Solved

Several w2k3 servers in AD domain not receiving latest Computer Config settings from GPO

Posted on 2009-06-28
6
264 Views
Last Modified: 2013-12-24
I have several Windows 2003 SP2 servers that have not received the latest Computer Configuration settings for several months (The last successful one was in March).  Other servers in the AD domain have been getting the updates and are fine.  When I generate an RSOP against the problem server I get the following:
Component Name
Group Policy Infrastructure
The specified domain either does not exist or could not be contacted
Note: Due to the GP Core failure, none of the other Group Policy components processed their policy.  Consequently, status information for the other components is not available.
Additionally, I get a '1053 Userenv error'.  This event pops up after the server is rebooted.

I have checked DNS (statically defined) and the network settings on the NIC and they look good.  I have also checked the BIOS name and have verified that the computer object exists in the Domain.  Other applications on the server function correctly, and the user configuration settings apply just fine.

I have been working on this for quite a while, trying to find something causing this but I keep coming up empty.  Please advise.

Thanks
 

0
Comment
Question by:sagdoc
  • 3
  • 2
6 Comments
 
LVL 10

Expert Comment

by:Datedman
ID: 24732497
Try NETDIAG yet?

Can you post IPCONFIG /ALL from one of the machines that is having the problem and also from one that is not having it?
0
 
LVL 27

Expert Comment

by:bluntTony
ID: 24732552
Hi there. What's the actual error message in the 1053 event you're getting?
Sounds like a possible permissions issue. If user settings are being applied OK and you're not experiencing other problems, then it sounds like your IP config is likely to be OK, as is DNS (this would suggest at least).
Is there anything these servers have anything in common? e.g. they're the only servers on a particular site?
Have you tried disjoining a server, deleting it's computer account and rejoining it to the domain?
0
 

Author Comment

by:sagdoc
ID: 24732601
Currently, I can't post an IPconfig for legal reasons, but I did not see anything out of the ordinary.  I have not tried Netdiag but I will on Monday and describe the results.  They are all in the same site, our AD site structure is fully centralized.  There is nothing specific in common other than Ops system and version.  

I have not disjoined, deleted,  rejoined the computer yet, mostly because I am concerned it may not go back in (since I don't know the root cause of this problem) and it is a sensitive server.  
0
 

Author Comment

by:sagdoc
ID: 24738509
So I ran a Netdiag against one of the problem servers but unfortunately, all tests passed.  The 1053 event error states:
Windows cannot determine the user or computername. (The specified domain either does not exist or could not be contacted).  Group Policy processing aborted.  
This seems to happen after a reboot.
0
 
LVL 27

Accepted Solution

by:
bluntTony earned 500 total points
ID: 24738730
I would also run a DCDIAG test on the server, but I have a feeling it will return back clean.
If users can logon the to server in question, double check your IP settings are correct with respects to DNS, and run some nslookup tests. Try this:
nslookup
set type=srv
_ldap._tcp.domain.local
(where domain.local is your domain name). The resulting output should list a record for each DC on your domain. If nothing returns, then it could be a DNS issue. If you do get problems, try logging on to the server as a user that will not have cached credentials on it. If this fails as well this would also suggest DNS. If this is the case disable the firewall on the server and try again.
If none of this fixes it, I would suggest disjoining, resetting the computer account password, then re-joining. If this doesn't work, then try disjoin, delete account, re-join.
0
 

Author Closing Comment

by:sagdoc
ID: 31597731
The rejoin worked for one server but not the other.  
0

Join & Write a Comment

Suggested Solutions

In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now