Solved

EVENT ID 1030 & 1090 USERENV

Posted on 2004-09-10
4
62,163 Views
Last Modified: 2012-06-21
have three w2k3 server in a 2000 native domain. Since yesterday I started recieveing the following errors in my event logs
Error 1:Event Type:     Error
Event Source:     Userenv
Event Category:     None
Event ID:     1030
Date:          7/7/2004
Time:          3:23:18 PM
User:          NT AUTHORITY\SYSTEM
Computer:     Servername
Description:
Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Error 2:Event Type:     Error
Event Source:     Userenv
Event Category:     None
Event ID:     1097
Date:          7/7/2004
Time:          3:23:18 PM
User:          NT AUTHORITY\SYSTEM
Computer:     servername
Description:
Windows cannot find the machine account, The Local Security Authority cannot be contacted


¿Where is the problem????, is very important . A lot of thanks.
0
Comment
Question by:tudeatico
4 Comments
 
LVL 9

Expert Comment

by:imnajam
Comment Utility
7561 » You receive event ID 1097 and event ID 1030 errors when a Windows Server 2003 domain controller starts?



When you restart a Windows Server 2003 DC, the Application event log contains:

Event Source: Userenv
Event Category: None
Event ID: 1030
Date: <date>
Time: <time>
Type: Error
User: NT AUTHORITY\SYSTEM
Computer: <ServerName>
Description: Windows cannot query the list of Group Policy objects. A message that describes the reason for this was previously logged by the policy engine.


Event Source: Userenv
Event Category: None
Event ID: 1097
Date: <date>
Time: <time>
Type: Error
User: NT AUTHORITY\SYSTEM
Computer: <ServerName>
Description: Windows cannot find the machine account. No authority could be contacted for authentication.

The %SystemRoot%\Debug\Netlogon.log file contains:

<date> <time> [CRITICAL] NetpDcHandlePingResponse: DomainName.Com.: Netlogon is paused on the server. 0x14
<date> <time> [MISC] NetpDcGetName: DomainName.Com. using cached information
<date> <time> [MISC] DsGetDcName function returns 0: Dom:RTMS_PDC Acct:(null) Flags: DS NETBIOS RET_DNS
<date> <time> [SITE] DsrGetSiteName: Returning site name 'Default-First-Site-Name' from local cache.
<date> <time> [LOGON] SamLogon: Generic logon of DomainName.Com\(null) from (null) Package:Kerberos Entered
<date> <time> [LOGON] SamLogon: Generic logon of DomainName.Com\(null) from (null) Package:Kerberos Returns 0xC00002F5

This behavior will occur if any of the following is true:

1. Your one other domain controller are also starting up.

2. A local or remote program sends a request to the PDC Emulator and it is starting up.

3. Your only domain controller is starting up and the NetLogon and Directory Services are NOT yet ready to service requests, and respond to queries with a 'netlogon paused' message.

NOTE: These errors should be temporary. When NetLogon is ready, it should respond to requests.

To workaround this behavior, try not to start multiple domain controllers at the same time. If you only have one domain controller, either add another, or attempt to delay the start of the requesting local service or local program.


SOURCE:http://www.jsiinc.com/SUBP/tip7500/rh7561.htm

HOPE IT HELPS
0
 
LVL 82

Accepted Solution

by:
oBdA earned 500 total points
Comment Utility
On which machines do you receive these errors? Are they DCs or member server? Are your DNS settings OK? On your DC/DNS, and on all of your domain members, make sure the DC's address *only* is listed in the TCP/IP properties (be that via DHCP or static; do NOT use 127.0.0.1 on the DNS itself!). That makes sure your internal lookups work correctly. If you have more than one DC, make sure the primary DNS on your first DC points to itself, secondary empty, on the other DCs (assuming they're running DNS), set the primary DNS to the "first" DC, secondary to itself.
For internet access, delete the root zone (if present; it's the single dot: ".") on your DNS in your forward lookup zones. Then open the properties page of your DNS server and configure forwarders to point to your ISP's DNS. The forwarders section is the *only* entry in your network where your ISP's DNS should be listed.

Frequently Asked Questions About Windows 2000 DNS and Windows Server 2003 DNS
http://support.microsoft.com/?kbid=291382

Best practices for DNS client settings in Windows 2000 Server and in Windows Server 2003
http://support.microsoft.com/?kbid=825036
0
 
LVL 5

Expert Comment

by:SKULLS_Hawk
Comment Utility
0
 

Expert Comment

by:jboub
Comment Utility
After upgrading from 2000 to 2003 and following recommended DNS practices, we still came into a 'DNS Island" issue. After pointing the DNS/DC to itself and then to an alternative DNS/DC server in the same site,, then flushing DNS cache on all DC's, reboot, all DNS issues cleared.
In Windows Server 2003, the recommended DNS configuration is to configure the DNS client settings on all DNS servers to use themselves as their own primary DNS server, and to use a different domain controller in the same domain as their alternative DNS server, preferably another domain controller in the same site. This process also works around the DNS "Island" problem in Windows 2000. You must always configure the DNS client settings on each domain controller's network interface to use the alternative DNS server addresses in addition to the primary DNS server address.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
Trying to figure out group policy inheritance and which settings apply where can be a chore.  Here's a very simple summary I've written which might help.  Keep in mind, this is just a high-level conceptual overview where I try to avoid getting bogge…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now