Solved

Event ID 1000 errors on DFS enabled servers

Posted on 2004-09-22
7
935 Views
Last Modified: 2010-05-18
We run a Windows 2000 Active Directory domain which has a number of servers.  Two are domain controllers and the remainder member servers.  All these servers run service pack 4 and most are patched up.

We have installed and configured DFS and everything has been running fine until recently.  On all servers configured as Root replicas or replicas we get the following event messages in the application log:

Windows cannot determine the user or computer name. Return value (1359).
Windows cannot determine the user or computer name. Return value (1722).
Windows cannot determine the user or computer name. Return value (1326).

These messages appear normally from around 18:00 through the night until 08:00.  

I have checked MS knowledgebase for fixes to no avail.  DNS is configured and working fine.  AD replication is fine and I have run DCDIAG and NETDIAG with no problems except the following:

Starting test: frssysvol
         There are errors after the SYSVOL has been shared.
         The SYSVOL can prevent the AD from starting.

No other servers experience this error except the DFS servers.

Can anyone shed any light please?
0
Comment
Question by:p_tippett
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 
LVL 30

Expert Comment

by:SteveGTR
ID: 12122646
0
 

Author Comment

by:p_tippett
ID: 12122988
I've seen two of those techdocs, however it is impractical for us to demote our DC's and then promote them again.  This setup has been working fine with not one of these errors for approx 3 years, until recently when these messages started to appear.

I will add the "DNS suffix for this connection", and test but I do not think that will resolve the problem.  I can quite happliy ping by hostname, IP addr, FQDN and perform NSLOOKUP's against each machine.  Active Directory replicates quite happily regularly and why would it only occur during the night?
0
 
LVL 15

Expert Comment

by:Yan_west
ID: 12123071
From event id

Value 1722 - "The RPC Server is unavailable" - Usually occurs when DNS servers are not configured properly. There is connectivity but not at the service level. See the Q260371 link below for troubleshooting such issues. One note here, usually it may appear that DNS is set properly but one has to double-check all the aspects of DNS registration/resolution as the problem may not be that obvious. See also Q261007 (http://support.microsoft.com/default.aspx?scid=kb;en-us;Q261007) - It says that this behavior can occur if the address for the configured preferred DNS server on the client is invalid or unreachable.
From a newsgroup post: "Do the following to ensure that the SRV records for the AD servers are in DNS properly: (from the DOS prompt)

nslookup
set type=srv
set type=srv
_ldap._tcp.dc._msdcs.YOURDOMAIN.COM
Server:  dnsserver.yourdomain.com
Address:  192.168.100.2

you should see something like this:

_ldap._tcp.dc._msdcs.YOURDOMAIN.COM       SRV service location:
          priority       = 0
          weight         = 100
          port           = 389
          svr hostname   = server1.YOURDOMAIN.COM
_ldap._tcp.dc._msdcs.YOURDOMAIN.COM       SRV service location:
          priority       = 0
          weight         = 100
          port           = 389
          svr hostname   = server2.YOURDOMAIN.COM
server1.YOURDOMAIN.COM       internet address = 1.1.1.2
server2.YOURDOMAIN.COM  nternet address = 1.1.1.1

If you don't then you definately have a DNS problem.

I would also recommend running the dcdiag and netdiag utilities on
your domain controllers.  If you find that the servers aren't in DNS,
then make sure dynamic updates are enabled on your DNS server and
restart the netlogon server on each of your DCs."
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 
LVL 15

Expert Comment

by:Yan_west
ID: 12123085
Value 1359 - "An internal error occurred." - In Windows 2000 using the same name for a user and a machine is a no-no I've been told. After we upgraded some workstations from NT using the same value for user name and computer name, this message would be generated. I noticed Windows 2000 added a "1" at the end of the machine name. The log on the workstation no longer generated the message. Solution: Do not use the same name for a machine name and user name.
0
 
LVL 15

Accepted Solution

by:
Yan_west earned 500 total points
ID: 12123110
Error 1326: This error may occur when an user account is left logged onto a PC, and is disabled by an administrator in the background. Once the Disabled ID is logged off, the error goes away.

Value 1326 = ""Logon failure: unknown user name or bad password." - This will occur if a Terminal Session is disconnected and not logged off and susequently the users logon password is changed. You will still have access to the "stale" session with the new password. This commonly happens with Administrators, who leave the session open by disconnecting so as to leave a program running. Since an Administrator can log back onto the session with the new password it can be overlooked. Terminate the Terminal Services session by logging out and the problem will disappear.  
0
 

Author Comment

by:p_tippett
ID: 12123171
Thanks for your comments.  

I have checked our DNS Server (and configuration wise) and all the Active Directory Service records do exist, however when I type in at the DOS prompt it says unrecognised command - I think maybe I am typing something in wrong.  I have also run DCDIAG and NETDIAG - all tests OK except:

Starting test: frssysvol
         There are errors after the SYSVOL has been shared.
         The SYSVOL can prevent the AD from starting.

Again why would everything work fine for 3 years until a few weeks ago?
0
 

Author Comment

by:p_tippett
ID: 12123194
We have no user or PC names the same.  Don't forget these errors occur during the night.  I don't know about you but certainly won't be logging in and changing my password at 3:00am in the morning!!!!

By the way I have looked at www.eventid.net.
0

Featured Post

Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
We have put together a white paper that aims to explain how MSPs can both improve their offering and ease the pain of after-hours service by: -Suggesting changes to workflow -Indicating how to rework policy to suit your team -Providing ConnectW…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question