Solved

Several w2k3 servers in AD domain not receiving latest Computer Config settings from GPO

Posted on 2009-06-28
6
267 Views
Last Modified: 2013-12-24
I have several Windows 2003 SP2 servers that have not received the latest Computer Configuration settings for several months (The last successful one was in March).  Other servers in the AD domain have been getting the updates and are fine.  When I generate an RSOP against the problem server I get the following:
Component Name
Group Policy Infrastructure
The specified domain either does not exist or could not be contacted
Note: Due to the GP Core failure, none of the other Group Policy components processed their policy.  Consequently, status information for the other components is not available.
Additionally, I get a '1053 Userenv error'.  This event pops up after the server is rebooted.

I have checked DNS (statically defined) and the network settings on the NIC and they look good.  I have also checked the BIOS name and have verified that the computer object exists in the Domain.  Other applications on the server function correctly, and the user configuration settings apply just fine.

I have been working on this for quite a while, trying to find something causing this but I keep coming up empty.  Please advise.

Thanks
 

0
Comment
Question by:sagdoc
  • 3
  • 2
6 Comments
 
LVL 10

Expert Comment

by:Datedman
ID: 24732497
Try NETDIAG yet?

Can you post IPCONFIG /ALL from one of the machines that is having the problem and also from one that is not having it?
0
 
LVL 27

Expert Comment

by:bluntTony
ID: 24732552
Hi there. What's the actual error message in the 1053 event you're getting?
Sounds like a possible permissions issue. If user settings are being applied OK and you're not experiencing other problems, then it sounds like your IP config is likely to be OK, as is DNS (this would suggest at least).
Is there anything these servers have anything in common? e.g. they're the only servers on a particular site?
Have you tried disjoining a server, deleting it's computer account and rejoining it to the domain?
0
 

Author Comment

by:sagdoc
ID: 24732601
Currently, I can't post an IPconfig for legal reasons, but I did not see anything out of the ordinary.  I have not tried Netdiag but I will on Monday and describe the results.  They are all in the same site, our AD site structure is fully centralized.  There is nothing specific in common other than Ops system and version.  

I have not disjoined, deleted,  rejoined the computer yet, mostly because I am concerned it may not go back in (since I don't know the root cause of this problem) and it is a sensitive server.  
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:sagdoc
ID: 24738509
So I ran a Netdiag against one of the problem servers but unfortunately, all tests passed.  The 1053 event error states:
Windows cannot determine the user or computername. (The specified domain either does not exist or could not be contacted).  Group Policy processing aborted.  
This seems to happen after a reboot.
0
 
LVL 27

Accepted Solution

by:
bluntTony earned 500 total points
ID: 24738730
I would also run a DCDIAG test on the server, but I have a feeling it will return back clean.
If users can logon the to server in question, double check your IP settings are correct with respects to DNS, and run some nslookup tests. Try this:
nslookup
set type=srv
_ldap._tcp.domain.local
(where domain.local is your domain name). The resulting output should list a record for each DC on your domain. If nothing returns, then it could be a DNS issue. If you do get problems, try logging on to the server as a user that will not have cached credentials on it. If this fails as well this would also suggest DNS. If this is the case disable the firewall on the server and try again.
If none of this fixes it, I would suggest disjoining, resetting the computer account password, then re-joining. If this doesn't work, then try disjoin, delete account, re-join.
0
 

Author Closing Comment

by:sagdoc
ID: 31597731
The rejoin worked for one server but not the other.  
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Resolve DNS query failed errors for Exchange
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
Video by: Steve
Using examples as well as descriptions, step through each of the common simple join types, explaining differences in syntax, differences in expected outputs and showing how the queries run along with the actual outputs based upon a simple set of dem…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now