Solved

Scripts not running over WAN when logging into domain

Posted on 2008-10-23
8
531 Views
Last Modified: 2012-05-05
We have a new branch office and am having some difficulties with policies when logging into the domain.
When the PC logs in, drive mapping are fine.
Computer Policies do not seem to apply
I can PING the domain controller ok.
When I run a gpudate, everything seems fine:
    User Policy Refresh has completed.
    Computer Policy Refresh has completed.

However,
In the event logger are several of the following:
ID: 1054, Source: Userenv
Windows cannot obtain the domain controller name for your computer network. (An unexpected network error occurred. ). Group Policy processing aborted.

Any ideas on what could be causing these issues?

Thanks,

E.D.
0
Comment
Question by:edalzell
8 Comments
 
LVL 9

Expert Comment

by:mgonullu
ID: 22787795
The problem is the delay and gap that happens, when the user enter the password, it try to contact the Domain controller, for a network gap problem the machine ends up by loging locally to the machine and some policies will not be applied and in addition some error messages could be seen.
0
 
LVL 63

Expert Comment

by:SysExpert
ID: 22789053
It could also mean that DNS is slow, or similar issues, since the DC can not be contacted.

Is the WAN slow or congested ?


I hope this helps !
0
 

Author Comment

by:edalzell
ID: 22789675
Just did a few more quick tests:

1. Login scrips do run (login.bat) and network drives connect propely
2. While pinging DC, there is no packet loss - 20ms avg. return
3. I can resolve DC hostname, no problem.

I'm assuming it's a port that's being blocked, etc.
I understand you need to following in order to run AD...
53/udp - DNS
88/udp - Kerberos
135/tcp - RPC Endpoint Mapper (DC replication)
369/udp - LDAP
3268/udp - GC

Is there a DCDIAG util or something similar that will assist me with troubleshooting?

Thanks!

E.D.
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 
LVL 9

Expert Comment

by:mgonullu
ID: 22790659
See this Microsoft solution:

http://support.microsoft.com/kb/304970
0
 

Author Comment

by:edalzell
ID: 22797649
mgonullu, thanks for the suggestion.
I already have this enabled..... :-)
0
 

Author Comment

by:edalzell
ID: 22798717
FYI... after running a netdiag, here's what I get.

C:\Program Files\Support Tools>netdiag /fix

Netcard queries test . . . . . . . : Passed

Per interface results:

    Adapter : Local Area Connection

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : hostname
        IP Address . . . . . . . . : 192.168.13.125
        Subnet Mask. . . . . . . . : 255.255.255.0
        Default Gateway. . . . . . : 192.168.13.1
        Primary WINS Server. . . . : 192.168.0.225
        Dns Servers. . . . . . . . : 192.168.0.225
        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Passed

        NetBT name test. . . . . . : Passed
        [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenge
r Service', <20> 'WINS' names is missing.

        WINS service test. . . . . : Passed
Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{609FA2F1-BA42-4BBA-8F2C-9207CE166057}
    1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
    [WARNING] You don't have a single interface with the <00> 'WorkStation Servi
ce', <03> 'Messenger Service', <20> 'WINS' names defined.

Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Passed
Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
        NetBT_Tcpip_{609FA2F1-BA42-4BBA-8F2C-9207CE166057}
    The redir is bound to 1 NetBt transport.

    List of NetBt transports currently bound to the browser
        NetBT_Tcpip_{609FA2F1-BA42-4BBA-8F2C-9207CE166057}
    The browser is bound to 1 NetBt transport.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed
Trust relationship test. . . . . . : Passed
    Secure channel for domain 'KAWARTHACU' is to '\\controller.domain.com'.
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Passed
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
    No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Passed
    Service status  is: Started
    Service startup is: Automatic
    IPSec service is available, but no policy is assigned or active
    Note: run "ipseccmd /?" for more detailed information


The command completed successfully

Thanks!
0
 

Expert Comment

by:DeVryWindows
ID: 22798826
I may be worth looking to Slow Link Detection for Group Policy processing

http://technet.microsoft.com/en-us/library/cc781031.aspx
0
 

Accepted Solution

by:
edalzell earned 0 total points
ID: 22815280
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Synchronize a new Active Directory domain with an existing Office 365 tenant
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question