Microsoft, Server , 2003--Error 1054 in event log on domain server
I am getting the userenv error in the event viewer on the active directory server itsself.
here is my ipconfig /all:
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.
F:\Documents and Settings\matt>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : bilskyserver
Primary Dns Suffix . . . . . . . : BilskyGroup.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : BilskyGroup.local
hsd1.pa.comcast.net.
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : NVIDIA nForce Networking Controller
Physical Address. . . . . . . . . : 00-19-DB-6D-3E-BF
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.0.1
Primary WINS Server . . . . . . . : 192.168.0.1
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : hsd1.pa.comcast.net.
Description . . . . . . . . . . . : DGE-560T Gigabit PCI Express Ethernet Ada
pter
Physical Address. . . . . . . . . : 00-1B-11-79-3F-6D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 68.54.179.239
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 68.54.179.1
DHCP Server . . . . . . . . . . . : 68.87.64.10
DNS Servers . . . . . . . . . . . : 192.168.0.1
Primary WINS Server . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Disabled
Lease Obtained. . . . . . . . . . : Friday, September 28, 2007 10:18:20 AM
Lease Expires . . . . . . . . . . : Sunday, September 30, 2007 6:41:07 PM
F:\Documents and Settings\matt>
any ideas?
here is my ipconfig /all:
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.
F:\Documents and Settings\matt>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : bilskyserver
Primary Dns Suffix . . . . . . . : BilskyGroup.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : BilskyGroup.local
hsd1.pa.comcast.net.
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : NVIDIA nForce Networking Controller
Physical Address. . . . . . . . . : 00-19-DB-6D-3E-BF
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.0.1
Primary WINS Server . . . . . . . : 192.168.0.1
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : hsd1.pa.comcast.net.
Description . . . . . . . . . . . : DGE-560T Gigabit PCI Express Ethernet Ada
pter
Physical Address. . . . . . . . . : 00-1B-11-79-3F-6D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 68.54.179.239
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 68.54.179.1
DHCP Server . . . . . . . . . . . : 68.87.64.10
DNS Servers . . . . . . . . . . . : 192.168.0.1
Primary WINS Server . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Disabled
Lease Obtained. . . . . . . . . . : Friday, September 28, 2007 10:18:20 AM
Lease Expires . . . . . . . . . . : Sunday, September 30, 2007 6:41:07 PM
F:\Documents and Settings\matt>
any ideas?
ASKER
that didn't fix it.
For my own understanding - this is your a domain controller for an Active Directory domain, correct? I see that the DC is pointing to itself for both DNS and WINS, the DC is running both of these services as well?
Based on your ipconfig, this server is multi-homed - is this server also running RRAS?
It's really not a best practice for a domain controller to be multi-homed, as it can cause issues such as the one that you are experiencing, including the following: http://support.microsoft.com/kb/272294. Multi-homed WINS servers are also not a best practice.
That said, check the binding order of the NIC cards to ensure that the LAN-side NIC is listed first, as described in another EE thread here: https://www.experts-exchange.com/questions/22673138/Windows-2003-Multihomed-Domain-Controller-generates-1054-Userenv-error.html
Based on your ipconfig, this server is multi-homed - is this server also running RRAS?
It's really not a best practice for a domain controller to be multi-homed, as it can cause issues such as the one that you are experiencing, including the following: http://support.microsoft.com/kb/272294. Multi-homed WINS servers are also not a best practice.
That said, check the binding order of the NIC cards to ensure that the LAN-side NIC is listed first, as described in another EE thread here: https://www.experts-exchange.com/questions/22673138/Windows-2003-Multihomed-Domain-Controller-generates-1054-Userenv-error.html
LauraEHunterMVP, you got it...I didn't pay attention to the second public IP address. :)
ASKER
they were already in the binding order you suggested.
I have 2 servers, 1 server 2003 x64 with 2 nics, and one server 2003 with 2 nics. the x64 is the AD,DNS,DHCP,WINS,RRAS,and Exchange server. the other one does pop connector, anti-virus and citrix, so that one cannot be an AD server, since citrix doesn't play nicely with it.
The modem is connected to one of the nics on the x64 server and then the other nic is connected to the gigabit switch. One of the nics on the x32 server is disabled, and the other one is connected to the switch too.
What should i do to get the network setup properly, and so that i don't get that error message. Also, i do use vpn from rras.
finally, the client computers receive the 1054 also in their application logs.
thanks
I have 2 servers, 1 server 2003 x64 with 2 nics, and one server 2003 with 2 nics. the x64 is the AD,DNS,DHCP,WINS,RRAS,and Exchange server. the other one does pop connector, anti-virus and citrix, so that one cannot be an AD server, since citrix doesn't play nicely with it.
The modem is connected to one of the nics on the x64 server and then the other nic is connected to the gigabit switch. One of the nics on the x32 server is disabled, and the other one is connected to the switch too.
What should i do to get the network setup properly, and so that i don't get that error message. Also, i do use vpn from rras.
finally, the client computers receive the 1054 also in their application logs.
thanks
Unless you configure a DC with a single NIC, situated solely on your private LAN, your DC and clients will continue to receive those 1054 errors as well as experiencing other intermittent name resolution and browsing issues. AD and Exchange should also not be installed on the same server as a best practice. Extricating either role from your currently-described configuration, however, will be non-trivial since running dcpromo against an Exchange server is also unsupported.
If you choose to go the route of segregating Exchange and/or AD onto dedicated hardware, you would be well-advised to seek on-site assistance for it to ensure that all service and application dependencies have been enumerated and addressed.
If you choose to go the route of segregating Exchange and/or AD onto dedicated hardware, you would be well-advised to seek on-site assistance for it to ensure that all service and application dependencies have been enumerated and addressed.
ASKER
am i losing any functionality that is being represented by the 1054 errors, or should i just ignore them?
Name resolution errors and/or a sub-optimal AD configuration, if left unresolved, will prevent clients and servers from accessing both internal and external network resources, sometimes consistently but more often on an intermittent and hard-to-troubleshoot basis.
Only you can determine if the issues this creates for your environment are manageable or not.
Only you can determine if the issues this creates for your environment are manageable or not.
ASKER
so the only way to fix this is to sep. rras from the ad server, but i can leave dns and dhcp in place. and it doesn't matter if i move exchange?
As I said above, your domain controller needs to be single-homed and residing solely on your private LAN. If your DNS zones are AD-integrated, DNS will also need to reside on your domain controller.
As for your Exchange server, also see my previous comments - it is not a best practice for Exchange and AD to reside on the same hardware, but running dcpromo to promote or demote an existing DC on a machine that is already running Exchange is unsupported by Microsoft, so you would need to migrate both the Exchange and AD roles off of the multi-homed server in order to properly remote Active Directory from it and demote it to member server status.
As for your Exchange server, also see my previous comments - it is not a best practice for Exchange and AD to reside on the same hardware, but running dcpromo to promote or demote an existing DC on a machine that is already running Exchange is unsupported by Microsoft, so you would need to migrate both the Exchange and AD roles off of the multi-homed server in order to properly remote Active Directory from it and demote it to member server status.
ASKER
well, i was planning on just removing rras from that server, and moving it to a different one. would that fix the problem?
If you configure the domain controller with only a single active network connection, connected to your private network, and remove any references to the decommissioned IP address on any DNS servers that your clients reference, name resolution on your network should improve.
Hey All.
I have ran into 1054 before. I can't remember if it were an unregistered DNS server, spaning tree portfast on the switches and routers, or metadata from an old server. DCdiag should eliminate or show DNS and metadata issues.
If my memory serves me correctly, the problem I had was because of a misconfigured cisco switch. I had to configure it with portfast.
I hope this helps you all out.
I have ran into 1054 before. I can't remember if it were an unregistered DNS server, spaning tree portfast on the switches and routers, or metadata from an old server. DCdiag should eliminate or show DNS and metadata issues.
If my memory serves me correctly, the problem I had was because of a misconfigured cisco switch. I had to configure it with portfast.
I hope this helps you all out.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
probably your dns records are not correct...
do one thing, on the domain controller, restart the Netlogon service...
then, form the command prompt, type
netdiag /fix
this will fix and update your dns records....
hope you are using the same dns server from the domain controller and the workstations!!!