Solved

Userenv Event ID: 1030 and 1053 errors occurring after joining Windows 2003 Server to internet

Posted on 2007-11-26
12
616 Views
Last Modified: 2008-11-01
I have recently been asked to give our one and only Windows 2003 Server access to the internet. The reason for this is one of the applications installed on the server can no longer use dialup to download data updates, and must now use broadband via the router that was installed a few years back. This server currently manages all services inc. file server, print server, terminal services, DNS, DHCP, AD and a few shared applications.

To prevent the server from previously access the internet (and to stop terminal service users from accessing the internet), we simply removed the gateway information in the network adaptor on the server. This has been working fine for about three years, and the server never missed a beat. After adding the gateway information into the network adaptor, services began to fail. Every five minutes, we are getting a Userenv Event ID: 1030 being generated, followed by a Userenv Event ID: 1053 two minutes there after. The SQL service will stop responding (which doesn't generate an event in the event log), and all the shared printers on the network stop responding as well (local TCP/IP printers aren't effected). About 30 minutes later, DNS and Group Policty Management are unbrowsable (I get a message 'The server is not operational'. As before, no events are generated in the event log).

One other strange behaviour I observed, was that when searching for google.com.au in Internet Explorer, it would work for about 10 minutes after adding the gateway information, but shortly there after, it would fail and the status bar shows attempts to search for google.com.au.org, google.com.au.edu, google.com.au.com etc...

The only solution is to restart the server and to remove the gateway information from the server network adaptor. The error is reproducable.

Any suggestions would be greatly appreciated!
0
Comment
Question by:Control_C
  • 4
  • 4
  • 2
  • +1
12 Comments
 
LVL 10

Expert Comment

by:wmeerza
ID: 20354770
Is this server a domain controller? given the amount of services you are running, in particular Terminal Server, i would highly recommend demoting it.
See the following:
http://technet2.microsoft.com/windowsserver/en/library/7c5ff862-ec28-4d62-b1d5-79c4bd544b361033.mspx?mfr=true
I also assume that this server is spec'd up to be able to handle the load (no memory, processor or I/O problems?)
0
 

Author Comment

by:Control_C
ID: 20354857
I have been keeping a close eye on memory and CPU utilisation, and the server is handling the current load without an issues.

This server is a domain controller. I know it's not ideal, but it hasn't caused any issues to date. If we had a spare Win2k3 box I would have moved AD/DNS and the associated FSMO roles across to it, but this is unfortunately not an option.
0
 
LVL 10

Expert Comment

by:wmeerza
ID: 20355294
Have you checked the results of dcdiag?
I have had a look around and looks like it could be a range of issues from DNS to group policy or a bad computer on the LAN. How many NIC's do you have configured on the server?
0
 
LVL 10

Expert Comment

by:wmeerza
ID: 20355300
Also, might be woth looking at the group policy modelling, check it for a range of users from Admin to normal.
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 20356135
What does DCdiag say?

Have you checked your forwarders in DNS to make sure they go to an outside DNS server?
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:Control_C
ID: 20356494
I've just re-enabled the gateway on the server network interface, and all tests (for the moment) have passed in DCDiag. I will test again once AD, DNS etc... all fail in 30 minutes or so.

We presently have 12 machines networked at this site. All of the machines plug into the same switch, nothing special at all.

I have set the server network interface to look at its own DNS server only. The DNS forwarder has been configured to look at the router (ADSL modem).

DHCP scope options have also been configured correctly with DNS server IP pointing to the internal server, and Gateway IP pointing to the router (ADSL modem).

wmeerza, what did you mean by checking the group policy modelling?
0
 

Author Comment

by:Control_C
ID: 20356526
Forgot to mention, there are two NIC's in the server, but one is disabled in the hardware manager, so I doubt that this could be causing the problem.
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 20358695
Are either the switch or router 1000Mb switches or routers?

Are either the switch or router dumb switches or routers that need spanning tree port fast enabled?
0
 
LVL 10

Expert Comment

by:wmeerza
ID: 20361513
in group policy management select group policy results, you can then right click and run the wizard which allows you to test the policy for machines and specific users which will show you summary, setting & events.
0
 

Author Comment

by:Control_C
ID: 20409449
I believe I have found the problem:

Whilst all the workstations were off, I was unable to replicate any of the problems that I was experiencing earlier. I was eventually able to narrow it down to an incorrectly configured workstation that had been put on the network without being correctly configured.

Firstly, when attempting to access the workstation from the server via the run command \\<workstation> I was getting a "This server's clock is not synchornized with the primary domain controller's clock." So I did a net time \\<server> /set /yes which cleared up all the errors related to this (e.g. Kerberos).

Secondly, the Primary DNS suffix of the computer (under Computer Name in System Properties) was set to a completely different domain from where this workstation was originally from.

Cleaning up both these things have made my network stable... I guess we can close this question.

However, I'm a little surprised that all it took to crash a server was an incorrectly configured workstation... surely there should be safeguards against this sort of issue?

0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 22857138
PAQed with no points refunded (of 500)

Computer101
EE Admin
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Join & Write a Comment

Many of us need to configure DHCP server(s) in their environment. We can do that simply via DHCP console on server or using MMC snap-in on each computer with Administrative Tools installed in a network. But what if we have to configure many DHCP ser…
Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now