Solved

EVENT ID 1030 & 1090 USERENV

Posted on 2004-09-10
4
62,232 Views
Last Modified: 2012-06-21
have three w2k3 server in a 2000 native domain. Since yesterday I started recieveing the following errors in my event logs
Error 1:Event Type:     Error
Event Source:     Userenv
Event Category:     None
Event ID:     1030
Date:          7/7/2004
Time:          3:23:18 PM
User:          NT AUTHORITY\SYSTEM
Computer:     Servername
Description:
Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Error 2:Event Type:     Error
Event Source:     Userenv
Event Category:     None
Event ID:     1097
Date:          7/7/2004
Time:          3:23:18 PM
User:          NT AUTHORITY\SYSTEM
Computer:     servername
Description:
Windows cannot find the machine account, The Local Security Authority cannot be contacted


¿Where is the problem????, is very important . A lot of thanks.
0
Comment
Question by:tudeatico
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 9

Expert Comment

by:imnajam
ID: 12031021
7561 » You receive event ID 1097 and event ID 1030 errors when a Windows Server 2003 domain controller starts?



When you restart a Windows Server 2003 DC, the Application event log contains:

Event Source: Userenv
Event Category: None
Event ID: 1030
Date: <date>
Time: <time>
Type: Error
User: NT AUTHORITY\SYSTEM
Computer: <ServerName>
Description: Windows cannot query the list of Group Policy objects. A message that describes the reason for this was previously logged by the policy engine.


Event Source: Userenv
Event Category: None
Event ID: 1097
Date: <date>
Time: <time>
Type: Error
User: NT AUTHORITY\SYSTEM
Computer: <ServerName>
Description: Windows cannot find the machine account. No authority could be contacted for authentication.

The %SystemRoot%\Debug\Netlogon.log file contains:

<date> <time> [CRITICAL] NetpDcHandlePingResponse: DomainName.Com.: Netlogon is paused on the server. 0x14
<date> <time> [MISC] NetpDcGetName: DomainName.Com. using cached information
<date> <time> [MISC] DsGetDcName function returns 0: Dom:RTMS_PDC Acct:(null) Flags: DS NETBIOS RET_DNS
<date> <time> [SITE] DsrGetSiteName: Returning site name 'Default-First-Site-Name' from local cache.
<date> <time> [LOGON] SamLogon: Generic logon of DomainName.Com\(null) from (null) Package:Kerberos Entered
<date> <time> [LOGON] SamLogon: Generic logon of DomainName.Com\(null) from (null) Package:Kerberos Returns 0xC00002F5

This behavior will occur if any of the following is true:

1. Your one other domain controller are also starting up.

2. A local or remote program sends a request to the PDC Emulator and it is starting up.

3. Your only domain controller is starting up and the NetLogon and Directory Services are NOT yet ready to service requests, and respond to queries with a 'netlogon paused' message.

NOTE: These errors should be temporary. When NetLogon is ready, it should respond to requests.

To workaround this behavior, try not to start multiple domain controllers at the same time. If you only have one domain controller, either add another, or attempt to delay the start of the requesting local service or local program.


SOURCE:http://www.jsiinc.com/SUBP/tip7500/rh7561.htm

HOPE IT HELPS
0
 
LVL 85

Accepted Solution

by:
oBdA earned 500 total points
ID: 12034159
On which machines do you receive these errors? Are they DCs or member server? Are your DNS settings OK? On your DC/DNS, and on all of your domain members, make sure the DC's address *only* is listed in the TCP/IP properties (be that via DHCP or static; do NOT use 127.0.0.1 on the DNS itself!). That makes sure your internal lookups work correctly. If you have more than one DC, make sure the primary DNS on your first DC points to itself, secondary empty, on the other DCs (assuming they're running DNS), set the primary DNS to the "first" DC, secondary to itself.
For internet access, delete the root zone (if present; it's the single dot: ".") on your DNS in your forward lookup zones. Then open the properties page of your DNS server and configure forwarders to point to your ISP's DNS. The forwarders section is the *only* entry in your network where your ISP's DNS should be listed.

Frequently Asked Questions About Windows 2000 DNS and Windows Server 2003 DNS
http://support.microsoft.com/?kbid=291382

Best practices for DNS client settings in Windows 2000 Server and in Windows Server 2003
http://support.microsoft.com/?kbid=825036
0
 

Expert Comment

by:jboub
ID: 14095760
After upgrading from 2000 to 2003 and following recommended DNS practices, we still came into a 'DNS Island" issue. After pointing the DNS/DC to itself and then to an alternative DNS/DC server in the same site,, then flushing DNS cache on all DC's, reboot, all DNS issues cleared.
In Windows Server 2003, the recommended DNS configuration is to configure the DNS client settings on all DNS servers to use themselves as their own primary DNS server, and to use a different domain controller in the same domain as their alternative DNS server, preferably another domain controller in the same site. This process also works around the DNS "Island" problem in Windows 2000. You must always configure the DNS client settings on each domain controller's network interface to use the alternative DNS server addresses in addition to the primary DNS server address.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes you might need to configure routing based not only on destination IP address, but also on a combination of destination IP address (or hostname) and destination port number. I will describe a method how to accomplish this with free tools. …
Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question