Group Policy Failed. Windows could not resolve the user name.

I have a small network of about 30 computers. We recently installed a new router (Sonicwall) and transferred the task of DHCP to it instead of our Windows 2000 server.  Now our users are getting long login times where Windows 7 just sits on the welcome screen for a while.  Eventviewer throws the following errors:

1053
The processing of Group Policy failed. Windows could not resolve the user name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).

5719
This computer was not able to set up a secure session with a domain controller in domain WESTMINSTERCO due to the following:
There are currently no logon servers available to service the logon request.
This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator.

I am not very knowledgeable of troubleshooting client-server problems.  Can anyone shed light on this?
LVL 1
Vontech615Asked:
Who is Participating?
 
Paul MacDonaldConnect With a Mentor Director, Information SystemsCommented:
Is there a compelling reason not to go back to using a Windows server (even the previous one) as a DHCP server?  It may be your router isn't up to the task or is too busy handling other traffic.
0
 
Paul MacDonaldDirector, Information SystemsCommented:
On any of the computers, if you run IPCONFIG /ALL from a command prompt, do you see valid IP information for your network?  It sounds like these machines are getting bad IPs (or not getting any at all) and can't find a DC as a consequence.
0
 
Vontech615Author Commented:
Yes they all eventually get IP addresses.  Once I make it past the "Welcome" screen and do an IPCONFIG /all , they are getting valid IP addresses and getting through the default gateway just fine. It's almost like it's taking an unusual amount of time for them to get IP's and that is causing the error.
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
Vontech615Author Commented:
Not necessarily but I figured being that the router, a Sonicwall NSA 2400 would be more apt for the task of DHCP since it probably has a beefier processer and or RAM than our older Dell PowerEdge server?  I dunno though.
0
 
Gary ColtharpSr. Systems EngineerCommented:
Never let a router handle DHCP in a domain environment.
0
 
Paul MacDonaldDirector, Information SystemsCommented:
I can't say.  Looking at their product page, they don't note the DHCP feature at all so it must not be a strong selling point.  

DHCP isn't exactly a huge overhead, so I'm surprised you're having trouble as well.  Can you find out if you're running the most recent firmware on the router?  
0
 
Vontech615Author Commented:
I'm wondering if it's a DHCP problem or if somehow the computers are still trying to receive IP addresses from the older server?  The DHCP service on the old server is not enabled though.
0
 
Paul MacDonaldDirector, Information SystemsCommented:
No, the clients broadcast for a DHCP server so they don't know or care who responds.  All other things being equal, this looks like a problem with the new router.  Whether or not it's working normally, I can't say.
0
 
AcklesCommented:
I would suggest the following:
1) Download kerbtray.exe from microsoft site & run it to see if your kerbros is fine.
2) To isolate DHCP give static IP on one of the computers & have a look.

I am sure your kerbros will fail, but you can run kerbtray again after giving static IP to see if it resolves the issue.

Rest after you post these results.

A
0
 
Vontech615Author Commented:
Ackles can you explain this tool in some detail to me and how it pertains to this issue.  I'm somewhat familiar with Kerberos but only through reading not from experieince.  Thanks for your help.
0
 
AcklesCommented:
See group policy depends on many factors, DNS, Time Sync, Kerberos, Site, Domain, OU....
In your case kerberos is definitely failing if you not getting netlogon, as you mentioned, it looks like DHCP issue, if you give static IP that will be ruled out.

Once it's ruled out & if kerbtray gives you green symbol, you have ruled out all the Authentication issues. Then it will be easy to troubleshoot.

If you open command prompt & run "Set" you are actually supposed to see everything required to get you ticket from DC, however XP onwards set command just lies you on the face.... so the only way to see is kerbtray.

Let me know if you need further info.

A
0
 
Vontech615Author Commented:
Ok I set a Static IP address and ran Kerbtray.exe and the tray icon is green and I don't see any signs of error.  I'm assuming that means that authentication is succesful.
0
 
Rob WilliamsCommented:
The sonicwall must hand out ONLY the SBS's IP as a valid DNS server. If it assigns the router or an ISP, even as an alternate, you will have name resolution problems, slow logons, and failed GP.
The SBS really should be your DHCP server. It is such a small service it will not tax the server at all. You should read the following:
http://sbs.seandaniel.com/2008/10/do-i-absolutely-have-to-run-dhcp-on-sbs.html
0
 
Vontech615Author Commented:
Actually, scratch that.  I closed it down and reopened and it says "no network credentials".
0
 
AcklesCommented:
I am lost, are you seeing a Green Ticket on Kerbtray or just three symbols of keys? or what exactly?
0
 
Vontech615Author Commented:
Ok.. disregard last post.. it is definitely showing green.  I think what we are going to do is just assign DHCP service back to the SBS.  
0
 
AcklesCommented:
Yes, now you can & try if the kerbtray is giving you green ticket then DHCP is fine.
0
 
Paul MacDonaldDirector, Information SystemsCommented:
Please be sure to test that solves the problem.
0
 
Vontech615Author Commented:
I will post back here after we make the change.  Thanks for all the replies.
0
 
Vontech615Author Commented:
We gave the task of DHCP back to the server and the problem is fixed.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.