cuadmin
asked on
Scripts not running over WAN when logging into domain
We have a new branch office and am having some difficulties with policies when logging into the domain.
When the PC logs in, drive mapping are fine.
Computer Policies do not seem to apply
I can PING the domain controller ok.
When I run a gpudate, everything seems fine:
User Policy Refresh has completed.
Computer Policy Refresh has completed.
However,
In the event logger are several of the following:
ID: 1054, Source: Userenv
Windows cannot obtain the domain controller name for your computer network. (An unexpected network error occurred. ). Group Policy processing aborted.
Any ideas on what could be causing these issues?
Thanks,
E.D.
When the PC logs in, drive mapping are fine.
Computer Policies do not seem to apply
I can PING the domain controller ok.
When I run a gpudate, everything seems fine:
User Policy Refresh has completed.
Computer Policy Refresh has completed.
However,
In the event logger are several of the following:
ID: 1054, Source: Userenv
Windows cannot obtain the domain controller name for your computer network. (An unexpected network error occurred. ). Group Policy processing aborted.
Any ideas on what could be causing these issues?
Thanks,
E.D.
mgonullu
The problem is the delay and gap that happens, when the user enter the password, it try to contact the Domain controller, for a network gap problem the machine ends up by loging locally to the machine and some policies will not be applied and in addition some error messages could be seen.
It could also mean that DNS is slow, or similar issues, since the DC can not be contacted.
Is the WAN slow or congested ?
I hope this helps !
Is the WAN slow or congested ?
I hope this helps !
ASKER
Just did a few more quick tests:
1. Login scrips do run (login.bat) and network drives connect propely
2. While pinging DC, there is no packet loss - 20ms avg. return
3. I can resolve DC hostname, no problem.
I'm assuming it's a port that's being blocked, etc.
I understand you need to following in order to run AD...
53/udp - DNS
88/udp - Kerberos
135/tcp - RPC Endpoint Mapper (DC replication)
369/udp - LDAP
3268/udp - GC
Is there a DCDIAG util or something similar that will assist me with troubleshooting?
Thanks!
E.D.
1. Login scrips do run (login.bat) and network drives connect propely
2. While pinging DC, there is no packet loss - 20ms avg. return
3. I can resolve DC hostname, no problem.
I'm assuming it's a port that's being blocked, etc.
I understand you need to following in order to run AD...
53/udp - DNS
88/udp - Kerberos
135/tcp - RPC Endpoint Mapper (DC replication)
369/udp - LDAP
3268/udp - GC
Is there a DCDIAG util or something similar that will assist me with troubleshooting?
Thanks!
E.D.
ASKER
mgonullu, thanks for the suggestion.
I already have this enabled..... :-)
I already have this enabled..... :-)
ASKER
FYI... after running a netdiag, here's what I get.
C:\Program Files\Support Tools>netdiag /fix
Netcard queries test . . . . . . . : Passed
Per interface results:
Adapter : Local Area Connection
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : hostname
IP Address . . . . . . . . : 192.168.13.125
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.168.13.1
Primary WINS Server. . . . : 192.168.0.225
Dns Servers. . . . . . . . : 192.168.0.225
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Passed
NetBT name test. . . . . . : Passed
[WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenge
r Service', <20> 'WINS' names is missing.
WINS service test. . . . . : Passed
Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{609FA2F1-BA42
1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
[WARNING] You don't have a single interface with the <00> 'WorkStation Servi
ce', <03> 'Messenger Service', <20> 'WINS' names defined.
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Passed
Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{609FA2F1-BA42
The redir is bound to 1 NetBt transport.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{609FA2F1-BA42
The browser is bound to 1 NetBt transport.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed
Trust relationship test. . . . . . : Passed
Secure channel for domain 'KAWARTHACU' is to '\\controller.domain.com'.
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Passed
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Passed
Service status is: Started
Service startup is: Automatic
IPSec service is available, but no policy is assigned or active
Note: run "ipseccmd /?" for more detailed information
The command completed successfully
Thanks!
C:\Program Files\Support Tools>netdiag /fix
Netcard queries test . . . . . . . : Passed
Per interface results:
Adapter : Local Area Connection
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : hostname
IP Address . . . . . . . . : 192.168.13.125
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.168.13.1
Primary WINS Server. . . . : 192.168.0.225
Dns Servers. . . . . . . . : 192.168.0.225
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Passed
NetBT name test. . . . . . : Passed
[WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenge
r Service', <20> 'WINS' names is missing.
WINS service test. . . . . : Passed
Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{609FA2F1-BA42
1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
[WARNING] You don't have a single interface with the <00> 'WorkStation Servi
ce', <03> 'Messenger Service', <20> 'WINS' names defined.
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Passed
Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{609FA2F1-BA42
The redir is bound to 1 NetBt transport.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{609FA2F1-BA42
The browser is bound to 1 NetBt transport.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed
Trust relationship test. . . . . . : Passed
Secure channel for domain 'KAWARTHACU' is to '\\controller.domain.com'.
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Passed
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Passed
Service status is: Started
Service startup is: Automatic
IPSec service is available, but no policy is assigned or active
Note: run "ipseccmd /?" for more detailed information
The command completed successfully
Thanks!
I may be worth looking to Slow Link Detection for Group Policy processing
http://technet.microsoft.com/en-us/library/cc781031.aspx
http://technet.microsoft.com/en-us/library/cc781031.aspx
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.