Endless Event ID's 1006 & 1030 every 5 minutes

Nope, thats for another pair of events not my pair.

It's for the 1030, at least :)

But check this one also : " http://www.experts-exchange.com/Networking/Q_21252533.html "

Best Regards !

Nope, saw these already and its a no go.

This is a hard to impossible question to answer, and is why I will give anyone that gets it fixed 2000 POINTS!

I'm sure you saw this already...but here are some ideas:

Last update 10/11/2005):
In my case, the event appeared on a Windows 2003 server after we changed the domain admin password. All services had correctly been changed, but the console was logged on during the password change. A simple logoff-logon solved the problem.

James (Last update 6/28/2005):
My issues on this event were caused by cached credentials on the client. They were not showing up when I logged in as Administrator (Tristen and Sean below had issues related to this, but were able to find and delete the offending credentials). Rob's comments under EventID 14 from source Kerberos, about client credentials not appearing were very helpful in pointing me in the right direction to solve my issue. Instead of deleting and re-adding the computer & account, etc. from the domain as he did, I just temporarily gave the affected user administrative privileges and was able to find the stored user name info when I logged in as that user. Go to Start -> Control Panel -> User Accounts -> Advanced tab -> Manage Passwords. Note that you cannot go in to this area without Admin privileges and you cannot see them when you are logged in as another user. Once I found and deleted the stored credentials, I removed admin privileges and was able to log in normally without the authentication problems.

Brad Albert (Last update 6/14/2005):
We were getting this along with event 1030, on two SQL servers; both errors started on the same day and were associated with the same user. It turned out that the database administrator had left herself logged on to both SQL servers and then changed her password. We simply logged her off and the error was gone.

Ionut Marin (Last update 6/14/2005):
As per Microsoft: "An Active Directory, network connectivity, or network configuration problem prevents Group Policy settings from being applied. Group Policy processing for the computer or user failed and will continue to fail until this problem is resolved". See MSW2KDB for more details.

From a newsgroup post: "Last weekend I deployed the first GPO for desktop screen saver protection to all computers. On Monday, I found out that not all computers had this policy applied, and most of the computers had this event logged. After two days investigation, I found the reason for this error was due to the logon password expiration. Apparently, quite a few user accounts had their passwords expired over the weekend, and they did not change their passwords before expiration. Then GPO are not pushed out because of the user account cannot be validated. A bit funny, but that makes sense. Users who changed their password will not have that problem later on".

From a newsgroup post :"This may occur on a multihomed DC (2003) with two NICs, where one NIC has port filtering enabled and is blocking port 389. This can occur even if the “port blocking” NIC is lower in the binding order than a “non port blocking” NIC.
Also check to see whether there are any services running in the context ABC\Administrator.
Lastly, make sure the DNS zone for the AD Domain has dynamic updates enabled".

Sean (Last update 9/22/2004):
I had exactly the same problem as Tristen. I went into Control Panel -> User Accounts -> Advanced tab -> Manage Passwords, and removed the user from the list. After a reboot, the problem disappeared.

Tristen (Last update 9/9/2004):
I was getting EventID 1006 and EventID 1030 errors on a user’s machine. The problem turned out to be caused by the fact that both domain controllers had entries under "user accounts / manage passwords" which were blank. I removed both entries, which fixed the problem and allowed the group policy to update.

Robert Auch (Last update 5/31/2003):
Only seen by laptop user after returning from offsite work (logging in with cached credentials on previous logon/bootup) - system will hang at blue screen before "starting windows" window appears on screen. This is NOT a boot error message (M242518 is the only article I can find which looks similar), but a network issue: if the network cable is unplugged, the system boots fine.  If "Offline Files" in Explorer is turned off, the system boots fine. Can't turn off Offline files, as user needs it for laptop to work offsite properly.  

My last post was from source:  http://www.eventid.net/display.asp?eventid=1006&eventno=2187&source=Userenv&phase=1

Been to eventid.net and none of these suggestions hold for my case.

S.O.S.

I have posted on this before:\ To no AVAIL what so ever. i.e. no one at all can solve this one, it's to hard! All experts have been stumpted on it.

see here:\ http://www.experts-exchange.com/Operating_Systems/Windows_Server_2003/Q_21677475.html


We had two DC's that are windows 2003 standard edition with no service paks. {I recently upgraded to SP1 on the DC I Just promoted, but the problem still persisted}, both DC's run DNS\DHCP etc... Its just a one domain deal no extra domains or anything snazzy. We have User Manager Pro installed, Diskeeper, logmeister, Symantec Antivirus, EZ-Audit, Dymo Label. I dont think any of these have anything at all to do with this issue, but who knows.

If I ran MPSREPORT which would be most applicable?

Dirsvc and Network?

i had the same events, occuring each 5 minutes, when the "File and Printer Sharing" was not installed for the network connection.

mdgil.

The errors pre-existed my being at this job, but I was told the DC in question had these issues prior and was hence demoted and promoted at least one other time. So it was not this instance of demotion\promotion that may have spawned the errors. But the previous demotion\promotion may have had something to do with it. I ran gpudate and User\Computer policy refresh completed with no errors.

gpresult had nothing out the ordinary, i.e. no errors reported.

I have not run RSoP on my DC, will that work, what may it tell?

We have two NICS, one that is 192... and the other is 172... as the backup network only.

yuja.

We have two NIC's and one is Primary and the Other is Backup. The backup NIC does not have "File and Printer Sharing" checked, while primary does. But this is the case for the good DC also and it does not get these errors every 5 minutes?

I notice a new error that may be telling.

Event ID: 1059  Source: DhcpServer
The DHCP service failed to see a directory server for authorization.


This error I have not noticed until after the demotion\promotion...

this is probably going to be a stupid question but;
do you have disk quota enabled on the C: drive? and how much free space do you have on that drive?

something else i was thinking about is time sync. if the servers are running kerberos some times the time gets out of whack. net time \\PrimaryServer /SET

still looking..

We have 17.3 gig on C, with no quotas at all.

youve run netdiag and no errors, have you run dcdiag?

when you demoted the DC did you remove all traces from AD? did you play with the NTDSUTIL tool and clean your metadata?"

It's 12:54am ... I am too tired to read through everyone's possible solutions.

I have run into a similar situation at a client site... not the same errors..but the group policies failing...account not able to authenticate, etc..  Turned out it was the locally installed AntiVirus client scanning the c:\windows\security folder and corrupting the local security data file, and also on the Server same deal... had to exclude the c:\windows\security\ folder on the server and workstation before it would work correctly. Weird thing is it was only on a couple of machines..not all of them..

- pdxsrw

Netman66 has some good suggestions to go thru.

i did run across some info on the 1006 error. the one thing that caught my eye is to copy the sysvol folder from a good DC to the bad DC. i would probably rename the old sysvol folder first tho.

the other things were to check dcdiag /dnsall  for errors

and just a thought, how about installing vmware on a beefy workstation and install another DC. just to test if the problem starts from the initial replication. make sure you copy as many settings from the bad DC as you can. with vmware you can take snapshots just incase something goes bad.

last but not wanted. you have to take into account the amount of time you have spent on this problem and will continue to spend on this issue. compare that to how long would it take to rebuild the server from scratch and how long the company will be without the server.

good luck.

forgot to mention, if you do start over save yourself some time and demote the bad DC before taking it off the network.

This question has been classified as abandoned because there are no comments in the last 21 days. I will make a recommendation to the moderators on its resolution in approximately 4 days.  I would appreciate any comments by the experts that would help me in making a recommendation.

It is assumed that any participant not responding to this request is no longer interested in its final disposition.

If the asker does not know how to close the question, the options are here:
http://www.experts-exchange.com/help.jsp#hs5

-red
EE Cleanup Volunteer

Well, he wanted help and neglected to provide us with answers to our queries.  Suggest split and PAQ.