Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

losing privileges on an xp client

Posted on 2006-05-26
16
Medium Priority
?
481 Views
Last Modified: 2008-01-16
I have a roaming profile and folder redirection.

I log on fine the first time. Everything is fine till I leave the computer idling for about 6 hours while I'm at work.

I come back and get delayed write errors. Can't write to any network shares.

If I log out and attempt to log back in it does a temporary profile, cause it can't seem to find my profile.

I have to restart my computer. It works fine after I reboot.

Windows XP Professional - Client

Windows 2003 Server - Domain Controller
0
Comment
Question by:pcvii
  • 9
  • 7
16 Comments
 

Author Comment

by:pcvii
ID: 16773097
On the XP client:
I disabled uphclean service because this is the only machine that has it. So I thought it could be causing the trouble. Only time will tell.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16773635
Hi pcvii,

what logs do you get in the event viewer?
0
 

Author Comment

by:pcvii
ID: 16776351
errors from client machine-

Event Type:      Error
Event Source:      UserInit
Event Category:      None
Event ID:      1000
Date:            5/27/2006
Time:            2:13:48 PM
User:            N/A
Computer:      PCVII
Description:
Could not execute the following script \\apartment.msft\SysVol\apartment.msft\scripts\auto.bat. Configuration information could not be read from the domain controller, either because the machine is unavailable, or access has been denied.
.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:      Error
Event Source:      Userenv
Event Category:      None
Event ID:      1053
Date:            5/27/2006
Time:            2:13:31 PM
User:            NT AUTHORITY\SYSTEM
Computer:      PCVII
Description:
Windows cannot determine the user or computer name. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:      Error
Event Source:      AutoEnrollment
Event Category:      None
Event ID:      15
Date:            5/27/2006
Time:            2:10:18 PM
User:            N/A
Computer:      PCVII
Description:
Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b).  The specified domain either does not exist or could not be contacted.
  Enrollment will not be performed.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:      Information
Event Source:      SecurityCenter
Event Category:      None
Event ID:      1807
Date:            5/27/2006
Time:            2:07:13 PM
User:            N/A
Computer:      PCVII
Description:
The Security Center service has been stopped.  It was prevented from running by a software group policy.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:      Warning
Event Source:      Userenv
Event Category:      None
Event ID:      1517
Date:            5/27/2006
Time:            2:04:48 PM
User:            NT AUTHORITY\SYSTEM
Computer:      PCVII
Description:
Windows saved user APARTMENT\robert registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

 This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:      Warning
Event Source:      SceCli
Event Category:      None
Event ID:      1202
Date:            5/27/2006
Time:            7:53:58 AM
User:            N/A
Computer:      PCVII
Description:
Security policies were propagated with warning. 0x4b8 : An extended error has occurred.

For best results in resolving this event, log on with a non-administrative account and search http://support.microsoft.com for "Troubleshooting Event 1202's".

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 

Author Comment

by:pcvii
ID: 16776495
We noticed on the server, the DNS server was using 100% cpu.

So we restarted the service and went into the router and moved the DC into the secondary DNS server slot.

We're hoping that helps the problem.

On the client we removed the roaming user account from the Administrators group. Since the account is in the Domain Admins group.
0
 

Author Comment

by:pcvii
ID: 16780317
I think most of the errors are showing up on here http://support.microsoft.com/kb/278316/en-us I think I'm going to try to see if the instructions on there fixes it.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16781049
wow man you got a few errors cranking there! how goes it now that DNS is pointing somewhere else?
0
 

Author Comment

by:pcvii
ID: 16781247
well i'm still getting a few errors in the error log. but don't seem to be having the same problem of losing access.

i desided to do a fresh install of windows but i'm not sure why but i'm still getting 2 errors so far. soon as I rejoined to the domain.

Event Type:      Error
Event Source:      AutoEnrollment
Event Category:      None
Event ID:      15
Date:            5/28/2006
Time:            7:58:29 PM
User:            N/A
Computer:      PCVII
Description:
Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b).  The specified domain either does not exist or could not be contacted.
  Enrollment will not be performed.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:      Error
Event Source:      Userenv
Event Category:      None
Event ID:      1053
Date:            5/28/2006
Time:            7:57:21 PM
User:            NT AUTHORITY\SYSTEM
Computer:      PCVII
Description:
Windows cannot determine the user or computer name. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16781262
can you confirm your dns settings are pointing only to your DNS server
0
 

Author Comment

by:pcvii
ID: 16781986
Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . : apartment.msft
        Description . . . . . . . . . . . : Intel(R) PRO/100 VM Desktop Adapter
        Physical Address. . . . . . . . . : 00-60-8F-20-29-8F
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 192.168.0.7
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.0.1
        DHCP Server . . . . . . . . . . . : 192.168.0.1
        DNS Servers . . . . . . . . . . . : 192.168.0.150
                                            192.168.0.1

192.168.0.1 is my router
192.168.0.150 is my dc and dns server

i managed to get rid of the auto enrollment error by removing the machine from the active directory and rebooting the dc and putting this machine in a workgroup and then putting it back in the domain.

but i'm still getting

Event Type:     Warning
Event Source:     Userenv
Event Category:     None
Event ID:     1517
Date:          5/27/2006
Time:          2:04:48 PM
User:          NT AUTHORITY\SYSTEM
Computer:     PCVII
Description:
Windows saved user APARTMENT\robert registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

 This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:     Warning
Event Source:     SceCli
Event Category:     None
Event ID:     1202
Date:          5/27/2006
Time:          7:53:58 AM
User:          N/A
Computer:     PCVII
Description:
Security policies were propagated with warning. 0x4b8 : An extended error has occurred.

the userenv error seems to be caused by the scecli warning.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16782032
0
 

Author Comment

by:pcvii
ID: 16782058
i found more info in the winlogon.log about the scecli


**************************

Make a local copy of \\apartment.msft\SysVol\apartment.msft\Policies\{FC2F1215-1272-486A-8ECF-F0F120B6767B}\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.inf.
GPLinkOrganizationUnit GPO_INFO_FLAG_BACKGROUND )

Make a local copy of \\apartment.msft\sysvol\apartment.msft\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.inf.
GPLinkDomain GPO_INFO_FLAG_BACKGROUND )

Process GP template gpt00000.inf.

This is not the last GPO.
-------------------------------------------
Monday, May 29, 2006 1:17:58 AM
      Administrative privileged user logged on.
      Parsing template C:\WINDOWS\security\templates\policies\gpt00000.inf.
Error 1208: An extended error has occurred.
       Error creating database.
----Configuration engine was initialized with one or more errors.----


----Un-initialize configuration engine...
0
 

Author Comment

by:pcvii
ID: 16782068
I installed UPHclean  it could help. but I don't think it's related. I had it installed before I reinstalled windows.

I wonder if the errors are caused because two gpo's are being applied to my user.

it was setup so everyone gets one big gpo and I get a gpo with a few customizations for me. like my login script.
0
 
LVL 48

Accepted Solution

by:
Jay_Jay70 earned 750 total points
ID: 16782070
no luck with the ms link?
0
 

Author Comment

by:pcvii
ID: 16782109
no but i think i found something here http://www.eventid.net/display.asp?eventid=1202&eventno=348&source=SceCli&phase=1

it said to rename the stuff in %systemroot%\security\databases

so I did and rebooted and checked the log and no errors were reported. so I am assuming that worked :P

ty for the help for now I'm gonna consider this closed.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16782111
aight mate, if its closed can you make sure you close it so its not left open and myself or someone else has to clean it later!
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16782115
oh thanks mate, i was thinking you could get your points back if you solved yourself :)
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup usin…
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
As many of you are aware about Scanpst.exe utility which is owned by Microsoft itself to repair inaccessible or damaged PST files, but the question is do you really think Scanpst.exe is capable to repair all sorts of PST related corruption issues?

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question