Event ID 1030 Logged On XP Machiens

I have several XP Machines in my 2003 domain that have multiple event ID: 1030 entries in their application logs.   On the same machines I'm also getting Information events in the app. log that say "Security policy in the Group policy objects has been applied successfully."   My logon scripts are still running, and it appears that my other GPO setting (password protect screensaver) works as well.     I was also able to create a test GPO, run gpupdate on my xp machine, and have the changes to into effect immediately.   I can't figure out why I'm still receiving the 1030 entries.

I think it may have something to do with DNS.   When I ping "domainname.com" I receive a different IP then my domain controllers.   When I look at my dns entries there are several A records that are named (same as parent folder).   Two of these records are my domain controllers which is ok, but I have no idea where the otehr IP's came from, and they aren't pingable either.   Did someone add those manually, or was it done dynamically somehow?  Is it safe to just remove them, or should I investigate into this first?   Would this also explain why some users are experiencing netbios related issues, like not being able to connect to network shares even though name resolution is working fine.

Any help is greatly appreciated.   Thanks.
cogentsystemsAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

masterbakerCommented:
I'm guessing those extra DNS entries are causing your problems.  It sounds like that's what you're thinking too.  I imagine those entries were from previous domain controllers that have been decommissioned improperly.  They could also have been created manually by someone.  In any case, I think you can safely remove them.  If they aren't even pingable, there's no reason they need to resolve to anything.

So remove them and see if things get better over the next day or however long your clients are allowed to cache these entries (I doubt any more than 2 days).

Jeff
cogentsystemsAuthor Commented:
I've removed these stale IP's and ran an ipconfig /flushdns.   I'm now able to ping "domainname.com", but I'm getting responses from my DC in a different site then I'm in.   Will this cause some latency issues with any other windows services?   How can I make it so my local DC's respond to this type of request?   Thanks for your help.
masterbakerCommented:
If you have an AD domain that has multiple sites then you may need to look into splitting up your domain.  What I mean is, you may want to create an OU for each site and then place the users, computers, and local DCs in it.  This should keep the traffic locally.  If you just one, wide-open domain with multiple sites in it without breaking it up, you could very well end up with computers talking to DCs over WAN links.
Microsoft Azure 2017

Azure has a changed a lot since it was originally introduce by adding new services and features. Do you know everything you need to about Azure? This course will teach you about the Azure App Service, monitoring and application insights, DevOps, and Team Services.

cogentsystemsAuthor Commented:
I have multiple VLAN's setup and assigned to specific sites.   If my VLAN here at my corporate office is only tied to my local site, then I shouldn't be sending any traffic to any other site right.    Is there a way to place an OU in a specific site?   Thanks.
masterbakerCommented:
Well Active Directory is separate from VLANs.  AD has its own heirarchial structure that controls how communication occurs.  So you'd need to determine which computers are on which VLANs and then create OUs in AD for those sites or VLANs and place the appropriate objects in them.  This isn't something you want to jump into too quickly.  You should definitely spend some time planning this out and making sure that the changes are beneficial.  For example, if you have three VLANs at one site, you may just want to create one OU for the entire site instead of one for each VLAN, assuming the inter-VLAN traffic is all carried on a fast backbone connection.

Creating the perfect AD structure really requires a good understanding of your own environment as well as a good understanding of how AD works.  You might want to grab a book on AD design and see if you can pick up any good ideas there.  It sounds like you have a good sized group and it could require a lot of planning.

Jeff

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
cogentsystemsAuthor Commented:
Ok.  Thanks for everything Jeff.  It looks like removing those stale entries fixed the problem.  I haven't anymore events occur in the app. log.  
masterbakerCommented:
Good deal.  I'm glad I could help out.

Jeff
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Networking

From novice to tech pro — start learning today.