Link to home
Start Free TrialLog in
Avatar of Sleestack90
Sleestack90

asked on

Usernv Error Event ID 1054 Cannot Reach Domain Controller

I am receiving the following error on all member machines in my domain.

"Windows cannot obtain the domain controller name for your computer network. (An unexpected network error occurred. ). Group Policy processing aborted. "

Additionally, I am not able to ping the Domain Controller from any of these machines, although I can ping the other way.  

My setup is as follows:

Single Domain Controller: Dell PowerEdge R710, Dual Intel Quad Core, 24GB RAM
Windows Server 2008 Service Pack 2
Windows Firewall is enabled with exceptions
Trend Micro WorryFree Business Security Advanced is installed

Member Servers
Windows Server 2003 and 2008 SP2, various roles

Member Computers:
Windows XP SP3


Here is what I have attempted:
1. Removed a machine from the domain and then re-added it back.  The Event ID's still existed and I was still unable to ping the DC.

2. Confirmed that the DNS settings are correct

3. I ran DCDIAG on the DC, and all tests passed, although it is complaining thatI have too few addresses available in my DHCP scope

Any ideas?



Avatar of msincorp
msincorp
Flag of United States of America image

Seems like a DNS issue.

Make sure the workstation is "pointing" to the local DNS server (domain controller) in the TCP/IP settings.  Follow instructions below.  This should do it.

Windows Server 2003
Open Network Connections in Control Panel.
Right-click Local Area Connection, and then click Properties.
Click Internet Protocol (TCP/IP), and then click Properties.
Type the correct DNS address in the Preferred DNS server box.
Click OK.

Windows XP Professional
Click Start, click Control Panel, click Network and Internet Connections, and then click Network Connections.
Right-click Local Area Connection, and then click Properties.
Click Internet Protocol (TCP/IP), and then click Properties.
Select the Use the following DNS server addresses option button if it is not already selected.
Type the correct DNS address in the Preferred DNS server box.
Click OK.

Good luck!!!

Chris
Avatar of Sleestack90
Sleestack90

ASKER

Chris:

Thanks for the quick reply.

While on some XP machines, it is possible that "Obtain a DNS server automatically" might be checked, on all server machines and the vast majority of workstations, the correct DNS address has been assigned in the Preferred DNS server.

Concerned about the workstation.  I'd like to see you "point" the workstation to the domain controller in the tcp/ip settings.

Also, and entry in the host file (c:\windows\system32\drivers\hosts) pointing to that same server would also make sure it was not getting conflicting information from another device on the network.

Lastly I'd turn off the firewall on the workstation (both the windows firewall and any 3rd party firewall) and see if you can successfully.  I would also try the same on the server just to eliminate that from the mix.  (make sure to re "enable" firewalls after testing).

Chris
Firewall on the server is causing the issue.  When I turned that off, I can ping the DC from a workstation.  I would rather not leave the firewall on, so what policy would be affecting this?
ok... let me see if I understand.  

Some users DON'T have this connection problem with the server firewall on, while others do.  Once the firewall is turned off on the server all workstations can see the server.

Unless the users are being affected by a group policy, I'm more inclined to think is has something to do with the PC itself, and not the user.  

The easy check is to turn the firewall back on, and then login on one of the workstations that CANNOT connect using a username that CAN connect from another workstation.  If you are successful, we look at the user (not likely) if you are not successful, we look at the PC.

I think we need to make that distinction first, and then deal with the result.  My money is on the PC, possibly a different switch, segment, or a local configuration and not on the user.

Let me know.

Chris
All users have the problem with the firewall on the Domain Controller turned on.

All users no longer have the problem when the firewall on the Domain Controller is turned off.

It has to be the firewall on the DC
ASKER CERTIFIED SOLUTION
Avatar of msincorp
msincorp
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Chris:

I will have to get back to you tomorrow.  In the meantime, thanks again for your help!
no problem... if I think of anything else I'll post.
There were rules in the Windows firewall settings that could not be deleted.  In Logal Computer Policy, I browsed to Computer Configuration => Administrative Templates => Network => Network Connections => Windows Firewall => Domain Profile.  The "Windows Firewall: Allow ICMP exceptions" policy was set to "Disabled".  

After I set the policy to "Not Configured", the suspect rules in Windows Firewall disappeared, and I am now able to ping the DC.

Thanks for your help.
Outstanding!!

Great work, and I'm glad I could help.

Take care.

Chris