Blank Screen Problem on Windows Server 2003

One of our servers is a Windows 2003 Dell that has a random problem where for no apparent reason, after logging in to a RDP accout, the user's screen is blank. You can see the mouse pointer and the Remote Desktop "envelope" at ethe top of the screen, but there are no shortcuts and no taskbar. Ricght-clicking does nothing. This has happened to about six accounts over the past three months. My workaround is to just create a new user account for each employee when this happens, but that does not solve the problem that is causing it.

I checked the event viewer and found several errors, but I do know know whether these are related to the blank screen problem.

Does anyone have any thoughts on what is causing this?
alnc2004Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Justin OwensITIL Problem ManagerCommented:
Why don't you post the errors and let us look over them?
0
alnc2004Author Commented:
Here is a screenshot of the event viewer.
Psyche-Problem.png
0
Justin OwensITIL Problem ManagerCommented:
Are there any other errors besides the 1053?  That can be caused by several different factors, including DNS, Kerebos, User restrictions, etc....  More info would be helpful....
Justin
0
Introducing Cloud Class® training courses

Tech changes fast. You can learn faster. That’s why we’re bringing professional training courses to Experts Exchange. With a subscription, you can access all the Cloud Class® courses to expand your education, prep for certifications, and get top-notch instructions.

alnc2004Author Commented:
Here are more screen shots.
Psyche-Problem2.png
Psyche-Problem3.png
0
ChiefITCommented:
looks like DNS isues:

Check the DNS delegation records:

http://www.experts-exchange.com/Networking/Protocols/DNS/Q_24349599.html
0
ChiefITCommented:
before applying the fix, just confirm the DNS delegation records are greyed out.
0
alnc2004Author Commented:
Chief,

I cannot find the exact location that you have in your screen shot, but here are two more. This server is not a DNS server. We use an open DNS on our network (4.2.2.2 & 4.2.2.3).
Pschye-Server-DNS-Problem.png
0
alnc2004Author Commented:
It should not be doing this.
Pschye-Server-DNS-Problem-2.png
0
ChiefITCommented:
If you use Open DNS and go outside the network for DNS resolution to the domain controllers, than that's your problem.

All clients and servers should be pointing to your internal DNS server as the preferred DNS server. Otherwise they skip the domain controller. Also the domain controllers cant see each other.

So, None of your clients and server can see each other.
0
alnc2004Author Commented:
Maybe I phrased that wrong. We use the firewall for DHCP and in the settings on the gateway, we use 4.2.2.2 as the DNS. All of our machines inside the network that have static IPs (including this server)have our ISPs DNS. Is this still wrong?

Our machines can definately see each other and the only problem that we are having is the "blue/ blank screen" when certain RDP users connect.
0
Justin OwensITIL Problem ManagerCommented:
That is your problem
You MUST have internal DNS servers as your DHCP issued DNS for AD to work correctly.  If you change your DNS lease to your internal servers, you should be fine.  It will also clear up a lot of other issues that you appear to be having in the background.  Your internal DNS servers should forward non-domain requests to an external lookup.
Justin
0
alnc2004Author Commented:
Does it matter which server does te DHCP?
What is the difference in a server doing it and the router assigning local IPs?

Jess
0
Justin OwensITIL Problem ManagerCommented:
Well, that is more a matter of preference than anything else.  I prefer to have an authorized Windows server for DHCP, because it integrates with AD so well...  There is, however, not a SUPER strong technical arguement against using a firewall or router to do it.  Bottom line, though, is whatever you use needs to be leasing your INTERNAL DNS servers as both primary and secondary.  Don't use external DNS servers for that.
Justin
0
alnc2004Author Commented:
Okay, I am following you now. Let me just recap before I make any changes.

We have five servers at the main office, which is the location that we have been discussing. Three of the servers run Server 2003 and two run 2008. We upgraded to a Sonicwall NSA 2400 about a year ago and when we did, we changed DHCP from one of the 2003 machines to the firewall. After an  tech support call regarding content filtering with Sonicwall, I left the 4.2.2.2 DNS in the router.

If I change the DNS on the Sonicwall back to the ISP supplied DNS, will that solve the problem?

Thanks,
Jess
DNS.png
0
Justin OwensITIL Problem ManagerCommented:
Yes... Change the Verizon IP addresses to your internal DNS server addresses.
0
Justin OwensITIL Problem ManagerCommented:
When I said yes, I didn't process your question completely.  Do not set your DNS to the ones provided by your ISP (The greyed out addresses).  You need to set the top portion to your INTERNAL DNS servers.
0
ChiefITCommented:
DU:

Clients and servers also need direction to the Internal DNS server.

alnc:

let your company know, as you fix this, things will be sketchy.
0
Justin OwensITIL Problem ManagerCommented:
ChiefIT is correct.  ALL Windows based machines need to be pointing to internal DNS server, not to the Verizion IPs you have listed above.
0
alnc2004Author Commented:
Okay. I will use one of our internal machines to assign DHCP and we will use the ISP DNS instead of 4.2.2.2.

Thanks,
Jess
0
Justin OwensITIL Problem ManagerCommented:
NO!  Don't do that.
If you want to use an internal machine to assign DHCP that is fine, but what is important is the address which is assigned. Assigning your ISP DNS will not fix your problems.  AD is inherantly tied to AD.  You MUST have an internal DNS server for AD to function.  ALL servers and workstations (whether static or dynamic) which are connected to the domain need to be pointing to THAT internal DNS server (that you own and maintain), not anything external.
Justin
0
ChiefITCommented:
What Dr. Ultima and I are trying to tell you is.

DHCP should be served by a Microsoft server, preferably a domain controller.

It is also wise to use DNS on the domain controllers. this way all global catalogs point to themselves for DNS. AD domain controllers have SRV records within DNS to point to the global catalog as well as find its replication partners. The problem with hosting DNS on your router, OR your ISP, is neither will hold onto those SRV records for your domain. So, your domain servers will not be able to find their replications partners, Clients will not be able to find the domain servers for authentication, and none of your computers know where the global catalog servers are.

To fix your issue, Host DNS and DHCP on your domain controllers. But, if you host DHCP on more than one DC, make sure they don't provide IP addresses on the same address pool.

After configuring those two services on the domain controllers, go to the command prompt of all domain controllers and type:

IPconfig /flushdns
IPconfig /registerdns
Net stop Netlogon
Net start Netlogon.

before doing this, make sure you change EVERY client, server and inside firewall to POINT to your domain servers as the preferred DNS server.

By HOSTING DNS outside the domain, you are skipping your servers for authentication and going outside the domain to look for domain services. So, don't host DNS on your firewall OR don't host DNS on your ISP. Host DNS locally.





0
alnc2004Author Commented:
Would it be easier to turn off AD? The server that is having the blank screen problem was set up by the vendor of the software, so we don't really need it.
0
Justin OwensITIL Problem ManagerCommented:
Turning off AD, if all your computers are members of the domain, could cause many problems for you.  If, on the other hand, your computers are not members of the domain (which is what I am starting to think, because if you have always been pointing to Verizon's trunk servers you would never have been able to join the workstations to the domain) it may cause you no problems at all.
Let's take a step back and ask some overview questions: How many servers do you have?  How many workstations do you have?  How do people log into said servers and workstations?
Justin
0
alnc2004Author Commented:
We have five servers at the location that we are talking about.

We connect to the network using workgroups, not a domain.

We have about 50 workstations onsite at our primary location.
0
ChiefITCommented:
It's your call boss. This is your network.

All I can do is highly recommend you migrate to a domain, for your sake and for the user's sake.

So, let me tell  you a couple things you are missing out on.

Sounds like you are the network administrator. A domain has so many great features for network administrators that drastically reduce administering computers.

One is Email. Let's say you want to administer Exchange services for Email. In that case, you need Active Directory.

Another is group policy.

Another is Distributive File shares

Another is printing services.

File sharing is automatic.

You have five servers which is way more hardware than you really need in a domain of 50 clients. Two Servers could administer this domain and all emenities. Then, all computers can be administered by you with ease. Also, you have more control over Updates services, printing, email, flie sharing, printing, inability to logon like lost passwords..... These daily tasks, as an administrator, in a workgroup environment, take time to set down to every machine and fix. Also it takes time to educate your users how to work in a workgroup environment.

I have to say, Domains are so much better to work with.  

If you want domain features, we can help. It will be a bit of work to configure, and you will have a bit of down time. But, the benifits outweigh the costs. This is something you will have to sell management on.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Justin OwensITIL Problem ManagerCommented:
Rather than just retyping what ChiefIT said, I will echo his statements and tell you I agree completely.  I will also throw in Windows Update services (WSUS) is a great way to centrally manage Microsoft patches and updates.  I would try hard to move to a domain setting, but I would also make sure I had help if in your shoes.  Initial decisions on domain building affect long term settings and can be hard (though generally not impossible) to change.
Justin
0
alnc2004Author Commented:
We never sovled the blank RDP question...
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Server OS

From novice to tech pro — start learning today.