Solved

Scripts not running over WAN when logging into domain

Posted on 2008-10-23
8
529 Views
Last Modified: 2012-05-05
We have a new branch office and am having some difficulties with policies when logging into the domain.
When the PC logs in, drive mapping are fine.
Computer Policies do not seem to apply
I can PING the domain controller ok.
When I run a gpudate, everything seems fine:
    User Policy Refresh has completed.
    Computer Policy Refresh has completed.

However,
In the event logger are several of the following:
ID: 1054, Source: Userenv
Windows cannot obtain the domain controller name for your computer network. (An unexpected network error occurred. ). Group Policy processing aborted.

Any ideas on what could be causing these issues?

Thanks,

E.D.
0
Comment
Question by:edalzell
8 Comments
 
LVL 9

Expert Comment

by:mgonullu
ID: 22787795
The problem is the delay and gap that happens, when the user enter the password, it try to contact the Domain controller, for a network gap problem the machine ends up by loging locally to the machine and some policies will not be applied and in addition some error messages could be seen.
0
 
LVL 63

Expert Comment

by:SysExpert
ID: 22789053
It could also mean that DNS is slow, or similar issues, since the DC can not be contacted.

Is the WAN slow or congested ?


I hope this helps !
0
 

Author Comment

by:edalzell
ID: 22789675
Just did a few more quick tests:

1. Login scrips do run (login.bat) and network drives connect propely
2. While pinging DC, there is no packet loss - 20ms avg. return
3. I can resolve DC hostname, no problem.

I'm assuming it's a port that's being blocked, etc.
I understand you need to following in order to run AD...
53/udp - DNS
88/udp - Kerberos
135/tcp - RPC Endpoint Mapper (DC replication)
369/udp - LDAP
3268/udp - GC

Is there a DCDIAG util or something similar that will assist me with troubleshooting?

Thanks!

E.D.
0
 
LVL 9

Expert Comment

by:mgonullu
ID: 22790659
See this Microsoft solution:

http://support.microsoft.com/kb/304970
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 

Author Comment

by:edalzell
ID: 22797649
mgonullu, thanks for the suggestion.
I already have this enabled..... :-)
0
 

Author Comment

by:edalzell
ID: 22798717
FYI... after running a netdiag, here's what I get.

C:\Program Files\Support Tools>netdiag /fix

Netcard queries test . . . . . . . : Passed

Per interface results:

    Adapter : Local Area Connection

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : hostname
        IP Address . . . . . . . . : 192.168.13.125
        Subnet Mask. . . . . . . . : 255.255.255.0
        Default Gateway. . . . . . : 192.168.13.1
        Primary WINS Server. . . . : 192.168.0.225
        Dns Servers. . . . . . . . : 192.168.0.225
        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Passed

        NetBT name test. . . . . . : Passed
        [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenge
r Service', <20> 'WINS' names is missing.

        WINS service test. . . . . : Passed
Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{609FA2F1-BA42-4BBA-8F2C-9207CE166057}
    1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
    [WARNING] You don't have a single interface with the <00> 'WorkStation Servi
ce', <03> 'Messenger Service', <20> 'WINS' names defined.

Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Passed
Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
        NetBT_Tcpip_{609FA2F1-BA42-4BBA-8F2C-9207CE166057}
    The redir is bound to 1 NetBt transport.

    List of NetBt transports currently bound to the browser
        NetBT_Tcpip_{609FA2F1-BA42-4BBA-8F2C-9207CE166057}
    The browser is bound to 1 NetBt transport.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed
Trust relationship test. . . . . . : Passed
    Secure channel for domain 'KAWARTHACU' is to '\\controller.domain.com'.
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Passed
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
    No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Passed
    Service status  is: Started
    Service startup is: Automatic
    IPSec service is available, but no policy is assigned or active
    Note: run "ipseccmd /?" for more detailed information


The command completed successfully

Thanks!
0
 

Expert Comment

by:DeVryWindows
ID: 22798826
I may be worth looking to Slow Link Detection for Group Policy processing

http://technet.microsoft.com/en-us/library/cc781031.aspx
0
 

Accepted Solution

by:
edalzell earned 0 total points
ID: 22815280
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now