Solved

Event ID 1000 errors on DFS enabled servers

Posted on 2004-09-22
7
937 Views
Last Modified: 2010-05-18
We run a Windows 2000 Active Directory domain which has a number of servers.  Two are domain controllers and the remainder member servers.  All these servers run service pack 4 and most are patched up.

We have installed and configured DFS and everything has been running fine until recently.  On all servers configured as Root replicas or replicas we get the following event messages in the application log:

Windows cannot determine the user or computer name. Return value (1359).
Windows cannot determine the user or computer name. Return value (1722).
Windows cannot determine the user or computer name. Return value (1326).

These messages appear normally from around 18:00 through the night until 08:00.  

I have checked MS knowledgebase for fixes to no avail.  DNS is configured and working fine.  AD replication is fine and I have run DCDIAG and NETDIAG with no problems except the following:

Starting test: frssysvol
         There are errors after the SYSVOL has been shared.
         The SYSVOL can prevent the AD from starting.

No other servers experience this error except the DFS servers.

Can anyone shed any light please?
0
Comment
Question by:p_tippett
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 

Author Comment

by:p_tippett
ID: 12122988
I've seen two of those techdocs, however it is impractical for us to demote our DC's and then promote them again.  This setup has been working fine with not one of these errors for approx 3 years, until recently when these messages started to appear.

I will add the "DNS suffix for this connection", and test but I do not think that will resolve the problem.  I can quite happliy ping by hostname, IP addr, FQDN and perform NSLOOKUP's against each machine.  Active Directory replicates quite happily regularly and why would it only occur during the night?
0
 
LVL 15

Expert Comment

by:Yan_west
ID: 12123071
From event id

Value 1722 - "The RPC Server is unavailable" - Usually occurs when DNS servers are not configured properly. There is connectivity but not at the service level. See the Q260371 link below for troubleshooting such issues. One note here, usually it may appear that DNS is set properly but one has to double-check all the aspects of DNS registration/resolution as the problem may not be that obvious. See also Q261007 (http://support.microsoft.com/default.aspx?scid=kb;en-us;Q261007) - It says that this behavior can occur if the address for the configured preferred DNS server on the client is invalid or unreachable.
From a newsgroup post: "Do the following to ensure that the SRV records for the AD servers are in DNS properly: (from the DOS prompt)

nslookup
set type=srv
set type=srv
_ldap._tcp.dc._msdcs.YOURDOMAIN.COM
Server:  dnsserver.yourdomain.com
Address:  192.168.100.2

you should see something like this:

_ldap._tcp.dc._msdcs.YOURDOMAIN.COM       SRV service location:
          priority       = 0
          weight         = 100
          port           = 389
          svr hostname   = server1.YOURDOMAIN.COM
_ldap._tcp.dc._msdcs.YOURDOMAIN.COM       SRV service location:
          priority       = 0
          weight         = 100
          port           = 389
          svr hostname   = server2.YOURDOMAIN.COM
server1.YOURDOMAIN.COM       internet address = 1.1.1.2
server2.YOURDOMAIN.COM  nternet address = 1.1.1.1

If you don't then you definately have a DNS problem.

I would also recommend running the dcdiag and netdiag utilities on
your domain controllers.  If you find that the servers aren't in DNS,
then make sure dynamic updates are enabled on your DNS server and
restart the netlogon server on each of your DCs."
0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 
LVL 15

Expert Comment

by:Yan_west
ID: 12123085
Value 1359 - "An internal error occurred." - In Windows 2000 using the same name for a user and a machine is a no-no I've been told. After we upgraded some workstations from NT using the same value for user name and computer name, this message would be generated. I noticed Windows 2000 added a "1" at the end of the machine name. The log on the workstation no longer generated the message. Solution: Do not use the same name for a machine name and user name.
0
 
LVL 15

Accepted Solution

by:
Yan_west earned 500 total points
ID: 12123110
Error 1326: This error may occur when an user account is left logged onto a PC, and is disabled by an administrator in the background. Once the Disabled ID is logged off, the error goes away.

Value 1326 = ""Logon failure: unknown user name or bad password." - This will occur if a Terminal Session is disconnected and not logged off and susequently the users logon password is changed. You will still have access to the "stale" session with the new password. This commonly happens with Administrators, who leave the session open by disconnecting so as to leave a program running. Since an Administrator can log back onto the session with the new password it can be overlooked. Terminate the Terminal Services session by logging out and the problem will disappear.  
0
 

Author Comment

by:p_tippett
ID: 12123171
Thanks for your comments.  

I have checked our DNS Server (and configuration wise) and all the Active Directory Service records do exist, however when I type in at the DOS prompt it says unrecognised command - I think maybe I am typing something in wrong.  I have also run DCDIAG and NETDIAG - all tests OK except:

Starting test: frssysvol
         There are errors after the SYSVOL has been shared.
         The SYSVOL can prevent the AD from starting.

Again why would everything work fine for 3 years until a few weeks ago?
0
 

Author Comment

by:p_tippett
ID: 12123194
We have no user or PC names the same.  Don't forget these errors occur during the night.  I don't know about you but certainly won't be logging in and changing my password at 3:00am in the morning!!!!

By the way I have looked at www.eventid.net.
0

Featured Post

The Ultimate Checklist to Optimize Your Website

Websites are getting bigger and complicated by the day. Video, images, custom fonts are all great for showcasing your product/service. But the price to pay in terms of reduced page load times and ultimately, decreased sales, can lead to some difficult decisions about what to cut.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Popular third-party chat platforms like Slack, Discord, and Telegram are just a few of the many new productivity applications that are being hijacked by cybercriminals to create command-and-control (C&C) communications infrastructures for their malw…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question