Solved

Usernv Error Event ID 1054 Cannot Reach Domain Controller

Posted on 2010-11-11
11
1,840 Views
Last Modified: 2012-05-10
I am receiving the following error on all member machines in my domain.

"Windows cannot obtain the domain controller name for your computer network. (An unexpected network error occurred. ). Group Policy processing aborted. "

Additionally, I am not able to ping the Domain Controller from any of these machines, although I can ping the other way.  

My setup is as follows:

Single Domain Controller: Dell PowerEdge R710, Dual Intel Quad Core, 24GB RAM
Windows Server 2008 Service Pack 2
Windows Firewall is enabled with exceptions
Trend Micro WorryFree Business Security Advanced is installed

Member Servers
Windows Server 2003 and 2008 SP2, various roles

Member Computers:
Windows XP SP3


Here is what I have attempted:
1. Removed a machine from the domain and then re-added it back.  The Event ID's still existed and I was still unable to ping the DC.

2. Confirmed that the DNS settings are correct

3. I ran DCDIAG on the DC, and all tests passed, although it is complaining thatI have too few addresses available in my DHCP scope

Any ideas?



0
Comment
Question by:Sleestack90
  • 6
  • 5
11 Comments
 
LVL 3

Expert Comment

by:msincorp
ID: 34115617
Seems like a DNS issue.

Make sure the workstation is "pointing" to the local DNS server (domain controller) in the TCP/IP settings.  Follow instructions below.  This should do it.

Windows Server 2003
Open Network Connections in Control Panel.
Right-click Local Area Connection, and then click Properties.
Click Internet Protocol (TCP/IP), and then click Properties.
Type the correct DNS address in the Preferred DNS server box.
Click OK.

Windows XP Professional
Click Start, click Control Panel, click Network and Internet Connections, and then click Network Connections.
Right-click Local Area Connection, and then click Properties.
Click Internet Protocol (TCP/IP), and then click Properties.
Select the Use the following DNS server addresses option button if it is not already selected.
Type the correct DNS address in the Preferred DNS server box.
Click OK.

Good luck!!!

Chris
0
 

Author Comment

by:Sleestack90
ID: 34115667
Chris:

Thanks for the quick reply.

While on some XP machines, it is possible that "Obtain a DNS server automatically" might be checked, on all server machines and the vast majority of workstations, the correct DNS address has been assigned in the Preferred DNS server.

0
 
LVL 3

Expert Comment

by:msincorp
ID: 34115819
Concerned about the workstation.  I'd like to see you "point" the workstation to the domain controller in the tcp/ip settings.

Also, and entry in the host file (c:\windows\system32\drivers\hosts) pointing to that same server would also make sure it was not getting conflicting information from another device on the network.

Lastly I'd turn off the firewall on the workstation (both the windows firewall and any 3rd party firewall) and see if you can successfully.  I would also try the same on the server just to eliminate that from the mix.  (make sure to re "enable" firewalls after testing).

Chris
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 

Author Comment

by:Sleestack90
ID: 34116061
Firewall on the server is causing the issue.  When I turned that off, I can ping the DC from a workstation.  I would rather not leave the firewall on, so what policy would be affecting this?
0
 
LVL 3

Expert Comment

by:msincorp
ID: 34116125
ok... let me see if I understand.  

Some users DON'T have this connection problem with the server firewall on, while others do.  Once the firewall is turned off on the server all workstations can see the server.

Unless the users are being affected by a group policy, I'm more inclined to think is has something to do with the PC itself, and not the user.  

The easy check is to turn the firewall back on, and then login on one of the workstations that CANNOT connect using a username that CAN connect from another workstation.  If you are successful, we look at the user (not likely) if you are not successful, we look at the PC.

I think we need to make that distinction first, and then deal with the result.  My money is on the PC, possibly a different switch, segment, or a local configuration and not on the user.

Let me know.

Chris
0
 

Author Comment

by:Sleestack90
ID: 34116157
All users have the problem with the firewall on the Domain Controller turned on.

All users no longer have the problem when the firewall on the Domain Controller is turned off.

It has to be the firewall on the DC
0
 
LVL 3

Accepted Solution

by:
msincorp earned 500 total points
ID: 34116410
Lets try this... can you save all of your firewall rules to a file, then remove all of the rules from the firewall , create a new rule allowing all traffic in both directions and see if we can connect.

What I'd like to see is can we run the firewall, with no blocking rules, and make a connection.  If we can then we simply add the rules back one by one until we find the one that is causing the issue.  If not we need to check to see what is wrong with the firewall (not the rules).

Thanks.

Chris

0
 

Author Comment

by:Sleestack90
ID: 34116710
Chris:

I will have to get back to you tomorrow.  In the meantime, thanks again for your help!
0
 
LVL 3

Expert Comment

by:msincorp
ID: 34116722
no problem... if I think of anything else I'll post.
0
 

Author Comment

by:Sleestack90
ID: 34122692
There were rules in the Windows firewall settings that could not be deleted.  In Logal Computer Policy, I browsed to Computer Configuration => Administrative Templates => Network => Network Connections => Windows Firewall => Domain Profile.  The "Windows Firewall: Allow ICMP exceptions" policy was set to "Disabled".  

After I set the policy to "Not Configured", the suspect rules in Windows Firewall disappeared, and I am now able to ping the DC.

Thanks for your help.
0
 
LVL 3

Expert Comment

by:msincorp
ID: 34122745
Outstanding!!

Great work, and I'm glad I could help.

Take care.

Chris
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question