Solved

Event ID 1000 errors on DFS enabled servers

Posted on 2004-09-22
7
927 Views
Last Modified: 2010-05-18
We run a Windows 2000 Active Directory domain which has a number of servers.  Two are domain controllers and the remainder member servers.  All these servers run service pack 4 and most are patched up.

We have installed and configured DFS and everything has been running fine until recently.  On all servers configured as Root replicas or replicas we get the following event messages in the application log:

Windows cannot determine the user or computer name. Return value (1359).
Windows cannot determine the user or computer name. Return value (1722).
Windows cannot determine the user or computer name. Return value (1326).

These messages appear normally from around 18:00 through the night until 08:00.  

I have checked MS knowledgebase for fixes to no avail.  DNS is configured and working fine.  AD replication is fine and I have run DCDIAG and NETDIAG with no problems except the following:

Starting test: frssysvol
         There are errors after the SYSVOL has been shared.
         The SYSVOL can prevent the AD from starting.

No other servers experience this error except the DFS servers.

Can anyone shed any light please?
0
Comment
Question by:p_tippett
  • 3
  • 3
7 Comments
 
LVL 30

Expert Comment

by:SteveGTR
ID: 12122646
0
 

Author Comment

by:p_tippett
ID: 12122988
I've seen two of those techdocs, however it is impractical for us to demote our DC's and then promote them again.  This setup has been working fine with not one of these errors for approx 3 years, until recently when these messages started to appear.

I will add the "DNS suffix for this connection", and test but I do not think that will resolve the problem.  I can quite happliy ping by hostname, IP addr, FQDN and perform NSLOOKUP's against each machine.  Active Directory replicates quite happily regularly and why would it only occur during the night?
0
 
LVL 15

Expert Comment

by:Yan_west
ID: 12123071
From event id

Value 1722 - "The RPC Server is unavailable" - Usually occurs when DNS servers are not configured properly. There is connectivity but not at the service level. See the Q260371 link below for troubleshooting such issues. One note here, usually it may appear that DNS is set properly but one has to double-check all the aspects of DNS registration/resolution as the problem may not be that obvious. See also Q261007 (http://support.microsoft.com/default.aspx?scid=kb;en-us;Q261007) - It says that this behavior can occur if the address for the configured preferred DNS server on the client is invalid or unreachable.
From a newsgroup post: "Do the following to ensure that the SRV records for the AD servers are in DNS properly: (from the DOS prompt)

nslookup
set type=srv
set type=srv
_ldap._tcp.dc._msdcs.YOURDOMAIN.COM
Server:  dnsserver.yourdomain.com
Address:  192.168.100.2

you should see something like this:

_ldap._tcp.dc._msdcs.YOURDOMAIN.COM       SRV service location:
          priority       = 0
          weight         = 100
          port           = 389
          svr hostname   = server1.YOURDOMAIN.COM
_ldap._tcp.dc._msdcs.YOURDOMAIN.COM       SRV service location:
          priority       = 0
          weight         = 100
          port           = 389
          svr hostname   = server2.YOURDOMAIN.COM
server1.YOURDOMAIN.COM       internet address = 1.1.1.2
server2.YOURDOMAIN.COM  nternet address = 1.1.1.1

If you don't then you definately have a DNS problem.

I would also recommend running the dcdiag and netdiag utilities on
your domain controllers.  If you find that the servers aren't in DNS,
then make sure dynamic updates are enabled on your DNS server and
restart the netlogon server on each of your DCs."
0
Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

 
LVL 15

Expert Comment

by:Yan_west
ID: 12123085
Value 1359 - "An internal error occurred." - In Windows 2000 using the same name for a user and a machine is a no-no I've been told. After we upgraded some workstations from NT using the same value for user name and computer name, this message would be generated. I noticed Windows 2000 added a "1" at the end of the machine name. The log on the workstation no longer generated the message. Solution: Do not use the same name for a machine name and user name.
0
 
LVL 15

Accepted Solution

by:
Yan_west earned 500 total points
ID: 12123110
Error 1326: This error may occur when an user account is left logged onto a PC, and is disabled by an administrator in the background. Once the Disabled ID is logged off, the error goes away.

Value 1326 = ""Logon failure: unknown user name or bad password." - This will occur if a Terminal Session is disconnected and not logged off and susequently the users logon password is changed. You will still have access to the "stale" session with the new password. This commonly happens with Administrators, who leave the session open by disconnecting so as to leave a program running. Since an Administrator can log back onto the session with the new password it can be overlooked. Terminate the Terminal Services session by logging out and the problem will disappear.  
0
 

Author Comment

by:p_tippett
ID: 12123171
Thanks for your comments.  

I have checked our DNS Server (and configuration wise) and all the Active Directory Service records do exist, however when I type in at the DOS prompt it says unrecognised command - I think maybe I am typing something in wrong.  I have also run DCDIAG and NETDIAG - all tests OK except:

Starting test: frssysvol
         There are errors after the SYSVOL has been shared.
         The SYSVOL can prevent the AD from starting.

Again why would everything work fine for 3 years until a few weeks ago?
0
 

Author Comment

by:p_tippett
ID: 12123194
We have no user or PC names the same.  Don't forget these errors occur during the night.  I don't know about you but certainly won't be logging in and changing my password at 3:00am in the morning!!!!

By the way I have looked at www.eventid.net.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
This article will show you how to create an ISO CD-ROM/DVD-ROM image (*.iso), and MD5 checksum signature, for use with VMware vSphere Hypervisor 6.5 (ESXi 6.5). It's a good idea to compare checksums, because many installations fail because of a corr…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now