Solved

Server 2012 problems logging in

Posted on 2014-04-01
13
294 Views
Last Modified: 2014-04-22
We're having some problems with one of our servers. Some of the apps on it aren't running. Spice works, Trend etc. When loggining into it it takes 10 Plus min. I believe the problem hs something to do with the below GP errors but cannot find a solution to the problem. DNS seems fine it resolves server names etc

Event ID 1054
the processing of group policy failed windows could not obtain the name of a domain controller

and
the processing of group policy failed windows could not resolve the user name

Event ID 1053
0
Comment
Question by:Axis52401
  • 6
  • 5
  • 2
13 Comments
 
LVL 29

Expert Comment

by:becraig
ID: 39970903
Are all these servers in the same forest ?
If so take a look at:
Explanation

A network connectivity or configuration problem exists. Group Policy settings cannot be applied until the problem is fixed.
   
User Action

To troubleshoot the network connectivity or configuration problem, try one or all of the following:

    In Event Viewer, click System, and check for any networking-related messages, such as Netlogon messages, that indicate a network connectivity issue.
    At the command prompt, type netdiag, and note any errors. Those errors usually have to be resolved before Group Policy processing can continue.
    At the command prompt, type gpupdate, and then check Event Viewer to see if the Userenv 1053 event is logged again.
    To verify that the domain controller can be contacted through Domain Name System (DNS), try to access \\mydomain.com\sysvol\mydomain.com, where mydomain.com is the fully qualified DNS name of your domain.
    Verify that you can access the domain controller by using tools such as the Active Directory Users and Computers snap-in.
    Check to see whether other computers on your network are having the same problem.
    If this computer is a part of a cross-forest domain, verify that the forest for the user account is currently available and can be contacted by the computer on which the Group Policy processing failed.


Reprinted from
http://www.microsoft.com/technet/support/ee/transform.aspx?ProdName=Windows+Operating+System&ProdVer=5.2&EvtID=1053&EvtSrc=Userenv&LCID=1033
0
 
LVL 7

Expert Comment

by:Delete
ID: 39970905
Have you validated that your DNS settings are pointing to a functioning Domain Controller?  

Have you also validated that your system can talk to your Domain Controllers?

What happens when you do a gpupdate /force?

If after doing the gpupdate /force validate group policy is working properly by checking that the last Group Policy event in the System log is one of the below EventID's.

1500
1501
1502
1503
0
 
LVL 2

Author Comment

by:Axis52401
ID: 39970919
Yes all the same forest and even running on VMware on the same physical server.

Netdiag says command not recognized.
  I've tried GPUPDATE /force and get the same errors after about 10 min

No other computers are having the problem.

How do I validate the DNS server is pointing to a functioning DC beyond having it set statically in the adapter setting?

I can ping the DC by servername and IP
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 7

Expert Comment

by:Delete
ID: 39970923
You can do an nslookup on your domain name to each DNS server and make sure you are getting a quick response.  Make sure to do the lookup against each DNS server you have listed in your client DNS settings.

You can also test that you can successfully make an LDAP call to your DC's by remotely connecting to them using ADUC or LDP.exe.
0
 
LVL 2

Author Comment

by:Axis52401
ID: 39970927
NSlookup gives me
Default Server: DCservername.mydomain.etc
10.0.0.3

Seems correct as that is the DC

I'm not famaliar with LDP.exe

I googled it and found the below but when i try it I get Windows cannot find LDP



    Click Start and then click Run. In the Run dialog box, type ldp and then click OK.

    In Ldp.exe, click Connection and then click Connect.

    In the Connect dialog box, in the Server box, type the fully qualified domain name (FQDN) of your global catalog server (for example, gcserver.contoso.com) and then click OK.

    Click Connection and then click Bind.

    In the Bind dialog box, select Bind as currently logged on user and then click OK.

    Click View and then click Tree.

    In the Tree View dialog box, click OK.

    Verify that your Active Directory containers appear in the left pane of the Ldp.exe window.
0
 
LVL 29

Expert Comment

by:becraig
ID: 39970928
you can also look at using portqry to verify connectivity issues:

The link below will give you several scenarios.

http://support.microsoft.com/kb/816103
0
 
LVL 2

Author Comment

by:Axis52401
ID: 39970934
When I use portqry I get its not recognized as a command
0
 
LVL 7

Expert Comment

by:Delete
ID: 39970937
In nslookup do the following for each DNS IP you have configured.

>Server EnterDNS_IP
>set q=ns
>mydomain.com

Don't worry about LDP, if you have Remote Server Administration Tools installed then open ADUC and make sure you can connect to each DC.

If you don't have RSAT then you can download them here:
http://www.microsoft.com/en-us/download/details.aspx?id=39296
0
 
LVL 7

Expert Comment

by:Delete
ID: 39970946
Another question....is the time correctly synchronized on the server that is having issues?  It can't be more than 5 minutes off from your Domain Controllers.
0
 
LVL 2

Author Comment

by:Axis52401
ID: 39970950
Yes, the time is the same on both

I ran that
In nslookup do the following for each DNS IP you have configured.

>Server EnterDNS_IP
>set q=ns
>mydomain.com
0
 
LVL 2

Author Comment

by:Axis52401
ID: 39970953
I cant get to http://www.microsoft.com/en-us/download/details.aspx?id=39296 or any site on this server. I can ping google and other sites but none of them connect
0
 
LVL 7

Accepted Solution

by:
Delete earned 500 total points
ID: 39971164
This appears to be a DNS issue.  Now we just have to figure out if it is the DNS service itself or network/OS issues not allowing the successful resolution of DNS.

Here are several questions that will help to further troubleshoot.

1.  The server having the issue, did it work previously or has it never worked?
2.  Are there other servers working without issue?
2a. If so are they on the same subnet?
3.  Are you able to browse the internet from your Domain Controller(s)?
4.  Does the server that is having the issue have any new software installed?
5.  Does the problem server have AV/HIPS installed?
6.  Can you paste this IP into your browser and see if it takes you to a website: http://74.125.193.105/
7.  Is the Windows Firewall on?
0
 
LVL 2

Author Comment

by:Axis52401
ID: 39971998
!. yes it worked before
2. No
3  yes
4 No
5 It Hosts the Trend Micro server but doesn't have the client itself installed
6 that brings up google
7. no
0

Featured Post

Simple, centralized multimedia control

Watch and learn to see how ATEN provided an easy and effective way for three jointly-owned pubs to control the 60 televisions located across their three venues utilizing the ATEN Control System, Modular Matrix Switch and HDBaseT extenders.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I don't know if many of you have made the great mistake of using the Cisco Thin Client model with the management software VXC. If you have then you are probably more then familiar with the incredibly clunky interface, the numerous work arounds, and …
Are you one of those front-line IT Service Desk staff fielding calls, replying to emails, all-the-while working to resolve end-user technological nightmares? I am! That's why I have put together this brief overview of tools and techniques I use in o…
In this Micro Tutorial viewers will learn how they can get their files copied out from their unbootable system without need to use recovery services. As an example non-bootable Windows 2012R2 installation is used which has boot problems.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question