Con366
asked on
Problems with Active Directory and DNS
Everyday I have this same issue on different computers. when the users log in a home directory is mapped. 70% everything works right. the rest either make the home drive, but are denied access or it doesn't even apply the login script.
In the event logs, I get these errors.
Event ID: 1054; Event Source: Userenv;
Microsoft Product: Windows Operating System Version: 5.2 Event Source: Userenv Event ID: 1054
Windows cannot obtain the domain controller name for your computer network. (%1). Group Policy processing aborted.
Event ID: 15; Event Source: AutoEnrollment;
Microsoft Product: Windows Operating System Version: 5.2 Event Source: autoenrollment Event ID: 15
Automatic certificate enrollment for %1 failed to contact the active directory (%2). %3 Enrollment will not be performed.
Event ID: 5719; Event Source: NETLOGON;
Microsoft Product: Windows Operating System Version: 5.0 Event Source: NetLogon Event ID: 5719
This computer was not able to set up a secure session with a domain controller in domain %1 due to the following: <BR>%2 <BR>This may lead to authentication problems. Make sure that this computer is connected ...
I have about 150 computers, with 2 servers. 80 computers are on a WLAN, the rest are wired. I get these errors on both the wireless and wired.
The problem is fixed if they just log off and log back on again.
This is starting to become a major problems as half the staff stores there .pst file on there home drive. and when they cannot access the drive, they create another damn .pst file which is compounding the problem.
I have tried applying a gpo to wait for network. I have tried disabling media sense. And also tried the numerous KB articles. all lead me back to the same problem.
In the event logs, I get these errors.
Event ID: 1054; Event Source: Userenv;
Microsoft Product: Windows Operating System Version: 5.2 Event Source: Userenv Event ID: 1054
Windows cannot obtain the domain controller name for your computer network. (%1). Group Policy processing aborted.
Event ID: 15; Event Source: AutoEnrollment;
Microsoft Product: Windows Operating System Version: 5.2 Event Source: autoenrollment Event ID: 15
Automatic certificate enrollment for %1 failed to contact the active directory (%2). %3 Enrollment will not be performed.
Event ID: 5719; Event Source: NETLOGON;
Microsoft Product: Windows Operating System Version: 5.0 Event Source: NetLogon Event ID: 5719
This computer was not able to set up a secure session with a domain controller in domain %1 due to the following: <BR>%2 <BR>This may lead to authentication problems. Make sure that this computer is connected ...
I have about 150 computers, with 2 servers. 80 computers are on a WLAN, the rest are wired. I get these errors on both the wireless and wired.
The problem is fixed if they just log off and log back on again.
This is starting to become a major problems as half the staff stores there .pst file on there home drive. and when they cannot access the drive, they create another damn .pst file which is compounding the problem.
I have tried applying a gpo to wait for network. I have tried disabling media sense. And also tried the numerous KB articles. all lead me back to the same problem.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Even with a logon and log off would fix the issue. I just had this same issue less then a month ago. There was still on PC that wouldn't take the netdom reset right so I renamed the actual computer name and had no issues after that.
ASKER
ya I tried the first solution, but it's a no go.
To answer the second question
1. 1 DC
2. YES
3. Yes
4. It shows the correct DC server
To answer the second question
1. 1 DC
2. YES
3. Yes
4. It shows the correct DC server
ASKER
I'll try this one her in about a hour.
I managed to get one machine corrected by reinstalling the network card drivers. the machine have SP3 on them, so hopefully the reg entries are still the same.
I also tried reinstalling the wireless drivers in another machine. I'll see today if that corrects it.
I managed to get one machine corrected by reinstalling the network card drivers. the machine have SP3 on them, so hopefully the reg entries are still the same.
I also tried reinstalling the wireless drivers in another machine. I'll see today if that corrects it.
ASKER
managed to keep the error to stop after reinstalling the nic, moving the machine to a WG, deleting the account in AD, resetting the SID, then rejoining it to the domain.
But the wireless is still giving a problem.
But the wireless is still giving a problem.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I assume the 199.199.199.1 should be the computers IP? how does this affect it if the computer uses DHCP?
199.199.199.1 ComputerName #PRE #DOM:DomainName
The computers IP Computer name Domain name
199.199.199.1 ComputerName #PRE #DOM:DomainName
The computers IP Computer name Domain name
that is correct. It does not affect DHCP in terms of obtaining IP, I just makes the DC easier to find.
c:\windows\system32\driver s\etc
199.199.199.1 Computername #PRE #DOM:domain_name
for this simple entry, you can just add at the end of the file, after all the #'s in the sample file, which are just comments. They recommend that you empty the file out, but I never do.
DHCP entries in scope still take effect if you are using DHCP from server, or if from Router, then DNS just goes through. No changes at all happen other than this lets the PC resolve the DC address quicker. IF this works, there is definitely a problem with your DNS. You could try adding the DNS server to the IP properties of the NIC as well. Both *should* accomplish the same thing.
Let me know if I can help further.
c:\windows\system32\driver
199.199.199.1 Computername #PRE #DOM:domain_name
for this simple entry, you can just add at the end of the file, after all the #'s in the sample file, which are just comments. They recommend that you empty the file out, but I never do.
DHCP entries in scope still take effect if you are using DHCP from server, or if from Router, then DNS just goes through. No changes at all happen other than this lets the PC resolve the DC address quicker. IF this works, there is definitely a problem with your DNS. You could try adding the DNS server to the IP properties of the NIC as well. Both *should* accomplish the same thing.
Let me know if I can help further.
ASKER
Okay i will try it.
also i wanted to note. I have fixed alot of the wired computers problems. whats remaining is the wireless computers
also i wanted to note. I have fixed alot of the wired computers problems. whats remaining is the wireless computers
should be the same thing, providing you are obtaining same subnet from DHCP.
ASKER
What I don't understand is. After loggin the second time, everything works. If DNS was the problem why would it not affect all the machines
hmmmmm. not sure
ASKER
The solution to the problem was because of a rouge DHCP server. Once I locate this, and took it off the network the errors stopped.
Thank you everyone for the help
Thank you everyone for the help
yup. that will do it. Did somebody try and use a router as a switch without disabling the DHCP Server function? I had somebody do that here once and it took me 3 days to find it, because apparently nobody did anything to the network...... :)
That would cause the problem. I'm surprise there wasn't other errors.
ASKER
Yep they put in a d-link router and forgot to turn of dhcp.
Took me a little, but after sniffing the network, I was able to get the mac address which linked it to the d-link. From there i started going office to office. Got lucky on the 3rd office. Once that damn thing was gone, it was like night and day.
Oh and darusg, there were other errors. But mainly the one I overlooked for the tcp/ip error. I assumed it was just a dack sent from my dhcp server to that the ip was taken. Once I look at the error closer, I found it was trying to give a weird dns address.
Took me a little, but after sniffing the network, I was able to get the mac address which linked it to the d-link. From there i started going office to office. Got lucky on the 3rd office. Once that damn thing was gone, it was like night and day.
Oh and darusg, there were other errors. But mainly the one I overlooked for the tcp/ip error. I assumed it was just a dack sent from my dhcp server to that the ip was taken. Once I look at the error closer, I found it was trying to give a weird dns address.
ASKER
Also after all this I still have 4 computers that are given me the 1054 and 15 errors.
I have reset the sid. Took it off the domain, delete the account and rejoined it. But the error still comes up.
In the event log I can see a tcp/ip error where it couldn't get a ip. But it has a ip that is registered in dns correctly.
Any ideas?
I have reset the sid. Took it off the domain, delete the account and rejoined it. But the error still comes up.
In the event log I can see a tcp/ip error where it couldn't get a ip. But it has a ip that is registered in dns correctly.
Any ideas?
ASKER
Also with this. Each of these are clones. But I figured resetting the sid would have taken care of this
not sure about the SID.....used to use ghost walker to deal with this under NT4, but not since..... wierd DNS is also how I found my router/switch issue as well.....
ASKER
Nevermind. Fixed another stupid problems. Seems my previous installed Vista network drivers instead of the XP ones. Disk looks exactly the same, so I will give him a little credit.
Bot would connect. But the Vista ones would not connect at startup.
Anyways I split the points between you two. thanks for the help
Bot would connect. But the Vista ones would not connect at startup.
Anyways I split the points between you two. thanks for the help
> "Windows cannot obtain the domain controller name for your computer network"...
If the clients don't have a working DNS to "guide" them through the resources in the domain, they can't get a hold of the resources. They can log on if cached credential is used, but their home directory will not be mapped.
1. How many domain controllers do you have?
2. Are all DC running DNS (AD integrated?) and are all clients using these as their DNS?
3. On a host that failes: Can the host resolve the name of i.e. your fileserver?
4. On a host that failes: cmd -> set | find "logonserver" . Is this a DC?
SG