[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Group Policy Failed. Windows could not resolve the user name.

Posted on 2011-10-25
20
Medium Priority
?
4,497 Views
Last Modified: 2012-05-12
I have a small network of about 30 computers. We recently installed a new router (Sonicwall) and transferred the task of DHCP to it instead of our Windows 2000 server.  Now our users are getting long login times where Windows 7 just sits on the welcome screen for a while.  Eventviewer throws the following errors:

1053
The processing of Group Policy failed. Windows could not resolve the user name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).

5719
This computer was not able to set up a secure session with a domain controller in domain WESTMINSTERCO due to the following:
There are currently no logon servers available to service the logon request.
This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator.

I am not very knowledgeable of troubleshooting client-server problems.  Can anyone shed light on this?
0
Comment
Question by:Vontech615
  • 9
  • 5
  • 4
  • +2
20 Comments
 
LVL 34

Expert Comment

by:Paul MacDonald
ID: 37025608
On any of the computers, if you run IPCONFIG /ALL from a command prompt, do you see valid IP information for your network?  It sounds like these machines are getting bad IPs (or not getting any at all) and can't find a DC as a consequence.
0
 
LVL 1

Author Comment

by:Vontech615
ID: 37025648
Yes they all eventually get IP addresses.  Once I make it past the "Welcome" screen and do an IPCONFIG /all , they are getting valid IP addresses and getting through the default gateway just fine. It's almost like it's taking an unusual amount of time for them to get IP's and that is causing the error.
0
 
LVL 34

Accepted Solution

by:
Paul MacDonald earned 2000 total points
ID: 37025677
Is there a compelling reason not to go back to using a Windows server (even the previous one) as a DHCP server?  It may be your router isn't up to the task or is too busy handling other traffic.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 1

Author Comment

by:Vontech615
ID: 37025699
Not necessarily but I figured being that the router, a Sonicwall NSA 2400 would be more apt for the task of DHCP since it probably has a beefier processer and or RAM than our older Dell PowerEdge server?  I dunno though.
0
 
LVL 12

Expert Comment

by:Gary Coltharp
ID: 37025739
Never let a router handle DHCP in a domain environment.
0
 
LVL 34

Expert Comment

by:Paul MacDonald
ID: 37025751
I can't say.  Looking at their product page, they don't note the DHCP feature at all so it must not be a strong selling point.  

DHCP isn't exactly a huge overhead, so I'm surprised you're having trouble as well.  Can you find out if you're running the most recent firmware on the router?  
0
 
LVL 1

Author Comment

by:Vontech615
ID: 37025958
I'm wondering if it's a DHCP problem or if somehow the computers are still trying to receive IP addresses from the older server?  The DHCP service on the old server is not enabled though.
0
 
LVL 34

Expert Comment

by:Paul MacDonald
ID: 37025979
No, the clients broadcast for a DHCP server so they don't know or care who responds.  All other things being equal, this looks like a problem with the new router.  Whether or not it's working normally, I can't say.
0
 
LVL 11

Expert Comment

by:Ackles
ID: 37025981
I would suggest the following:
1) Download kerbtray.exe from microsoft site & run it to see if your kerbros is fine.
2) To isolate DHCP give static IP on one of the computers & have a look.

I am sure your kerbros will fail, but you can run kerbtray again after giving static IP to see if it resolves the issue.

Rest after you post these results.

A
0
 
LVL 1

Author Comment

by:Vontech615
ID: 37026159
Ackles can you explain this tool in some detail to me and how it pertains to this issue.  I'm somewhat familiar with Kerberos but only through reading not from experieince.  Thanks for your help.
0
 
LVL 11

Expert Comment

by:Ackles
ID: 37026303
See group policy depends on many factors, DNS, Time Sync, Kerberos, Site, Domain, OU....
In your case kerberos is definitely failing if you not getting netlogon, as you mentioned, it looks like DHCP issue, if you give static IP that will be ruled out.

Once it's ruled out & if kerbtray gives you green symbol, you have ruled out all the Authentication issues. Then it will be easy to troubleshoot.

If you open command prompt & run "Set" you are actually supposed to see everything required to get you ticket from DC, however XP onwards set command just lies you on the face.... so the only way to see is kerbtray.

Let me know if you need further info.

A
0
 
LVL 1

Author Comment

by:Vontech615
ID: 37026342
Ok I set a Static IP address and ran Kerbtray.exe and the tray icon is green and I don't see any signs of error.  I'm assuming that means that authentication is succesful.
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 37026344
The sonicwall must hand out ONLY the SBS's IP as a valid DNS server. If it assigns the router or an ISP, even as an alternate, you will have name resolution problems, slow logons, and failed GP.
The SBS really should be your DHCP server. It is such a small service it will not tax the server at all. You should read the following:
http://sbs.seandaniel.com/2008/10/do-i-absolutely-have-to-run-dhcp-on-sbs.html
0
 
LVL 1

Author Comment

by:Vontech615
ID: 37026358
Actually, scratch that.  I closed it down and reopened and it says "no network credentials".
0
 
LVL 11

Expert Comment

by:Ackles
ID: 37026395
I am lost, are you seeing a Green Ticket on Kerbtray or just three symbols of keys? or what exactly?
0
 
LVL 1

Author Comment

by:Vontech615
ID: 37026418
Ok.. disregard last post.. it is definitely showing green.  I think what we are going to do is just assign DHCP service back to the SBS.  
0
 
LVL 11

Expert Comment

by:Ackles
ID: 37026428
Yes, now you can & try if the kerbtray is giving you green ticket then DHCP is fine.
0
 
LVL 34

Expert Comment

by:Paul MacDonald
ID: 37026429
Please be sure to test that solves the problem.
0
 
LVL 1

Author Comment

by:Vontech615
ID: 37026434
I will post back here after we make the change.  Thanks for all the replies.
0
 
LVL 1

Author Closing Comment

by:Vontech615
ID: 37062222
We gave the task of DHCP back to the server and the problem is fixed.
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
Web hosting control panels were first developed to make it faster and easier for most users to set up and operate websites. The graphical user interface (GUI) allows users to perform tasks by pointing and clicking rather than typing highly specific…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question