?
Solved

Scripts not running over WAN when logging into domain

Posted on 2008-10-23
8
Medium Priority
?
535 Views
Last Modified: 2012-05-05
We have a new branch office and am having some difficulties with policies when logging into the domain.
When the PC logs in, drive mapping are fine.
Computer Policies do not seem to apply
I can PING the domain controller ok.
When I run a gpudate, everything seems fine:
    User Policy Refresh has completed.
    Computer Policy Refresh has completed.

However,
In the event logger are several of the following:
ID: 1054, Source: Userenv
Windows cannot obtain the domain controller name for your computer network. (An unexpected network error occurred. ). Group Policy processing aborted.

Any ideas on what could be causing these issues?

Thanks,

E.D.
0
Comment
Question by:edalzell
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 9

Expert Comment

by:mgonullu
ID: 22787795
The problem is the delay and gap that happens, when the user enter the password, it try to contact the Domain controller, for a network gap problem the machine ends up by loging locally to the machine and some policies will not be applied and in addition some error messages could be seen.
0
 
LVL 63

Expert Comment

by:SysExpert
ID: 22789053
It could also mean that DNS is slow, or similar issues, since the DC can not be contacted.

Is the WAN slow or congested ?


I hope this helps !
0
 

Author Comment

by:edalzell
ID: 22789675
Just did a few more quick tests:

1. Login scrips do run (login.bat) and network drives connect propely
2. While pinging DC, there is no packet loss - 20ms avg. return
3. I can resolve DC hostname, no problem.

I'm assuming it's a port that's being blocked, etc.
I understand you need to following in order to run AD...
53/udp - DNS
88/udp - Kerberos
135/tcp - RPC Endpoint Mapper (DC replication)
369/udp - LDAP
3268/udp - GC

Is there a DCDIAG util or something similar that will assist me with troubleshooting?

Thanks!

E.D.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 9

Expert Comment

by:mgonullu
ID: 22790659
See this Microsoft solution:

http://support.microsoft.com/kb/304970
0
 

Author Comment

by:edalzell
ID: 22797649
mgonullu, thanks for the suggestion.
I already have this enabled..... :-)
0
 

Author Comment

by:edalzell
ID: 22798717
FYI... after running a netdiag, here's what I get.

C:\Program Files\Support Tools>netdiag /fix

Netcard queries test . . . . . . . : Passed

Per interface results:

    Adapter : Local Area Connection

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : hostname
        IP Address . . . . . . . . : 192.168.13.125
        Subnet Mask. . . . . . . . : 255.255.255.0
        Default Gateway. . . . . . : 192.168.13.1
        Primary WINS Server. . . . : 192.168.0.225
        Dns Servers. . . . . . . . : 192.168.0.225
        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Passed

        NetBT name test. . . . . . : Passed
        [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenge
r Service', <20> 'WINS' names is missing.

        WINS service test. . . . . : Passed
Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{609FA2F1-BA42-4BBA-8F2C-9207CE166057}
    1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
    [WARNING] You don't have a single interface with the <00> 'WorkStation Servi
ce', <03> 'Messenger Service', <20> 'WINS' names defined.

Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Passed
Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
        NetBT_Tcpip_{609FA2F1-BA42-4BBA-8F2C-9207CE166057}
    The redir is bound to 1 NetBt transport.

    List of NetBt transports currently bound to the browser
        NetBT_Tcpip_{609FA2F1-BA42-4BBA-8F2C-9207CE166057}
    The browser is bound to 1 NetBt transport.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed
Trust relationship test. . . . . . : Passed
    Secure channel for domain 'KAWARTHACU' is to '\\controller.domain.com'.
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Passed
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
    No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Passed
    Service status  is: Started
    Service startup is: Automatic
    IPSec service is available, but no policy is assigned or active
    Note: run "ipseccmd /?" for more detailed information


The command completed successfully

Thanks!
0
 

Expert Comment

by:DeVryWindows
ID: 22798826
I may be worth looking to Slow Link Detection for Group Policy processing

http://technet.microsoft.com/en-us/library/cc781031.aspx
0
 

Accepted Solution

by:
edalzell earned 0 total points
ID: 22815280
0

Featured Post

Does Your Cloud Backup Use Blockchain Technology?

Blockchain technology has already revolutionized finance thanks to Bitcoin. Now it's disrupting other areas, including the realm of data protection. Learn how blockchain is now being used to authenticate backup files and keep them safe from hackers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question