Solved

Userenv Event ID: 1030 and 1053 errors occurring after joining Windows 2003 Server to internet

Posted on 2007-11-26
12
623 Views
Last Modified: 2008-11-01
I have recently been asked to give our one and only Windows 2003 Server access to the internet. The reason for this is one of the applications installed on the server can no longer use dialup to download data updates, and must now use broadband via the router that was installed a few years back. This server currently manages all services inc. file server, print server, terminal services, DNS, DHCP, AD and a few shared applications.

To prevent the server from previously access the internet (and to stop terminal service users from accessing the internet), we simply removed the gateway information in the network adaptor on the server. This has been working fine for about three years, and the server never missed a beat. After adding the gateway information into the network adaptor, services began to fail. Every five minutes, we are getting a Userenv Event ID: 1030 being generated, followed by a Userenv Event ID: 1053 two minutes there after. The SQL service will stop responding (which doesn't generate an event in the event log), and all the shared printers on the network stop responding as well (local TCP/IP printers aren't effected). About 30 minutes later, DNS and Group Policty Management are unbrowsable (I get a message 'The server is not operational'. As before, no events are generated in the event log).

One other strange behaviour I observed, was that when searching for google.com.au in Internet Explorer, it would work for about 10 minutes after adding the gateway information, but shortly there after, it would fail and the status bar shows attempts to search for google.com.au.org, google.com.au.edu, google.com.au.com etc...

The only solution is to restart the server and to remove the gateway information from the server network adaptor. The error is reproducable.

Any suggestions would be greatly appreciated!
0
Comment
Question by:Control_C
  • 4
  • 4
  • 2
  • +1
12 Comments
 
LVL 10

Expert Comment

by:wmeerza
ID: 20354770
Is this server a domain controller? given the amount of services you are running, in particular Terminal Server, i would highly recommend demoting it.
See the following:
http://technet2.microsoft.com/windowsserver/en/library/7c5ff862-ec28-4d62-b1d5-79c4bd544b361033.mspx?mfr=true
I also assume that this server is spec'd up to be able to handle the load (no memory, processor or I/O problems?)
0
 

Author Comment

by:Control_C
ID: 20354857
I have been keeping a close eye on memory and CPU utilisation, and the server is handling the current load without an issues.

This server is a domain controller. I know it's not ideal, but it hasn't caused any issues to date. If we had a spare Win2k3 box I would have moved AD/DNS and the associated FSMO roles across to it, but this is unfortunately not an option.
0
 
LVL 10

Expert Comment

by:wmeerza
ID: 20355294
Have you checked the results of dcdiag?
I have had a look around and looks like it could be a range of issues from DNS to group policy or a bad computer on the LAN. How many NIC's do you have configured on the server?
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 10

Expert Comment

by:wmeerza
ID: 20355300
Also, might be woth looking at the group policy modelling, check it for a range of users from Admin to normal.
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 20356135
What does DCdiag say?

Have you checked your forwarders in DNS to make sure they go to an outside DNS server?
0
 

Author Comment

by:Control_C
ID: 20356494
I've just re-enabled the gateway on the server network interface, and all tests (for the moment) have passed in DCDiag. I will test again once AD, DNS etc... all fail in 30 minutes or so.

We presently have 12 machines networked at this site. All of the machines plug into the same switch, nothing special at all.

I have set the server network interface to look at its own DNS server only. The DNS forwarder has been configured to look at the router (ADSL modem).

DHCP scope options have also been configured correctly with DNS server IP pointing to the internal server, and Gateway IP pointing to the router (ADSL modem).

wmeerza, what did you mean by checking the group policy modelling?
0
 

Author Comment

by:Control_C
ID: 20356526
Forgot to mention, there are two NIC's in the server, but one is disabled in the hardware manager, so I doubt that this could be causing the problem.
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 20358695
Are either the switch or router 1000Mb switches or routers?

Are either the switch or router dumb switches or routers that need spanning tree port fast enabled?
0
 
LVL 10

Expert Comment

by:wmeerza
ID: 20361513
in group policy management select group policy results, you can then right click and run the wizard which allows you to test the policy for machines and specific users which will show you summary, setting & events.
0
 

Author Comment

by:Control_C
ID: 20409449
I believe I have found the problem:

Whilst all the workstations were off, I was unable to replicate any of the problems that I was experiencing earlier. I was eventually able to narrow it down to an incorrectly configured workstation that had been put on the network without being correctly configured.

Firstly, when attempting to access the workstation from the server via the run command \\<workstation> I was getting a "This server's clock is not synchornized with the primary domain controller's clock." So I did a net time \\<server> /set /yes which cleared up all the errors related to this (e.g. Kerberos).

Secondly, the Primary DNS suffix of the computer (under Computer Name in System Properties) was set to a completely different domain from where this workstation was originally from.

Cleaning up both these things have made my network stable... I guess we can close this question.

However, I'm a little surprised that all it took to crash a server was an incorrectly configured workstation... surely there should be safeguards against this sort of issue?

0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 22857138
PAQed with no points refunded (of 500)

Computer101
EE Admin
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Organizations create, modify, and maintain huge amounts of data to help their businesses earn money and generally function.  Typically every network user within an organization has a bit of disk space to store in process items and personal files.   …
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question