• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 305
  • Last Modified:

Server 2012 problems logging in

We're having some problems with one of our servers. Some of the apps on it aren't running. Spice works, Trend etc. When loggining into it it takes 10 Plus min. I believe the problem hs something to do with the below GP errors but cannot find a solution to the problem. DNS seems fine it resolves server names etc

Event ID 1054
the processing of group policy failed windows could not obtain the name of a domain controller

and
the processing of group policy failed windows could not resolve the user name

Event ID 1053
0
Axis52401
Asked:
Axis52401
  • 6
  • 5
  • 2
1 Solution
 
becraigCommented:
Are all these servers in the same forest ?
If so take a look at:
Explanation

A network connectivity or configuration problem exists. Group Policy settings cannot be applied until the problem is fixed.
   
User Action

To troubleshoot the network connectivity or configuration problem, try one or all of the following:

    In Event Viewer, click System, and check for any networking-related messages, such as Netlogon messages, that indicate a network connectivity issue.
    At the command prompt, type netdiag, and note any errors. Those errors usually have to be resolved before Group Policy processing can continue.
    At the command prompt, type gpupdate, and then check Event Viewer to see if the Userenv 1053 event is logged again.
    To verify that the domain controller can be contacted through Domain Name System (DNS), try to access \\mydomain.com\sysvol\mydomain.com, where mydomain.com is the fully qualified DNS name of your domain.
    Verify that you can access the domain controller by using tools such as the Active Directory Users and Computers snap-in.
    Check to see whether other computers on your network are having the same problem.
    If this computer is a part of a cross-forest domain, verify that the forest for the user account is currently available and can be contacted by the computer on which the Group Policy processing failed.


Reprinted from
http://www.microsoft.com/technet/support/ee/transform.aspx?ProdName=Windows+Operating+System&ProdVer=5.2&EvtID=1053&EvtSrc=Userenv&LCID=1033
0
 
DeleteCommented:
Have you validated that your DNS settings are pointing to a functioning Domain Controller?  

Have you also validated that your system can talk to your Domain Controllers?

What happens when you do a gpupdate /force?

If after doing the gpupdate /force validate group policy is working properly by checking that the last Group Policy event in the System log is one of the below EventID's.

1500
1501
1502
1503
0
 
Axis52401Security AnalystAuthor Commented:
Yes all the same forest and even running on VMware on the same physical server.

Netdiag says command not recognized.
  I've tried GPUPDATE /force and get the same errors after about 10 min

No other computers are having the problem.

How do I validate the DNS server is pointing to a functioning DC beyond having it set statically in the adapter setting?

I can ping the DC by servername and IP
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
DeleteCommented:
You can do an nslookup on your domain name to each DNS server and make sure you are getting a quick response.  Make sure to do the lookup against each DNS server you have listed in your client DNS settings.

You can also test that you can successfully make an LDAP call to your DC's by remotely connecting to them using ADUC or LDP.exe.
0
 
Axis52401Security AnalystAuthor Commented:
NSlookup gives me
Default Server: DCservername.mydomain.etc
10.0.0.3

Seems correct as that is the DC

I'm not famaliar with LDP.exe

I googled it and found the below but when i try it I get Windows cannot find LDP



    Click Start and then click Run. In the Run dialog box, type ldp and then click OK.

    In Ldp.exe, click Connection and then click Connect.

    In the Connect dialog box, in the Server box, type the fully qualified domain name (FQDN) of your global catalog server (for example, gcserver.contoso.com) and then click OK.

    Click Connection and then click Bind.

    In the Bind dialog box, select Bind as currently logged on user and then click OK.

    Click View and then click Tree.

    In the Tree View dialog box, click OK.

    Verify that your Active Directory containers appear in the left pane of the Ldp.exe window.
0
 
becraigCommented:
you can also look at using portqry to verify connectivity issues:

The link below will give you several scenarios.

http://support.microsoft.com/kb/816103
0
 
Axis52401Security AnalystAuthor Commented:
When I use portqry I get its not recognized as a command
0
 
DeleteCommented:
In nslookup do the following for each DNS IP you have configured.

>Server EnterDNS_IP
>set q=ns
>mydomain.com

Don't worry about LDP, if you have Remote Server Administration Tools installed then open ADUC and make sure you can connect to each DC.

If you don't have RSAT then you can download them here:
http://www.microsoft.com/en-us/download/details.aspx?id=39296
0
 
DeleteCommented:
Another question....is the time correctly synchronized on the server that is having issues?  It can't be more than 5 minutes off from your Domain Controllers.
0
 
Axis52401Security AnalystAuthor Commented:
Yes, the time is the same on both

I ran that
In nslookup do the following for each DNS IP you have configured.

>Server EnterDNS_IP
>set q=ns
>mydomain.com
0
 
Axis52401Security AnalystAuthor Commented:
I cant get to http://www.microsoft.com/en-us/download/details.aspx?id=39296 or any site on this server. I can ping google and other sites but none of them connect
0
 
DeleteCommented:
This appears to be a DNS issue.  Now we just have to figure out if it is the DNS service itself or network/OS issues not allowing the successful resolution of DNS.

Here are several questions that will help to further troubleshoot.

1.  The server having the issue, did it work previously or has it never worked?
2.  Are there other servers working without issue?
2a. If so are they on the same subnet?
3.  Are you able to browse the internet from your Domain Controller(s)?
4.  Does the server that is having the issue have any new software installed?
5.  Does the problem server have AV/HIPS installed?
6.  Can you paste this IP into your browser and see if it takes you to a website: http://74.125.193.105/
7.  Is the Windows Firewall on?
0
 
Axis52401Security AnalystAuthor Commented:
!. yes it worked before
2. No
3  yes
4 No
5 It Hosts the Trend Micro server but doesn't have the client itself installed
6 that brings up google
7. no
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

  • 6
  • 5
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now