Windows cannot obtain the domain controller name for your computer network return value(59)

I had a similar issue, i rejoined the domain which sorted it.  Not sure if that will help you tho.

here is the TechNet article on it;
http://support.microsoft.com/default.aspx?scid=kb;en-us;834859

I have already done that , and no luck :( oh by the way all my server are win2k

have you tried it via the NetBios domain Name and the FQDN?

http://support.microsoft.com/default.aspx?scid=kb;en-us;326152

You seen this?

D

Also on your Domain Controller check your server settings by typing;

netdiag

Might show up somethnig.

And this one too....

http://support.microsoft.com/default.aspx?scid=kb;en-us;840669

D

Yes I saw the gigabit issue but the users at my lmain office arent having any problems so I assumed that wouldnt be the issue.

The error message I posted was from a Win2k Pro machine, however my Xp machines are having the same problems

but at the remote sites, they're on VPN, the GB is much quicker than  the VPN, right? Could be the issue...especially if you already put a DC at the remote sites as a test, and it worked fine....

D

have you tried "netdiag" from the Domain Controller....?

Just ran the netdiag and everything passed :(

Question about the network adapter, should i do that on my DC's or my users PC?

Well, it leaves it open for both server and client, but I'd try the client level first, since the local users don't have the issue. Try it on one or 2 of the clients remotely.

D

Rejoined the domain as  D1978 said and still same issues.

Tried the regedit and no luck still.

FYI here is what my XP machines are giving me.

" Windows cannot obtain the domain controller name for your computer network. (An unexpected network error occurred). Group Policy processing aborted."

Hope that info helps you all help me!!

How high did you go with the setting? If 60 didn't work, what else did you try?

D

Have you tried putting the IP address in instead of the DC name?

You may be forced to put a DC at each remote office.

On the computers do you log into the VPN first or after logging into the desktop?  Try setting up the system so you need to log into VPN first.

The VPN is always connected, I have a NG-1 box and the rest are VPN edge boxes

Surely I wouldnt have to put a DC at each local, we are all on T1's and there arent that many users at each office, one only has 3 ppl!!

No, that's overkill. Has it ever worked? Could the VPN be blocking something vital? Is it possible to force the policy AFTER the logon, or does that fail too?

D

I do a gpupdate on the machines(xp ones) once they are logon to the domain and nothing  happens, I am at a loss at this point, I dont know what it could be blocking......Has anyone ever heard of a firewall blocking LDAP?

review the event logs, I just have to believe there's something in there we're missing. The clients only have one internal DNS server, right? Not an external too?

We have two internal DNS servers both at the main office, then of course the forward any unknow packets to the internet. All users are using the internal DNS server, they are setup statically. Ill look over the logs again and post if I find something

My event log just has the same error over and over, Ive even checked to DC's logs but they do not have any errors.

I have seen problems with GPO's being applied over slower links - there are some settings that you can change within the GPO editor to help with this...
Try User Configuration => Administrative Templates => System => Group Policy....
Under there look for "GPO slow link detection" and GPO domain controller selection"
"GPO slow link detection" also appears in Computer Confguration as well....
See if these setting help...
J

>I'm having problems pushing our group policy to remote users. I have organizational units setup with policies on each. Some of our >remote users are in these OU's, and I want them to be on the same level as the home office. I have VPN setup to where it comes >up prior to the Windows login screen (for them). Once connected to VPN, they log into Windows. This should technically log them >into the domain, but it doesn't appear the policies are pushed properly. I've already tried the /refreshpolicy from the cmd-line. >Ideas?  

Similar problem, this was suggested by   Jeremy Moskowitz  The first thing to check is to see if they are really logged on to the domain. My tool of choice for this task is KERBTRAY, found in the resource kit. KERBTRAY can let you know if user is, in fact, logged in to the domain. If the user IS logged in to the domain, the other thing I would check next is the connection speed. The policy setting named "Group Policy Slow Link Detection" can help you manage at what speed GPOs will be processed.

Thanks Alex the regedits really did the trick

sweet....

I appreciate this Alex.  You really got me out of a bind with your ICMP find.

If you want to resolve this without the registry then you can configure your firewall to not inspect for ICMP fragments because that is what they show up as to the firewall.

Thanks again.

Hi Alex, I have windows 2003 (not a domain controller) where about would I insert this registry fix for a 2003 server?

I had/have this issue, too.  I, too, use Checkpoint firewall's as VPN endpoints.  I think it is something with checkpoint filtering.  I've never had this problem before with any other devices.  In fact, one client of ours was working fine with a single DC, many satelite office setup, until they were put behind checkpoint firewalls.  We had to put this in place on every new machine that goes out.  When I called checkpoint, they acted like no one had ever called in with this problem.  Quite shocking if you ask me.  I am even having a similar problem with servers on different VLAN's all behind the same Checkpoint at our datacenter.

I also had to disable "block ping of death" checks on Draytek VPN routers.

thanks alex your solution worked a treat been trying to work thsi out for friggin ages ... absolute beit with regard jmsjms comment. I run draytek routers here and with dos defense disable i still couldn't get the group policy to update.. as soon as i run an update with alex's registry keys worked 1st time...
so don't think the ping of death is the causing this issue

I had this issue on a Check Point device as well. Going into SmartDefense and setting the 'Max Ping Size' to 2048 resolved the issue.

Alex,
Good research and a great article, we had been working on this for 2 days before I stumbled on this artlcle and it was an instant success....

Thank You!

Optional automation to help push out to large number of remote site/clients:

1) Download PsExec.exe from http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx, place/extract to \\domain_name\netlogon folder

2) Create a temporary (Domain User) service account that has local admin permissions on each workstation, i.e. – Gpfix (user account)

3) Open notepad, paste the aforementioned registry entries:

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
"GroupPolicyMinTransferRate"=dword:00000000

Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System]
"GroupPolicyMinTransferRate"=dword:00000000

4) “Save As” Mintrans.reg in the \\domain_name\netlogon folder

5) Open notepad, paste the following:

@echo off
regedit /s \\domain_name\netlogon\mintrans.reg
gpupdate /force

6) “Save As” gp_fix.bat in the \\domain_name\netlogon folder

7) Open notepad, paste the following:

@echo off
\\domain_name\netlogon\psexec.exe gp_fix.bat -u domain_name\Gpfix -p password

8) “Save As” psexec.bat in the \\domain_name\netlogon folder

9) Add \\domain_name\netlong\psexec.bat to your existing login script

10) Be sure to disable/delete the “Gpfix” user account when done

*note – be sure to replace following entries with your environmental variables:
Domain_name = with your Domain name
Password = Password for your “Gpfix” user account

If using Windows Firewall you will need to add a line to disable the firewall, so step #5 above will look like this:

@echo off
netsh firewall set opmode disable
regedit /s \\domain_name\netlogon\mintrans.reg
gpupdate /force