pcvii
asked on
losing privileges on an xp client
I have a roaming profile and folder redirection.
I log on fine the first time. Everything is fine till I leave the computer idling for about 6 hours while I'm at work.
I come back and get delayed write errors. Can't write to any network shares.
If I log out and attempt to log back in it does a temporary profile, cause it can't seem to find my profile.
I have to restart my computer. It works fine after I reboot.
Windows XP Professional - Client
Windows 2003 Server - Domain Controller
I log on fine the first time. Everything is fine till I leave the computer idling for about 6 hours while I'm at work.
I come back and get delayed write errors. Can't write to any network shares.
If I log out and attempt to log back in it does a temporary profile, cause it can't seem to find my profile.
I have to restart my computer. It works fine after I reboot.
Windows XP Professional - Client
Windows 2003 Server - Domain Controller
Hi pcvii,
what logs do you get in the event viewer?
what logs do you get in the event viewer?
ASKER
errors from client machine-
Event Type: Error
Event Source: UserInit
Event Category: None
Event ID: 1000
Date: 5/27/2006
Time: 2:13:48 PM
User: N/A
Computer: PCVII
Description:
Could not execute the following script \\apartment.msft\SysVol\ap
.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1053
Date: 5/27/2006
Time: 2:13:31 PM
User: NT AUTHORITY\SYSTEM
Computer: PCVII
Description:
Windows cannot determine the user or computer name. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: AutoEnrollment
Event Category: None
Event ID: 15
Date: 5/27/2006
Time: 2:10:18 PM
User: N/A
Computer: PCVII
Description:
Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Information
Event Source: SecurityCenter
Event Category: None
Event ID: 1807
Date: 5/27/2006
Time: 2:07:13 PM
User: N/A
Computer: PCVII
Description:
The Security Center service has been stopped. It was prevented from running by a software group policy.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1517
Date: 5/27/2006
Time: 2:04:48 PM
User: NT AUTHORITY\SYSTEM
Computer: PCVII
Description:
Windows saved user APARTMENT\robert registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.
This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Warning
Event Source: SceCli
Event Category: None
Event ID: 1202
Date: 5/27/2006
Time: 7:53:58 AM
User: N/A
Computer: PCVII
Description:
Security policies were propagated with warning. 0x4b8 : An extended error has occurred.
For best results in resolving this event, log on with a non-administrative account and search http://support.microsoft.com for "Troubleshooting Event 1202's".
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: UserInit
Event Category: None
Event ID: 1000
Date: 5/27/2006
Time: 2:13:48 PM
User: N/A
Computer: PCVII
Description:
Could not execute the following script \\apartment.msft\SysVol\ap
.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1053
Date: 5/27/2006
Time: 2:13:31 PM
User: NT AUTHORITY\SYSTEM
Computer: PCVII
Description:
Windows cannot determine the user or computer name. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: AutoEnrollment
Event Category: None
Event ID: 15
Date: 5/27/2006
Time: 2:10:18 PM
User: N/A
Computer: PCVII
Description:
Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Information
Event Source: SecurityCenter
Event Category: None
Event ID: 1807
Date: 5/27/2006
Time: 2:07:13 PM
User: N/A
Computer: PCVII
Description:
The Security Center service has been stopped. It was prevented from running by a software group policy.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1517
Date: 5/27/2006
Time: 2:04:48 PM
User: NT AUTHORITY\SYSTEM
Computer: PCVII
Description:
Windows saved user APARTMENT\robert registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.
This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Warning
Event Source: SceCli
Event Category: None
Event ID: 1202
Date: 5/27/2006
Time: 7:53:58 AM
User: N/A
Computer: PCVII
Description:
Security policies were propagated with warning. 0x4b8 : An extended error has occurred.
For best results in resolving this event, log on with a non-administrative account and search http://support.microsoft.com for "Troubleshooting Event 1202's".
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
ASKER
We noticed on the server, the DNS server was using 100% cpu.
So we restarted the service and went into the router and moved the DC into the secondary DNS server slot.
We're hoping that helps the problem.
On the client we removed the roaming user account from the Administrators group. Since the account is in the Domain Admins group.
So we restarted the service and went into the router and moved the DC into the secondary DNS server slot.
We're hoping that helps the problem.
On the client we removed the roaming user account from the Administrators group. Since the account is in the Domain Admins group.
ASKER
I think most of the errors are showing up on here http://support.microsoft.com/kb/278316/en-us I think I'm going to try to see if the instructions on there fixes it.
wow man you got a few errors cranking there! how goes it now that DNS is pointing somewhere else?
ASKER
well i'm still getting a few errors in the error log. but don't seem to be having the same problem of losing access.
i desided to do a fresh install of windows but i'm not sure why but i'm still getting 2 errors so far. soon as I rejoined to the domain.
Event Type: Error
Event Source: AutoEnrollment
Event Category: None
Event ID: 15
Date: 5/28/2006
Time: 7:58:29 PM
User: N/A
Computer: PCVII
Description:
Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1053
Date: 5/28/2006
Time: 7:57:21 PM
User: NT AUTHORITY\SYSTEM
Computer: PCVII
Description:
Windows cannot determine the user or computer name. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
i desided to do a fresh install of windows but i'm not sure why but i'm still getting 2 errors so far. soon as I rejoined to the domain.
Event Type: Error
Event Source: AutoEnrollment
Event Category: None
Event ID: 15
Date: 5/28/2006
Time: 7:58:29 PM
User: N/A
Computer: PCVII
Description:
Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1053
Date: 5/28/2006
Time: 7:57:21 PM
User: NT AUTHORITY\SYSTEM
Computer: PCVII
Description:
Windows cannot determine the user or computer name. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
can you confirm your dns settings are pointing only to your DNS server
ASKER
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : apartment.msft
Description . . . . . . . . . . . : Intel(R) PRO/100 VM Desktop Adapter
Physical Address. . . . . . . . . : 00-60-8F-20-29-8F
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.0.7
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 192.168.0.150
192.168.0.1
192.168.0.1 is my router
192.168.0.150 is my dc and dns server
i managed to get rid of the auto enrollment error by removing the machine from the active directory and rebooting the dc and putting this machine in a workgroup and then putting it back in the domain.
but i'm still getting
Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1517
Date: 5/27/2006
Time: 2:04:48 PM
User: NT AUTHORITY\SYSTEM
Computer: PCVII
Description:
Windows saved user APARTMENT\robert registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.
This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Warning
Event Source: SceCli
Event Category: None
Event ID: 1202
Date: 5/27/2006
Time: 7:53:58 AM
User: N/A
Computer: PCVII
Description:
Security policies were propagated with warning. 0x4b8 : An extended error has occurred.
the userenv error seems to be caused by the scecli warning.
Connection-specific DNS Suffix . : apartment.msft
Description . . . . . . . . . . . : Intel(R) PRO/100 VM Desktop Adapter
Physical Address. . . . . . . . . : 00-60-8F-20-29-8F
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.0.7
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 192.168.0.150
192.168.0.1
192.168.0.1 is my router
192.168.0.150 is my dc and dns server
i managed to get rid of the auto enrollment error by removing the machine from the active directory and rebooting the dc and putting this machine in a workgroup and then putting it back in the domain.
but i'm still getting
Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1517
Date: 5/27/2006
Time: 2:04:48 PM
User: NT AUTHORITY\SYSTEM
Computer: PCVII
Description:
Windows saved user APARTMENT\robert registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.
This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Warning
Event Source: SceCli
Event Category: None
Event ID: 1202
Date: 5/27/2006
Time: 7:53:58 AM
User: N/A
Computer: PCVII
Description:
Security policies were propagated with warning. 0x4b8 : An extended error has occurred.
the userenv error seems to be caused by the scecli warning.
ASKER
i found more info in the winlogon.log about the scecli
**************************
Make a local copy of \\apartment.msft\SysVol\ap
GPLinkOrganizationUnit GPO_INFO_FLAG_BACKGROUND )
Make a local copy of \\apartment.msft\sysvol\ap
GPLinkDomain GPO_INFO_FLAG_BACKGROUND )
Process GP template gpt00000.inf.
This is not the last GPO.
--------------------------
Monday, May 29, 2006 1:17:58 AM
Administrative privileged user logged on.
Parsing template C:\WINDOWS\security\templa
Error 1208: An extended error has occurred.
Error creating database.
----Configuration engine was initialized with one or more errors.----
----Un-initialize configuration engine...
**************************
Make a local copy of \\apartment.msft\SysVol\ap
GPLinkOrganizationUnit GPO_INFO_FLAG_BACKGROUND )
Make a local copy of \\apartment.msft\sysvol\ap
GPLinkDomain GPO_INFO_FLAG_BACKGROUND )
Process GP template gpt00000.inf.
This is not the last GPO.
--------------------------
Monday, May 29, 2006 1:17:58 AM
Administrative privileged user logged on.
Parsing template C:\WINDOWS\security\templa
Error 1208: An extended error has occurred.
Error creating database.
----Configuration engine was initialized with one or more errors.----
----Un-initialize configuration engine...
ASKER
I installed UPHclean it could help. but I don't think it's related. I had it installed before I reinstalled windows.
I wonder if the errors are caused because two gpo's are being applied to my user.
it was setup so everyone gets one big gpo and I get a gpo with a few customizations for me. like my login script.
I wonder if the errors are caused because two gpo's are being applied to my user.
it was setup so everyone gets one big gpo and I get a gpo with a few customizations for me. like my login script.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
no but i think i found something here http://www.eventid.net/display.asp?eventid=1202&eventno=348&source=SceCli&phase=1
it said to rename the stuff in %systemroot%\security\data
so I did and rebooted and checked the log and no errors were reported. so I am assuming that worked :P
ty for the help for now I'm gonna consider this closed.
it said to rename the stuff in %systemroot%\security\data
so I did and rebooted and checked the log and no errors were reported. so I am assuming that worked :P
ty for the help for now I'm gonna consider this closed.
aight mate, if its closed can you make sure you close it so its not left open and myself or someone else has to clean it later!
oh thanks mate, i was thinking you could get your points back if you solved yourself :)
ASKER
I disabled uphclean service because this is the only machine that has it. So I thought it could be causing the trouble. Only time will tell.