Solved

Lots of Event 1053 Errors

Posted on 2008-06-23
19
2,051 Views
Last Modified: 2012-06-22
My event log, under application, is filling up with event id 1053, with this text:

Windows cannot determine the user or computer name. (There are no more endpoints available from the endpoint mapper. ). Group Policy processing aborted.


About every 5 minutes another one is added.
0
Comment
Question by:dougp23
  • 7
  • 7
  • 5
19 Comments
 
LVL 24

Expert Comment

by:ryansoto
Comment Utility
0
 
LVL 1

Author Comment

by:dougp23
Comment Utility
dcdiag:  cpmmand not found
netdiag:  command not found

Looks like I don't have these installed.  How do I get them installed?  Win2K3 SP2
0
 
LVL 24

Expert Comment

by:ryansoto
Comment Utility
0
 
LVL 1

Author Comment

by:dougp23
Comment Utility
OK, installed both of them.  

DcDiag ran pretty cleanly.

NetDiag provided this little pearl:

DNS test . . . . . . . . . . . . . : Failed

    [WARNING] The DNS entries for this DC are not registered correctly on DNS se

rver '192.168.10.1'. Please wait for 30 minutes for DNS server replication.

    [FATAL] No DNS servers have the DNS records for this DC registered.



Now, THIS server IS 192.168.10.1....so how do I tell the server that to get to himself, he should ask...himself??
0
 
LVL 1

Author Comment

by:dougp23
Comment Utility
Also, under DNS, my server is showing 2 forward lookup zones.

TOWN
TOWN.COM

I would imagine I only need TOWN.COM?  Is the fact that TOWN is in there confusing things?

Under Town.com I have an A record that says
Accounting.Town.com   192.168.10.1

So it seems like this DNS *should* know how to resolve itself....

Hope this helps!
0
 
LVL 24

Expert Comment

by:ryansoto
Comment Utility
most likely you will need to keep town.com

run a netdiag /fix then a netdiag again and see what comes back.

Also in tcp ip properties for the lan connection you have the first DNS server set to itself (internal IP address) and the second to another internal DNS machine.
There should NOT be an ISP server in there
0
 
LVL 1

Author Comment

by:dougp23
Comment Utility
TCP/IP Properties (2 NIC Cards)
192.168.10.1 has preferred DNS of 192.168.10.1 and no secondary DNS.
The 2nd NIC is capturing VOIP traffic to record calls that we need recorded, so it has a 10.0.55.1 IP with a 10.0.55.1 DNS.  Note that we run NO 10.x IPs, so I would imagine this interface cannot communicate out at all.

Ran netdiag  /fix, then netdiag again.  

The interesting (I think) parts:
NetBT name test. . . . . . : Passed                                             [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names is missing.                                                   No remote names have been found.                                                                                                                            WINS service test. . . . . : Skipped                                                There are no WINS servers configured for this interface.                                                                                                

DNS test . . . . . . . . . . . . . : Passed                                         PASS - All the DNS entries for DC are registered on DNS server '192.168.10.1' and other DCs also have some of the names registered.                                                                                                                                                                                        

I will clear out the EL, and see if they keep happening.
0
 
LVL 38

Expert Comment

by:ChiefIT
Comment Utility
Ar you running synaptec end point protection?
0
 
LVL 1

Author Comment

by:dougp23
Comment Utility
no, no endpoint security.  OK, I followed some MS Technet docs, and I had no "endpoints" available, so did what they said.  They then said to do a portqry and see if certain ports were being blocked.  So, I did this, from the Town server:


portqry -n servername.police.org -o 1094,1025,1029,6004
Name resolved to 192.168.11.10





TCP port 1094 (unknown service): NOT LISTENING


TCP port 1025 (unknown service): NOT LISTENING


TCP port 1029 (unknown service): NOT LISTENING


TCP port 6004 (unknown service): NOT LISTENING

Any ideas?  Again, both buildings connect via fiber, so I don't think my firewall for the network is blocking this stuff.  Both servers have their network cards firewalls shut off.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 24

Expert Comment

by:ryansoto
Comment Utility
So after a /fix the errors are still occuring?
0
 
LVL 1

Author Comment

by:dougp23
Comment Utility
Well, they've changed.  Event ID 4521 with information 9002.  Which I think is due to that police server not listening on those ports.  Perhaps I should close this question and open a new one, since I am no longer getting 1053 errors.  Or I'll bump the points up.
0
 
LVL 38

Expert Comment

by:ChiefIT
Comment Utility
I am going to review what we have for info. I'll admit these endpoint mappers and certs for the RPC service over VPN are not one of my strong points. If you don't mind, will you leave this open.
0
 
LVL 38

Expert Comment

by:ChiefIT
Comment Utility
In the meantime, i was on another post where the technet article didn't help, but this MS article provided the right key to the solution.
http://support.microsoft.com/kb/839880
0
 
LVL 38

Expert Comment

by:ChiefIT
Comment Utility
The ports on your portqry that are "not listening" are not key to 2003 server services:

TCP port 1094 (unknown service): NOT LISTENING
TCP port 1025 (unknown service): NOT LISTENING
TCP port 1029 (unknown service): NOT LISTENING
TCP port 6004 (unknown service): NOT LISTENING

http://www.microsoft.com/smallbusiness/support/articles/ref_net_ports_ms_prod.mspx

So, what is perplexing to me is why isn't it working?
0
 
LVL 38

Expert Comment

by:ChiefIT
Comment Utility
OK: The article that I provided says:
From the output, you know the DC is using port 1094 for FRS and 1025, 1029, and 6004 for Active Directory replication.

antivirus software May be blocking ports above 1024.

Please see step 4 of the article above. It describes your problem to a T.
0
 
LVL 1

Author Comment

by:dougp23
Comment Utility
I had found KB839880 already, and yes I agree step 4 is a real wakeup.  But what they don't tell you is how to fix it.  I am against turning off the firewall on the server, but OK, I turned it off.  Now, I should turn off my antivirus too??  Only MS would offer this up as a solution!!

My Antivirus has no built in firewall, so I am just totall stumped, and ready to say "forget it, people will have to keep track of 2 logins".  Not my favored solution, but where else do I go from here?

If this helps, the prtqry from Town reported back properly on POlice, but a portqry on Police says it can't resolve the name accounting.town.com.  Is that a prob?  Remember, the folder I want to share is on Town, but the users are on Police.  Not sure if this matters.
0
 
LVL 24

Expert Comment

by:ryansoto
Comment Utility
I would turn it all off to test and see what happens.
0
 
LVL 38

Accepted Solution

by:
ChiefIT earned 500 total points
Comment Utility
OK:

This is what I am thinking>

DFS (Distirbutive File Services) is responsible for distributing out GPOs. GPOs are first saved in SYSVOL. Then DFS uses Netbios broadcasts send out these shares to the local subnet. The only problem with that is netbios uses broadcastsed messages and it is not a routeable protocol. NON-routeable means that it will not go through a VPN tunnel, across a firewall, or over any sort of NAT.

To fix this issue, you will need netbios over TCP/IP for all computers within each subnet and you need something to transport from one subnet to another. There are two methods of doing just that for DFS.

So here are your fixes:
1) USE WINS between the two sites. Create a WINS server out of your lead server per subnet. What I mean by a lead server is the one that holds the FSMO roles. Below is an article that explains how to use WINS to go across a WAN configuration for the Browser service. This article will help you configure WINS as a transport between the two sites.

http://www.microsoft.com/resources/documentation/windowsnt/4/server/reskit/en-us/net/chptr3.mspx?mfr=true

Alternative fix: Fix 2) An alternative fix is to use DNS as the transport for DFS:
 http://support.microsoft.com/kb/244380
PLEASE NOTE: Please look at the key ports used by Windows 2003 anything using ports 137, for WINS and Netbios datagram ports 138 and 139 are effected if you do not use WINS. If all you are after is DFS, then you could use DNS. So, there are drawbacks to using DNS.

Dropping your pants by disabling the firewall and AV products are just a test, and yes it's not a good idea. So, the test are done and you still probably still don't have what you need, because Netbios is not routeable.

What you should do is pay attention to what uses IP ports for netbios. Those would be Netbios/WINS port 137,  and netbios datagram ports 138, and 139. Without WINS, you will not be able to get to Site 2. So, let's review what key functions use these ports. If you want all services availlable between the LAN, you will have to use Fix 1;

This article for reference on the ports used by Key Serivices of 2003 server:
http://www.microsoft.com/smallbusiness/support/articles/ref_net_ports_ms_prod.mspx
1) WINS
2) The Domain Browser Service
3) DFS
4) License logging service
5) messanger
6) Netlogon
7) performance logs and alerts.
8) print spooler
9) RPC
10) SERVER service
11) System management service

With that said, I think the full range of symptoms you will have is:
~~Computers from the remote site will not show up in MY NETWORK PLACES.
~~The print spooler will not work on a remote site
~~You can't run files using RPC from the remote site and may have RPC is unavailable.
~~You can't view performance logs and alerts from the remote site.
~~You will probably have events 1030 can't get GPO, 1058 can't get GPO, 1053 as you are seeing,  and might see 8032 master browser conflict, 8032 master browser conflict.

*****IMPORTANT: Prior to applying the fixes, you can enable AV and firewalls.

Attached is a free body diagram that illustrates what you want. Use Netbios over TCP/IP to broadcast between clients and server on the same subnet. Then, use WINS to communicate between the two subnets. Disregard the part that says, here is your problem. Since you don't seem to have problems with the clients and server, all you may have to do is enable WINS on the subnet's master server.

For the browser service, I recommend you use the same article and make sure you have a master browser per subnet and a backup browser.

I hope this helps, and let me know if you have any questions.
browser-interaction.JPG
0
 
LVL 38

Expert Comment

by:ChiefIT
Comment Utility
Excellent!! I am glad to see this worked for you. Thanks.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Mapping Drives using Group policy preferences Are you still using old scripts to map your network drives if so this article will show you how to get away for old scripts and move toward Group Policy Preference for mapping them. First things f…
Synchronize a new Active Directory domain with an existing Office 365 tenant
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now