Question

Multiple netdiag errors and long logon times

Asked by: Zaurb

Some of our users complain that especially in the morning they have to wait for quite a long time after they input their domain credentials into login window. Some of them wait for several minutes until they see desktop icons appearing, others have to wait to access network-based applications (Outlook configured for exchange server and other applications running from network shares). Others have to wait for a while when "Applying computer settings" windows is displayed.
All computers are Windows XP SP2 and all servers are Windows 2003 SP2

I've checked event log and noticed that most of them have the following events:

-----------------------------------------------------------
Type: Error
Event: 7023
Source: Service Control Manager
Description: The Computer Browser service terminated with the following error: Timeout. Operation failed (literal translation from Italian)
-----------------------------------------------------------
services.msc shows that 'computer browser' service is not running, however i can successfully launch it manually after logging in. I've applied the KB889320 but the issue is not resolved.

-----------------------------------------------------------
Type: Error
Event: 1054
Source: Userenv
Description: Windows cannot obtain the domain controller name for your computer network. (Domain controller does not exist or can not be contacted). Group Policy processing aborted.
-----------------------------------------------------------
This event is immediately followed by Warning (Event 1517, source Userenv)


Netdiag errors common to most of these PCs are as follows:

DC list test . . . . . . . . . . . : Failed
Kerberos test. . . . . . . . . . . : Failed
    [FATAL] Cannot get ticket cache from Kerberos.
    The error occurred was: (null)
LDAP test. . . . . . . . . . . . . : Passed
    [WARNING] Failed to query SPN registration on DC 'server1.domain.local'.
    [WARNING] Failed to query SPN registration on DC 'server2.domain.local'.

How can I resolve the problem?








This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

  • Plus...
  • 30 Day FREE access, no risk, no obligation
  • Collaborate with the world's top tech experts
  • Unlimited access to our exclusive solution database
  • Never be left without tech help again

Subscribe Now

Asked On
2008-04-17 at 06:49:47ID23330817
Topics

Windows Networking

,

Windows 2003 Server

,

Windows XP Operating System

Participating Experts
3
Points
500
Comments
15

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

  • "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
  • "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
  • "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.

Screenshot of Experts Exchange Knowledgebase

Need individual assistance?

Our experts are ready to help.

If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.

Screenshot of Experts Exchange Knowledgebase

Want to learn from the best?

Read articles from industry experts.

Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.

Screenshot of an Article

Working on a long term project?

Store your work and research.

Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.

Screenshot of Experts Exchange Knowledgebase

Access the answers to your technology questions today.

Subscribe Now

30-day free trial. Register in 60 seconds.

What Makes Experts Exchange Unique?

Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Trusted by the world's most respected brands.

image of each brand's logo

Faithfully serving IT professionals since 1996.

Experts Exchange Logo

Try it out and discover for yourself.

Subscribe Now

30-day free trial. Register in 60 seconds.

Related Solutions

  1. netdiag shows Kerberos test failure, no ticket for host
    Hi, I am building a Windows 2003 Member Server to host Microsoft Exchange. Among the prerequisites for the installation, it says I have to run netdiag.exe and examine the log. We have one Active Directory PDC running Windows 2000. Netdiag on that machine passes the test, ...
  2. Netdiag/LDAP error
    I just set up a Windows serer 2003 machine, and have either an LDAP or DNS problem. I was having problems with communications, and when I turned on TCP/IP helper for Netbios, and the errors went away from event viewer. I started to install exchange, thinking that the problems...
  3. NETDIAG DNS ERROR
    Installed WINDOWS 2000 Support tools for sp4 and ran a netdiag -v on DC server. here is the following error. DNS test . . . . . . . . . . . . . : Failed Interface {B21BF725-2833-4014-8F9B-A709B41961DE} DNS Domain: test.com DNS Servers: 10.12.0.3 ...
  4. DNS error in netdiag
    Hi all, I have 4 DC's, 2 Windows 2000 and 2 Windows 2003. I will soon be taking the W2k DC's out of service. DNS is on each of the DC's and they are AD Intergrated zones. Nslookup and resolution all seem to work correctly, however when I run Netdiag on the W2003 DC's I get t...
  5. netdiag /fix shows dns test failed
    I'm implementing Active Directory 03 on my network. I've successfully implemented my DC, AD, and DNS. At least that's what it seems. When I looked at the event logs on all my member servers, there were numerous amounts of event error 1053 - Windows cannot determine the use...
  6. Kerberos failure in netdiag and subsequent Exchange 20…
    I have an open question in the Exchange Zone (http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_22753555.html), where after an Exchange 2003 installation, Microsoft Exchange System Attendant won't start. (That error is: Unexpected error Logon f...

Free Tech Articles

  1. WARNING: 5 Reasons why you should NEVER fix a computer for free.
    It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
  2. SCCM OSD Basic troubleshooting
    SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
  3. Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
    This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
  4. Create a Win7 Gadget
    This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
  5. Outlook continually prompting for username and password
    There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
  6. Backup Exchange 2010 Information Store using Windows Backup
    There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...

Cloud Class Webinars

  1. Avoiding Bugs in Microsoft Access
    Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
  2. Top 10 Best New Features in Visio 2010
    Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
  3. IT Consultant Business Secrets Revealed
    Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
  4. Disaster Recovery and Business Continuity
    Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
  5. Organize Your Visio Diagrams with Containers and Lists
    Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
  6. How to Us Objects, Properties, Events and Methods in Microsoft Access
    Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...

Join the Community

Give a Little. Get a Lot.

Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.

Join the Community

Answers

 

by: SteveH_UKPosted on 2008-04-17 at 06:59:24ID: 21377097

Start by looking at the following:

1.  Run DCDIAG on your domain controllers.  DCDIAG is part of the support tools and can be downloaded directly from the MS website.  Review and respond to any identified issues.

2.  Check the network configuration on a client.  Make sure that DHCP, DNS and WINS settings are correct.

3.  Compare the time on a client to the time on each of your DCs.  These should be within 5 minutes of each other for correct function.

4.  Do you connect to the network after you've turned the computer on?  The computer logs on to the network as part of the startup process, and this can cause issues if your domain (or network) is persistently unavailable during startup.

Let me know how you get on with these, or if you need further assistance.

 

by: ebjersPosted on 2008-04-17 at 07:47:39ID: 21377654

This definetly looks like a DNS issue to me.  Make sure all your computers (server included) are looking at your DC for DNS and nowhere else.

eb

 

by: SteveH_UKPosted on 2008-04-17 at 07:52:11ID: 21377700

One additional point on DNS in Windows:

Although you can specify multiple DNS servers on a network interface, they are not used in combination.  If the first does not respond at all, Windows will elect to use the second DNS registration but will not usually revert back to the first until the computer has been restarted.   All speciifed DNS servers must return a complete set of results, so don't set one to point to your firewall or ISP.  Make sure they both point to your domain DNS servers (whether Active Directory integrated, other Windows servers or third party).

 

by: ryansotoPosted on 2008-04-17 at 08:19:15ID: 21378086

Its definately DNS -

Make sure all DC's point to themselves for DNS (In TCP/IP) properties and in the forwarders tab of DNS you forward to your ISP for other domain lookups.

This should also reflect in your DHCP scope (the part about pointing to your internal DNS boxes)

 

by: ZaurbPosted on 2008-04-18 at 02:14:16ID: 21384222

After installation of KB889320 I don't have an event 7023 any more. However logon process still takes long! I don't think there's something wrong on servers since other computers are OK.

 

by: ZaurbPosted on 2008-04-18 at 02:31:35ID: 21384300

DCDIAG on SERVER1 gives me the following error:

-----------------------------------------------------------------------------
Starting test: systemlog
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 03/12/2008   11:53:12
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 03/12/2008   11:53:14
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 03/12/2008   11:53:14
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 03/12/2008   11:53:14
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC0000037
            Time Generated: 03/12/2008   11:53:27
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC0000037
            Time Generated: 03/12/2008   11:53:27
            (Event String could not be retrieved)
         ......................... SERVER1 failed test systemlog
-----------------------------------------------------------------------------


SERVER2 passed all tests though...

 

by: ZaurbPosted on 2008-04-18 at 02:43:30ID: 21384356

actually after cleaning log files there're no more failed tests. All OK.

 

by: ryansotoPosted on 2008-04-18 at 07:50:32ID: 21386287

So is th elong log on time still occurring?

 

by: ZaurbPosted on 2008-04-21 at 02:07:46ID: 21399691

Several users still complain about the very long logon time.
Here's the netdiag from one of such computers.

 

by: ZaurbPosted on 2008-04-21 at 02:11:17ID: 21399706

Several users still complain about the very long logon time.
Here's the netdiag from one of such computers.

........................................

    Computer Name: COMPUTERNAME
    DNS Host Name: COMPUTERNAME.DOMAIN.LOCAL
    System info : Windows 2000 Professional (Build 2600)
    Processor : x86 Family 15 Model 2 Stepping 9, GenuineIntel
    List of installed hotfixes :
        KB873339
        KB885250
        KB885835
        KB885836
        KB886185
        KB887472
        KB888302
        KB889320-v2
        KB890046
        KB890859
        KB891781
        KB893756
        KB893803v2
        KB894391
        KB896358
        KB896423
        KB896428
        KB898461
        KB899587
        KB899591
        KB900485
        KB900725
        KB901017
        KB901214
        KB902400
        KB904706
        KB904942
        KB905414
        KB905749
        KB908519
        KB908531
        KB910437
        KB911280
        KB911562
        KB911564
        KB911927
        KB913580
        KB914388
        KB914389
        KB914440
        KB915865
        KB916595
        KB916846
        KB917159
        KB917734_WMP9
        KB917953
        KB918118
        KB918439
        KB919007
        KB920213
        KB920342
        KB920670
        KB920683
        KB920685
        KB920872
        KB921503
        KB921883
        KB922582
        KB922819
        KB923191
        KB923414
        KB923689
        KB923980
        KB924191
        KB924270
        KB924667
        KB925398_WMP64
        KB925720
        KB925876
        KB925902
        KB926255
        KB926436
        KB927779
        KB927802
        KB927891
        KB928255
        KB928843
        KB929123
        KB929969
        KB930178
        KB930916
        KB931261
        KB931784
        KB931836
        KB932168
        KB933360
        KB933566-IE7
        KB933729
        KB935839
        KB935840
        KB936021
        KB936357
        KB936782_WMP9
        KB937143-IE7
        KB937894
        KB938127-IE7
        KB938828
        KB938829
        KB939653-IE7
        KB941202
        KB941568
        KB941569
        KB941644
        KB942615-IE7
        KB942763
        KB943055
        KB943460
        KB943485
        KB944533-IE7
        KB944653
        KB946026
        Q147222


Netcard queries test . . . . . . . : Passed
    GetStats failed for 'Miniport WAN (PPPOE)'. [ERROR_NOT_SUPPORTED]



Per interface results:

    Adapter : Connessione alla rete locale (LAN)

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : COMPUTERNAME.DOMAIN.LOCAL
        IP Address . . . . . . . . : 10.10.10.38
        Subnet Mask. . . . . . . . : 255.255.0.0
        Default Gateway. . . . . . : 10.10.0.1
        Primary WINS Server. . . . : 10.10.1.1
        Dns Servers. . . . . . . . : 10.10.1.1
                                     10.10.1.2


        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Passed

        NetBT name test. . . . . . : Passed
        [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names is missing.

        WINS service test. . . . . : Passed


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{FEA8F6C8-1CAD-402E-9E23-FE27293022AF}
    1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed
    [WARNING] You don't have a single interface with the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names defined.


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Passed


Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
        NetBT_Tcpip_{FEA8F6C8-1CAD-402E-9E23-FE27293022AF}
    The redir is bound to 1 NetBt transport.

    List of NetBt transports currently bound to the browser
        NetBT_Tcpip_{FEA8F6C8-1CAD-402E-9E23-FE27293022AF}
    The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Failed


Trust relationship test. . . . . . : Passed
    Secure channel for domain 'DOMAIN' is to '\\domaincontroller02.domain.local'.


Kerberos test. . . . . . . . . . . : Failed
    [FATAL] Cannot get ticket cache from Kerberos.
    The error occurred was: (null)


LDAP test. . . . . . . . . . . . . : Passed
    [WARNING] Failed to query SPN registration on DC 'domaincontroller02.domain.local'.
    [WARNING] Failed to query SPN registration on DC 'domaincontroller01.domain.local'.


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
    No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Passed
    Service status  is: Started
    Service startup is: Automatic
    IPSec service is available, but no policy is assigned or active
    Note: run "ipseccmd /?" for more detailed information


The command completed successfully

 

by: ZaurbPosted on 2008-04-21 at 04:02:20ID: 21400325

can this be happening due to missing SRV records in domain? if yes, how and why would I put them? I have 4 DCs at three various sites.

 

by: ebjersPosted on 2008-04-21 at 05:57:46ID: 21401141

First thing check ADUC and make sure none of the computer accounts have been disabled

I have also seen some references that say this problem can be solved by creating a reverse lookup zone for your domain.

If the above does not help try removing one of the problem computers from the domain and adding it again.  Be sure to delete the computer account from ADUC and the listing from DNS BEFORE you add it to the domain aging.

eb

 

by: ryansotoPosted on 2008-04-21 at 08:02:42ID: 21402587

Long log on times are due to DNS issues almost 99% of the time.
All your DC's is their dns pointing to themselves? (Look in TCP IP properties of the LAN connection)
The DNS servers should be to itself or another INTERNAL DNS machine.
SRV records should be created automatically when a machine is joined to the domain as a DC

 

by: ZaurbPosted on 2008-04-21 at 12:42:17ID: 21405223

OK. I've checked. SRV recorda are OK and where created automatically. DNS on each server points first to the server itself, then to another DNS server. For example, SERVER01 dns first points to SERVER01 then SERVER02, and vice versa SERVER02 first points to SERVER02 then to SERVER01.

 

by: ebjersPosted on 2008-04-21 at 14:09:38ID: 21406074

run ipconfig /flushdns on all your systems to clear out the DNS cache as this can solve many problems.

And you don't need to run around to all the systems, just set it in a startup script.

eb

20120131-EE-VQP-002

3 Ways to Join

30-Day Free Trial

The Experts

98% positive feedback on 31,087 answers since March 2000. angeliii is a Microsoft Most Valuable Professional for his work with MS SQL Server & Develoment.

He has also proven his knowledge of Visual Basic Programming, PHP Scripting and Oracle Databases.

The Experts

97% positive feedback on 10,752 answers since July 2000. lrmoore has more than 18 years experience in the networking industry.

The six-time Mircosoft MVPs specialties include firewalls, virtual private networking, and network management.

Testimonials

"...and excellent source for support... Kind of like having your very own IT dept." Electriciansnet

Testimonials

"I was apprehensive at signing up at first. However... it has already made my life as an IT administrator much easier." JaCrews

Testimonials

"WOW! You guys have great, active, and knowledgeable people on here." moore50

Business Clients

Business Clients

In the Press

"If you’ve got a question... Experts Exchange can supply an answer.”

In the Press

"...an invaluable aid for both IT professionals and those who require tech support."

In the Press

"where IT professionals provide quick answers on just about any topic"

Business Account Plans

Loading Advertisement...