Netlogon Doesn't Start
Windows 2008R2 server.
When rebooted, Netlogon does not start. This obviously causes all sorts of grief!
Neither does Windows Time Service. If I start both manually, everything seems good.
But I need Netlogon to start automatically!
When rebooted, Netlogon does not start. This obviously causes all sorts of grief!
Neither does Windows Time Service. If I start both manually, everything seems good.
But I need Netlogon to start automatically!
Hi doug, can you check Event Viewer for errors and post back the event id's so we can help you.
Thanks
Ruben
Thanks
Ruben
ASKER
I don't see any Netlogon errors. (under System, which I guess is where they would be).
I do see Group Policy errors if that helps.
This is happening after at least the last three restarts, so I can't say if it's every time, but the server is well booted up, with Desktop available, and no "please wait, spinning circle thing".
I do see Group Policy errors if that helps.
This is happening after at least the last three restarts, so I can't say if it's every time, but the server is well booted up, with Desktop available, and no "please wait, spinning circle thing".
Ok, if you could post about any error that you find in Event Viewer would be helpful.
Also you could check if both services are programmed to start automatically, i know is set that way by default, but since no error are present and you coul manually start the services with no error, may worth to check
Ruben
Also you could check if both services are programmed to start automatically, i know is set that way by default, but since no error are present and you coul manually start the services with no error, may worth to check
Ruben
ASKER
Last night, Netlogon stopped for whatever reason. To get people back in business, we needed to restart Netlogon.
There are some errors about the Time Service (error code 46): The time service encountered an error and was forced to shut down. The error was: 0x80070700: An attempt was made to logon, but the network logon service was not started.
Also ADWS: Code 1005. Active Directory Web Services could not change its advertising state. The Netlogon service might not be running. Restart Netlogon and then restart Active Directory Web Services.
group Policy: 1055. The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
Lots of Group Policy 1058: The processing of Group Policy failed. Windows attempted to read the file \\rpd\sysvol\rpd\Policies\
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
DHCP error 1059: The DHCP service failed to see a directory server for authorization.
Terminal Services Code: 1067. The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted.
Group Policy 1110: The processing of Group Policy failed. Windows could not determine if the user and computer accounts are in the same forest. Ensure the user domain name matches the name of a trusted domain that resides in the same forest as the computer account.
AD Code 1126: Active Directory Domain Services was unable to establish a connection with the global catalog.
Additional Data
Error value:
1792 An attempt was made to logon, but the network logon service was not started.
Internal ID:
3200e25
Code 7001: The DFS Namespace service depends on the Server service which failed to start because of the following error:
After starting, the service hung in a start-pending state.
Code 7022: The Server service hung on starting.
Code 7023: The Windows Time service terminated with the following error:
An attempt was made to logon, but the network logon service was not started.
Code 7030: The Netlogon service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Wow, that Code 7030 looks REAL weird.
Would appreciate any help!
There are some errors about the Time Service (error code 46): The time service encountered an error and was forced to shut down. The error was: 0x80070700: An attempt was made to logon, but the network logon service was not started.
Also ADWS: Code 1005. Active Directory Web Services could not change its advertising state. The Netlogon service might not be running. Restart Netlogon and then restart Active Directory Web Services.
group Policy: 1055. The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
Lots of Group Policy 1058: The processing of Group Policy failed. Windows attempted to read the file \\rpd\sysvol\rpd\Policies\
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
DHCP error 1059: The DHCP service failed to see a directory server for authorization.
Terminal Services Code: 1067. The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted.
Group Policy 1110: The processing of Group Policy failed. Windows could not determine if the user and computer accounts are in the same forest. Ensure the user domain name matches the name of a trusted domain that resides in the same forest as the computer account.
AD Code 1126: Active Directory Domain Services was unable to establish a connection with the global catalog.
Additional Data
Error value:
1792 An attempt was made to logon, but the network logon service was not started.
Internal ID:
3200e25
Code 7001: The DFS Namespace service depends on the Server service which failed to start because of the following error:
After starting, the service hung in a start-pending state.
Code 7022: The Server service hung on starting.
Code 7023: The Windows Time service terminated with the following error:
An attempt was made to logon, but the network logon service was not started.
Code 7030: The Netlogon service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Wow, that Code 7030 looks REAL weird.
Would appreciate any help!
Hi, this is the solution offered by Microsoft, hopes this is your case:
http://technet.microsoft.com/en-us/library/cc756339(v=ws.10).aspx
Resolve
Change the interact with desktop setting
This error occurs if the service has been configured to allow the service to interact with the desktop. Interactive services can display a user interface and receive user input. If you allow the service to interact with the desktop, any information that the service displays on the desktop will also be displayed on an interactive user's desktop. A malicious user could then take control of the service or attack it from the interactive desktop. In Windows Vista and Windows Server 2008, support for interactive services has been removed to mitigate this security risk; therefore, this error will be generated by any service configured as an interactive service. To resolve this issue, change the interact with desktop setting for the service.
To perform this procedure, you must have membership in Administrators, or you must have been delegated the appropriate authority.
To change the interact with desktop setting:
Open the Services snap-in by clicking the Start button, Control Panel, and Administrative Tools, then double-clicking Services.
Note: For Windows Vista, use the Classic View display option in Control Panel to see the Administration Tools.
In the details pane of the Services snap-in, right-click on the name of the service you want to start and select Properties.
Click the Log On tab and clear the Allow service to interact with desktop checkbox.
Click OK.
Verify
To perform this procedure, you must have membership in Administrators, or you must have been delegated the appropriate authority.
To verify the state in which a service is operating:
Click the Start button, Run, then type cmd to open a command prompt.
Type sc interrogate service_name (where service_name is the name of the service) at the command prompt to update the status of that service in Service Control Manager.
Type sc qc service_name at the command prompt to display the configuration status of the service.
Type sc queryex service_name at the command prompt to display the extended status of the service. This command will provide the following information about a service: SERVICE_NAME (the service's registry subkey name), TYPE (the type of service, for example, shared process, interactive), STATE (for example, running, paused, and the states that are not available), WIN32_EXIT_CODE (the Windows exit error code), SERVICE_EXIT_CODE (the service exit code), CHECKPOINT, WAIT_HINT (the time period the SCM waits before reporting a service failure), PID (ID of the process running the service), and FLAGS. If the service was started successfully, the WIN32_EXIT_CODE field should contain a zero (0). If the service failed to start when an attempt was made, this field should contain an exit code provided by the service when it could not start.
Type net helpmsg exit_code (where exit_code is the 4 digit number of the error code) at the command prompt to display the meaning of the exit code.
For more information about the sc command, see SC Command Reference Help (http://go.microsoft.com/fwlink/?LinkID=84961). For more information about the net helpmsg command, see http://go.microsoft.com/fwlink/?LinkId=105087.
Ruben
http://technet.microsoft.com/en-us/library/cc756339(v=ws.10).aspx
Resolve
Change the interact with desktop setting
This error occurs if the service has been configured to allow the service to interact with the desktop. Interactive services can display a user interface and receive user input. If you allow the service to interact with the desktop, any information that the service displays on the desktop will also be displayed on an interactive user's desktop. A malicious user could then take control of the service or attack it from the interactive desktop. In Windows Vista and Windows Server 2008, support for interactive services has been removed to mitigate this security risk; therefore, this error will be generated by any service configured as an interactive service. To resolve this issue, change the interact with desktop setting for the service.
To perform this procedure, you must have membership in Administrators, or you must have been delegated the appropriate authority.
To change the interact with desktop setting:
Open the Services snap-in by clicking the Start button, Control Panel, and Administrative Tools, then double-clicking Services.
Note: For Windows Vista, use the Classic View display option in Control Panel to see the Administration Tools.
In the details pane of the Services snap-in, right-click on the name of the service you want to start and select Properties.
Click the Log On tab and clear the Allow service to interact with desktop checkbox.
Click OK.
Verify
To perform this procedure, you must have membership in Administrators, or you must have been delegated the appropriate authority.
To verify the state in which a service is operating:
Click the Start button, Run, then type cmd to open a command prompt.
Type sc interrogate service_name (where service_name is the name of the service) at the command prompt to update the status of that service in Service Control Manager.
Type sc qc service_name at the command prompt to display the configuration status of the service.
Type sc queryex service_name at the command prompt to display the extended status of the service. This command will provide the following information about a service: SERVICE_NAME (the service's registry subkey name), TYPE (the type of service, for example, shared process, interactive), STATE (for example, running, paused, and the states that are not available), WIN32_EXIT_CODE (the Windows exit error code), SERVICE_EXIT_CODE (the service exit code), CHECKPOINT, WAIT_HINT (the time period the SCM waits before reporting a service failure), PID (ID of the process running the service), and FLAGS. If the service was started successfully, the WIN32_EXIT_CODE field should contain a zero (0). If the service failed to start when an attempt was made, this field should contain an exit code provided by the service when it could not start.
Type net helpmsg exit_code (where exit_code is the 4 digit number of the error code) at the command prompt to display the meaning of the exit code.
For more information about the sc command, see SC Command Reference Help (http://go.microsoft.com/fwlink/?LinkID=84961). For more information about the net helpmsg command, see http://go.microsoft.com/fwlink/?LinkId=105087.
Ruben
ASKER
Hey Ruben,
the "interact with desktop" flag was already cleared.
I have another server and ran the "sc" commands on both, they both return similar information, except the "sc qc netlogon". On a server that is not having this issue, the dependencies are listed as "lanmanWorkstation". On the server having the issue, the dependencies are "LanmanWorkstation" and "LanManServer".
Not sure if that helps any or what!
the "interact with desktop" flag was already cleared.
I have another server and ran the "sc" commands on both, they both return similar information, except the "sc qc netlogon". On a server that is not having this issue, the dependencies are listed as "lanmanWorkstation". On the server having the issue, the dependencies are "LanmanWorkstation" and "LanManServer".
Not sure if that helps any or what!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hey Ruben. Looks interesting,i am trying to see if it also pertains to Server 2008. I will get back to you!
ASKER
Found a document that says his does still pertain to Server 2008, so this will be the first thing I try! Thanks Ruben!
Or only after you apply updates?
I have seen this sort of thing happen after MS updates and you restart the server.
Several services fail to start they timeout.
I believe this is because of the updates are still applying themselves during restart.
I always wait a few then restart server again. All is well after that.