starting up.
2. A local or remote program sends a request to the PDC Emulator and it is starting up.
3. Your only domain controller is starting up and the NetLogon and Directory Services are NOT yet ready to service requests, and respond to queries with a 'netlogon paused' message.
NOTE: These errors should be temporary. When NetLogon is ready, it should respond to requests.
To workaround this behavior, try not to start multiple domain controllers at the same time. If you only have one domain controller, either add another, or attempt to delay the start of the requesting local service or local program.
SOURCE:http://www.jsiinc.com/SUBP/tip7500/rh7561.htm
HOPE IT HELPS