mannas
asked on
Windows Server 2008 R2 domain - XP machine issues
We installed a new Windows Server 2008 R2 Server last year, and changed the Domain level to 2008. Since then we have been having various issues which only affect XP machines. All Windows 7 computers are absolutely fine.
The problems:
1.) Computers when first logged into in the morning are remarkable slow and un-responsive. When you finally get to click restart, an error message appears "You do not have administrative privileges to shut down this computer". The computer would appear to get dramatically slower when Outlook is opened.
This can occur every day, or only several times a week. It will also suddenly start to work trouble free for a few weeks / months before it starts to happen again.
2.) The computer will not be able to connect to some servers. A log in box will appear but neither the user, nor the administrator can successfully log in.
The servers in which it fails to connect to could be different each time. Sometimes the User can log in successfully. Failing that, the Administrator account can usually connect, although this also doesn’t always work. On some occasions, running the logon.bat file on the computer will reconnect it to all the Servers, although again this isn’t reliable.
3.) The user cannot print every morning. The print spooler reports to be started and running problem free and no error messages appear other then the printer icon in the taskbar with a red question mark. To resolve this, you need to restart the print spooler and then click refresh on the print. This then solves the problem for the rest of the day.
This also only happens most days for several weeks before disappearing again and not causing any more grief for a few weeks/months
These are the error's we are getting on the computers event logs:
Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40960
Date: 15/02/2011
Time: 09:04:36
User: N/A
Computer: PC-07
Description:
The Security System detected an attempted downgrade attack for server cifs/server. The failure code from authentication protocol Kerberos was "There are currently no logon servers available to service the logon request.
(0xc000005e)".
Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40961
Date: 15/02/2011
Time: 09:04:30
User: N/A
Computer: PC-07
Description:
The Security System could not establish a secured connection with the server cifs/sql. No authentication protocol was available.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 5719
Date: 02/03/2011
Time: 13:27:48
User: N/A
Computer: PC-43-CAD-02
Description:
No Domain Controller is available for domain FIRE-DEFENCE due to the following:
There are currently no logon servers available to service the logon request. .
Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1054
Date: 25/10/2011
Time: 13:04:27
User: NT AUTHORITY\SYSTEM
Computer: PC-39
Description:
Windows cannot obtain the domain controller name for your computer network. (The specified component could not be found in the configuration information. ). Group Policy processing aborted.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
We have tried all sorts of different things to try and resolve this such as:
Re-installing XP
Removing the computer from the Domain and re-adding
Deleting the Users local Profile
Swapping out all internal parts
Swapping computers
Unbonding the Domain Servers network cards
Forcing the XP machines to use TCP instead of UDP authentication
Disabling any un-used Network adapters
Been through the DNS settings
There’s probably more but I can’t think of them at the moment.
I did think that perhaps when we removed the old Domain Server and installed a new one, some users may have become corrupt, but this problem has also affected users who have been added since.
Can ayone help?
The problems:
1.) Computers when first logged into in the morning are remarkable slow and un-responsive. When you finally get to click restart, an error message appears "You do not have administrative privileges to shut down this computer". The computer would appear to get dramatically slower when Outlook is opened.
This can occur every day, or only several times a week. It will also suddenly start to work trouble free for a few weeks / months before it starts to happen again.
2.) The computer will not be able to connect to some servers. A log in box will appear but neither the user, nor the administrator can successfully log in.
The servers in which it fails to connect to could be different each time. Sometimes the User can log in successfully. Failing that, the Administrator account can usually connect, although this also doesn’t always work. On some occasions, running the logon.bat file on the computer will reconnect it to all the Servers, although again this isn’t reliable.
3.) The user cannot print every morning. The print spooler reports to be started and running problem free and no error messages appear other then the printer icon in the taskbar with a red question mark. To resolve this, you need to restart the print spooler and then click refresh on the print. This then solves the problem for the rest of the day.
This also only happens most days for several weeks before disappearing again and not causing any more grief for a few weeks/months
These are the error's we are getting on the computers event logs:
Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40960
Date: 15/02/2011
Time: 09:04:36
User: N/A
Computer: PC-07
Description:
The Security System detected an attempted downgrade attack for server cifs/server. The failure code from authentication protocol Kerberos was "There are currently no logon servers available to service the logon request.
(0xc000005e)".
Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40961
Date: 15/02/2011
Time: 09:04:30
User: N/A
Computer: PC-07
Description:
The Security System could not establish a secured connection with the server cifs/sql. No authentication protocol was available.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 5719
Date: 02/03/2011
Time: 13:27:48
User: N/A
Computer: PC-43-CAD-02
Description:
No Domain Controller is available for domain FIRE-DEFENCE due to the following:
There are currently no logon servers available to service the logon request. .
Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1054
Date: 25/10/2011
Time: 13:04:27
User: NT AUTHORITY\SYSTEM
Computer: PC-39
Description:
Windows cannot obtain the domain controller name for your computer network. (The specified component could not be found in the configuration information. ). Group Policy processing aborted.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
We have tried all sorts of different things to try and resolve this such as:
Re-installing XP
Removing the computer from the Domain and re-adding
Deleting the Users local Profile
Swapping out all internal parts
Swapping computers
Unbonding the Domain Servers network cards
Forcing the XP machines to use TCP instead of UDP authentication
Disabling any un-used Network adapters
Been through the DNS settings
There’s probably more but I can’t think of them at the moment.
I did think that perhaps when we removed the old Domain Server and installed a new one, some users may have become corrupt, but this problem has also affected users who have been added since.
Can ayone help?
Most likely to fix the current problem you will need to do a secure channel reset
http://technet.microsoft.com/en-us/library/cc788073(WS.10).aspx
http://technet.microsoft.com/en-us/library/cc788073(WS.10).aspx
ASKER
Hi dariusg, I have attached the results of dcdiag to this comment. Can you have a look? dcdiag.txt
Looks good
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
We cannot figure what is causing the problem, so have asked an IT support company to help.
Check the TCP\IP configuration on clients they should only be pointing to Domain Controllers for DNS here.
The DCs should only be pointing to other DCs for DNS as well.
Make sure only one NIC is enabled on DC.