Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Userenv Event ID: 1030 and 1053 errors occurring after joining Windows 2003 Server to internet

Posted on 2007-11-26
12
Medium Priority
?
635 Views
Last Modified: 2008-11-01
I have recently been asked to give our one and only Windows 2003 Server access to the internet. The reason for this is one of the applications installed on the server can no longer use dialup to download data updates, and must now use broadband via the router that was installed a few years back. This server currently manages all services inc. file server, print server, terminal services, DNS, DHCP, AD and a few shared applications.

To prevent the server from previously access the internet (and to stop terminal service users from accessing the internet), we simply removed the gateway information in the network adaptor on the server. This has been working fine for about three years, and the server never missed a beat. After adding the gateway information into the network adaptor, services began to fail. Every five minutes, we are getting a Userenv Event ID: 1030 being generated, followed by a Userenv Event ID: 1053 two minutes there after. The SQL service will stop responding (which doesn't generate an event in the event log), and all the shared printers on the network stop responding as well (local TCP/IP printers aren't effected). About 30 minutes later, DNS and Group Policty Management are unbrowsable (I get a message 'The server is not operational'. As before, no events are generated in the event log).

One other strange behaviour I observed, was that when searching for google.com.au in Internet Explorer, it would work for about 10 minutes after adding the gateway information, but shortly there after, it would fail and the status bar shows attempts to search for google.com.au.org, google.com.au.edu, google.com.au.com etc...

The only solution is to restart the server and to remove the gateway information from the server network adaptor. The error is reproducable.

Any suggestions would be greatly appreciated!
0
Comment
Question by:Control_C
  • 4
  • 4
  • 2
  • +1
11 Comments
 
LVL 10

Expert Comment

by:wmeerza
ID: 20354770
Is this server a domain controller? given the amount of services you are running, in particular Terminal Server, i would highly recommend demoting it.
See the following:
http://technet2.microsoft.com/windowsserver/en/library/7c5ff862-ec28-4d62-b1d5-79c4bd544b361033.mspx?mfr=true
I also assume that this server is spec'd up to be able to handle the load (no memory, processor or I/O problems?)
0
 

Author Comment

by:Control_C
ID: 20354857
I have been keeping a close eye on memory and CPU utilisation, and the server is handling the current load without an issues.

This server is a domain controller. I know it's not ideal, but it hasn't caused any issues to date. If we had a spare Win2k3 box I would have moved AD/DNS and the associated FSMO roles across to it, but this is unfortunately not an option.
0
 
LVL 10

Expert Comment

by:wmeerza
ID: 20355294
Have you checked the results of dcdiag?
I have had a look around and looks like it could be a range of issues from DNS to group policy or a bad computer on the LAN. How many NIC's do you have configured on the server?
0
Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

 
LVL 10

Expert Comment

by:wmeerza
ID: 20355300
Also, might be woth looking at the group policy modelling, check it for a range of users from Admin to normal.
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 20356135
What does DCdiag say?

Have you checked your forwarders in DNS to make sure they go to an outside DNS server?
0
 

Author Comment

by:Control_C
ID: 20356494
I've just re-enabled the gateway on the server network interface, and all tests (for the moment) have passed in DCDiag. I will test again once AD, DNS etc... all fail in 30 minutes or so.

We presently have 12 machines networked at this site. All of the machines plug into the same switch, nothing special at all.

I have set the server network interface to look at its own DNS server only. The DNS forwarder has been configured to look at the router (ADSL modem).

DHCP scope options have also been configured correctly with DNS server IP pointing to the internal server, and Gateway IP pointing to the router (ADSL modem).

wmeerza, what did you mean by checking the group policy modelling?
0
 

Author Comment

by:Control_C
ID: 20356526
Forgot to mention, there are two NIC's in the server, but one is disabled in the hardware manager, so I doubt that this could be causing the problem.
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 20358695
Are either the switch or router 1000Mb switches or routers?

Are either the switch or router dumb switches or routers that need spanning tree port fast enabled?
0
 
LVL 10

Expert Comment

by:wmeerza
ID: 20361513
in group policy management select group policy results, you can then right click and run the wizard which allows you to test the policy for machines and specific users which will show you summary, setting & events.
0
 

Author Comment

by:Control_C
ID: 20409449
I believe I have found the problem:

Whilst all the workstations were off, I was unable to replicate any of the problems that I was experiencing earlier. I was eventually able to narrow it down to an incorrectly configured workstation that had been put on the network without being correctly configured.

Firstly, when attempting to access the workstation from the server via the run command \\<workstation> I was getting a "This server's clock is not synchornized with the primary domain controller's clock." So I did a net time \\<server> /set /yes which cleared up all the errors related to this (e.g. Kerberos).

Secondly, the Primary DNS suffix of the computer (under Computer Name in System Properties) was set to a completely different domain from where this workstation was originally from.

Cleaning up both these things have made my network stable... I guess we can close this question.

However, I'm a little surprised that all it took to crash a server was an incorrectly configured workstation... surely there should be safeguards against this sort of issue?

0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 22857138
PAQed with no points refunded (of 500)

Computer101
EE Admin
0

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question