Problems with Active Directory and DNS

Everyday I have this same issue on different computers. when the users log in a home directory is mapped. 70% everything works right. the rest either make the home drive, but are denied access or it doesn't even apply the login script.

In the event logs, I get these errors.

Event ID: 1054; Event Source: Userenv;

Microsoft Product: Windows Operating System Version: 5.2 Event Source: Userenv Event ID: 1054
Windows cannot obtain the domain controller name for your computer network. (%1). Group Policy processing aborted.

Event ID: 15; Event Source: AutoEnrollment;

Microsoft Product: Windows Operating System Version: 5.2 Event Source: autoenrollment Event ID: 15
Automatic certificate enrollment for %1 failed to contact the active directory (%2). %3 Enrollment will not be performed.

Event ID: 5719; Event Source: NETLOGON;

Microsoft Product: Windows Operating System Version: 5.0 Event Source: NetLogon Event ID: 5719
This computer was not able to set up a secure session with a domain controller in domain %1 due to the following: <BR>%2 <BR>This may lead to authentication problems&#046; Make sure that this computer is connected ...

I have about 150 computers, with 2 servers. 80 computers are on a WLAN, the rest are wired. I get these errors on both the wireless and wired.

The problem is fixed if they just log off and log back on again.

This is starting to become a major problems as half the staff stores there .pst file on there home drive. and when they cannot access the drive, they create another damn .pst file which is compounding the problem.

I have tried applying a gpo to wait for network. I have tried disabling media sense. And also tried the numerous KB articles. all lead me back to the same problem.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Darius GhassemCommented:

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Dariusq: If there was a problem with the secure channel, a log off/log on -> problem solved, would not be possible.

> "Windows cannot obtain the domain controller name for your computer network"...

If the clients don't have a working DNS to "guide" them through the resources in the domain, they can't get a hold of the resources. They can log on if cached credential is used, but their home directory will not be mapped.

1. How many domain controllers do you have?
2. Are all DC running DNS (AD integrated?) and are all clients using these as their DNS?
3. On a host that failes: Can the host resolve the name of i.e. your fileserver?
4. On a host that failes: cmd -> set | find "logonserver" . Is this a DC?


Darius GhassemCommented:
Even with a logon and log off would fix the issue. I just had this same issue less then a month ago. There was still on PC that wouldn't take the netdom reset right so I renamed the actual computer name and had no issues after that.
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

Con366Author Commented:
ya I tried the first solution, but it's a no go.

To answer the second question

1. 1 DC
2. YES
3. Yes
4. It shows the correct DC server
Con366Author Commented:
I'll try this one her in about a hour.

I managed to get one machine corrected by reinstalling the network card drivers. the machine have SP3 on them, so hopefully the reg entries are still the same.

I also tried reinstalling the wireless drivers in another machine. I'll see today if that corrects it.
Con366Author Commented:
managed to keep the error to stop after reinstalling the nic, moving the machine to a WG, deleting the account in AD, resetting the SID, then rejoining it to the domain.

But the wireless is still giving a problem.
Have you tried physically making an entry in the lmhosts file?
follow this link:

IN specific, this part....

Domain Browsing with LMHOSTS
Without WINS, you need special LMHOSTS entries that designate who all the domain controllers are. This is done in the following convention:  ComputerName   #PRE  #DOM:DomainName
When a computer is booted, it reads these entries and store them permanently in the NetBIOS name cache until the computer is powered down. (Because of this, it is best that these entries are last in the LMHOSTS file, for subsequent LMHOSTS parsing efficiency.) All computers in the domain needs one of these entries for each domain controller (in the local domain), as well as one for the PDC. Also note the exact order of #PRE #DOM, and that they are capitalized. The other names are not case sensitive.

I had this problem at a number of sites for no reason, and hard coding the DC info always worked.  It may not be recommended, but whatever, worked for me.
Con366Author Commented:
I assume the should be the computers IP? how does this affect it if the computer uses DHCP?  ComputerName   #PRE  #DOM:DomainName

The computers IP                    Computer name                     Domain name
that is correct.  It does not affect DHCP in terms of obtaining IP, I just makes the DC easier to find.

c:\windows\system32\drivers\etc      Computername      #PRE      #DOM:domain_name

for this simple entry, you can just add at the end of the file, after all the #'s in the sample file, which are just comments.  They recommend that you empty the file out, but I never do.

DHCP entries in scope still take effect if you are using DHCP from server, or if from Router, then DNS just goes through.   No changes at all happen other than this lets the PC resolve the DC address quicker.  IF this works, there is definitely a problem with your DNS.  You could try adding the DNS server to the IP properties of the NIC as well.  Both *should* accomplish the same thing.

Let me know if I can help further.
Con366Author Commented:
Okay i will try it.

also i wanted to note. I have fixed alot of the wired computers problems. whats remaining is the wireless computers
should be the same thing, providing you are obtaining same subnet from DHCP.  
Con366Author Commented:
What I don't understand is. After loggin the second time, everything works. If DNS was the problem why would it not affect all the machines
hmmmmm.  not sure
Con366Author Commented:
The solution to the problem was because of a rouge DHCP server. Once I locate this, and took it off the network the errors stopped.

Thank you everyone for the help
yup.  that will do it.  Did somebody try and use a router as a switch without disabling the DHCP Server function?  I had somebody do that here once and it took me 3 days to find it, because apparently nobody did anything to the network......  :)
Darius GhassemCommented:
That would cause the problem. I'm surprise there wasn't other errors.
Con366Author Commented:
Yep they put in a d-link router and forgot to turn of dhcp.

Took me a little, but after sniffing the network, I was able to get the mac address which linked it to the d-link. From there i started going office to office. Got lucky on the 3rd office. Once that damn thing was gone, it was like night and day.

Oh and darusg, there were other errors. But mainly the one I overlooked for the tcp/ip error. I assumed it was just a dack sent from my dhcp server to that the ip was taken. Once I look at the error closer, I found it was trying to give a weird dns address.
Con366Author Commented:
Also after all this I still have 4 computers that are given me the 1054 and 15 errors.

I have reset the sid. Took it off the domain, delete the account and rejoined it. But the error still comes up.

In the event log I can see a tcp/ip error where it couldn't get a ip. But it has a ip that is registered in dns correctly.

Any ideas?
Con366Author Commented:
Also with this. Each of these are clones. But I figured resetting the sid would have taken care of this
not sure about the SID.....used to use ghost walker to deal with this under NT4, but not since.....  wierd DNS is also how I found my router/switch issue as well.....

Con366Author Commented:
Nevermind. Fixed another stupid problems. Seems my previous installed Vista network drivers instead of the XP ones. Disk looks exactly the same, so I will give him a little credit.

Bot would connect. But the Vista ones would not connect at startup.

Anyways I split the points between you two. thanks for the help
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.