hw_tech
asked on
Server stops responding to GPO/ Active Directory Requests after 1030 1058
After logging the errors below I was unable to log onto our server directly. This has happened twice in the last week. Users were not able to authenticate or log on to the domain. We did a force restart each time which corrected the problem.
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1058
Date: 11/28/2007
Time: 11:29:40 AM
User: NT AUTHORITY\SYSTEM
Computer: SERVER
Description:
Windows cannot access the file gpt.ini for GPO CN={31B2F340-016D-11D2-945
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1030
Date: 11/28/2007
Time: 11:29:40 AM
User: NT AUTHORITY\SYSTEM
Computer: SERVER
Description:
Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1058
Date: 11/28/2007
Time: 11:29:40 AM
User: NT AUTHORITY\SYSTEM
Computer: SERVER
Description:
Windows cannot access the file gpt.ini for GPO CN={31B2F340-016D-11D2-945
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1030
Date: 11/28/2007
Time: 11:29:40 AM
User: NT AUTHORITY\SYSTEM
Computer: SERVER
Description:
Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
With that said:
I think there is more to this issue than this. Since you can't log onto the server remotely, it sounds like your TCP/IP stack is being interfered with or is shutting down. But you should see more problems than just events 1030 and 1058. I would look for more clues in event viewer and DCdiag reports to see if you can further pinpoint the issue.
One of the causes of yoru problem is when you use dual NICs. Dual NICS can give the appearance of working well for a while and then shut itself down, if not configured right. Are you using Dual NICS?
I think there is more to this issue than this. Since you can't log onto the server remotely, it sounds like your TCP/IP stack is being interfered with or is shutting down. But you should see more problems than just events 1030 and 1058. I would look for more clues in event viewer and DCdiag reports to see if you can further pinpoint the issue.
One of the causes of yoru problem is when you use dual NICs. Dual NICS can give the appearance of working well for a while and then shut itself down, if not configured right. Are you using Dual NICS?
ASKER
We do have dual NICs on the server. One NIC is setup as an outgoing WAN NIC and is connected to the firewall/router/internet. The other NIC is setup to face our internal network DNS requests from client computers are set to route through this server. We were able to access the internet during this time, but several computers appeared hung when using server products like Exchange, logging onto the Domain, etc.
The errors above were logged on the server, not on the client computers.
The errors above were logged on the server, not on the client computers.
I think that's your problem. It sounds like you are trying to use your dual NICS as sort of a router. What happens is the server looses track of who it is. Example: is it 10.11.12.13 or 10.11.12.14?
A server with dual nics is usually for Multi homed domains, or to act as a router. It is sometimes used for load balancing. But, unless you have 400 or more nodes on the network and use the dual nics for load balancing or something else, I recommend you disable NIC 2, and work off NIC 1.
Using the routers IP will transfer packets to the router and out to the Network. That's the decieving portion of a Dual NIC configuration. You don't need one nic for the clients and the other for the router.
So, you should assess the need for your second NIC before disabling the second NIC. These are the types of questions you should be asking yourself when assessing the need:
1) Do, I have a multi homed domain?
2) Do, I need to balance the load and have too many nodes on the network for a single NIC to work?
3) Do, I use the second NIC to make my server act as a router?
A server with dual nics is usually for Multi homed domains, or to act as a router. It is sometimes used for load balancing. But, unless you have 400 or more nodes on the network and use the dual nics for load balancing or something else, I recommend you disable NIC 2, and work off NIC 1.
Using the routers IP will transfer packets to the router and out to the Network. That's the decieving portion of a Dual NIC configuration. You don't need one nic for the clients and the other for the router.
So, you should assess the need for your second NIC before disabling the second NIC. These are the types of questions you should be asking yourself when assessing the need:
1) Do, I have a multi homed domain?
2) Do, I need to balance the load and have too many nodes on the network for a single NIC to work?
3) Do, I use the second NIC to make my server act as a router?
ASKER
We are using our dual-NICs as a router. If we assume that we want to keep it that way, how should this be configured? What are the pitfalls with this? This problem just recently started happening even though we haven't changed the configuration, so what could have changed to make us start having this problem?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I will read and follow up on this. Thanks for your help
DFS problem:
http://support.microsoft.com/default.aspx?scid=kb;en-us;314494
DNS problem:
https://www.experts-exchange.com/questions/22935596/EventID-1030-1058.html
Networking problem:
The DNS settings are not in the router or the TCP/IP stack of the domain controller becomes disabled.