Solved

Server 2012 problems logging in

Posted on 2014-04-01
13
288 Views
Last Modified: 2014-04-22
We're having some problems with one of our servers. Some of the apps on it aren't running. Spice works, Trend etc. When loggining into it it takes 10 Plus min. I believe the problem hs something to do with the below GP errors but cannot find a solution to the problem. DNS seems fine it resolves server names etc

Event ID 1054
the processing of group policy failed windows could not obtain the name of a domain controller

and
the processing of group policy failed windows could not resolve the user name

Event ID 1053
0
Comment
Question by:Axis52401
  • 6
  • 5
  • 2
13 Comments
 
LVL 28

Expert Comment

by:becraig
Comment Utility
Are all these servers in the same forest ?
If so take a look at:
Explanation

A network connectivity or configuration problem exists. Group Policy settings cannot be applied until the problem is fixed.
   
User Action

To troubleshoot the network connectivity or configuration problem, try one or all of the following:

    In Event Viewer, click System, and check for any networking-related messages, such as Netlogon messages, that indicate a network connectivity issue.
    At the command prompt, type netdiag, and note any errors. Those errors usually have to be resolved before Group Policy processing can continue.
    At the command prompt, type gpupdate, and then check Event Viewer to see if the Userenv 1053 event is logged again.
    To verify that the domain controller can be contacted through Domain Name System (DNS), try to access \\mydomain.com\sysvol\mydomain.com, where mydomain.com is the fully qualified DNS name of your domain.
    Verify that you can access the domain controller by using tools such as the Active Directory Users and Computers snap-in.
    Check to see whether other computers on your network are having the same problem.
    If this computer is a part of a cross-forest domain, verify that the forest for the user account is currently available and can be contacted by the computer on which the Group Policy processing failed.


Reprinted from
http://www.microsoft.com/technet/support/ee/transform.aspx?ProdName=Windows+Operating+System&ProdVer=5.2&EvtID=1053&EvtSrc=Userenv&LCID=1033
0
 
LVL 7

Expert Comment

by:Delete
Comment Utility
Have you validated that your DNS settings are pointing to a functioning Domain Controller?  

Have you also validated that your system can talk to your Domain Controllers?

What happens when you do a gpupdate /force?

If after doing the gpupdate /force validate group policy is working properly by checking that the last Group Policy event in the System log is one of the below EventID's.

1500
1501
1502
1503
0
 
LVL 2

Author Comment

by:Axis52401
Comment Utility
Yes all the same forest and even running on VMware on the same physical server.

Netdiag says command not recognized.
  I've tried GPUPDATE /force and get the same errors after about 10 min

No other computers are having the problem.

How do I validate the DNS server is pointing to a functioning DC beyond having it set statically in the adapter setting?

I can ping the DC by servername and IP
0
 
LVL 7

Expert Comment

by:Delete
Comment Utility
You can do an nslookup on your domain name to each DNS server and make sure you are getting a quick response.  Make sure to do the lookup against each DNS server you have listed in your client DNS settings.

You can also test that you can successfully make an LDAP call to your DC's by remotely connecting to them using ADUC or LDP.exe.
0
 
LVL 2

Author Comment

by:Axis52401
Comment Utility
NSlookup gives me
Default Server: DCservername.mydomain.etc
10.0.0.3

Seems correct as that is the DC

I'm not famaliar with LDP.exe

I googled it and found the below but when i try it I get Windows cannot find LDP



    Click Start and then click Run. In the Run dialog box, type ldp and then click OK.

    In Ldp.exe, click Connection and then click Connect.

    In the Connect dialog box, in the Server box, type the fully qualified domain name (FQDN) of your global catalog server (for example, gcserver.contoso.com) and then click OK.

    Click Connection and then click Bind.

    In the Bind dialog box, select Bind as currently logged on user and then click OK.

    Click View and then click Tree.

    In the Tree View dialog box, click OK.

    Verify that your Active Directory containers appear in the left pane of the Ldp.exe window.
0
 
LVL 28

Expert Comment

by:becraig
Comment Utility
you can also look at using portqry to verify connectivity issues:

The link below will give you several scenarios.

http://support.microsoft.com/kb/816103
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 2

Author Comment

by:Axis52401
Comment Utility
When I use portqry I get its not recognized as a command
0
 
LVL 7

Expert Comment

by:Delete
Comment Utility
In nslookup do the following for each DNS IP you have configured.

>Server EnterDNS_IP
>set q=ns
>mydomain.com

Don't worry about LDP, if you have Remote Server Administration Tools installed then open ADUC and make sure you can connect to each DC.

If you don't have RSAT then you can download them here:
http://www.microsoft.com/en-us/download/details.aspx?id=39296
0
 
LVL 7

Expert Comment

by:Delete
Comment Utility
Another question....is the time correctly synchronized on the server that is having issues?  It can't be more than 5 minutes off from your Domain Controllers.
0
 
LVL 2

Author Comment

by:Axis52401
Comment Utility
Yes, the time is the same on both

I ran that
In nslookup do the following for each DNS IP you have configured.

>Server EnterDNS_IP
>set q=ns
>mydomain.com
0
 
LVL 2

Author Comment

by:Axis52401
Comment Utility
I cant get to http://www.microsoft.com/en-us/download/details.aspx?id=39296 or any site on this server. I can ping google and other sites but none of them connect
0
 
LVL 7

Accepted Solution

by:
Delete earned 500 total points
Comment Utility
This appears to be a DNS issue.  Now we just have to figure out if it is the DNS service itself or network/OS issues not allowing the successful resolution of DNS.

Here are several questions that will help to further troubleshoot.

1.  The server having the issue, did it work previously or has it never worked?
2.  Are there other servers working without issue?
2a. If so are they on the same subnet?
3.  Are you able to browse the internet from your Domain Controller(s)?
4.  Does the server that is having the issue have any new software installed?
5.  Does the problem server have AV/HIPS installed?
6.  Can you paste this IP into your browser and see if it takes you to a website: http://74.125.193.105/
7.  Is the Windows Firewall on?
0
 
LVL 2

Author Comment

by:Axis52401
Comment Utility
!. yes it worked before
2. No
3  yes
4 No
5 It Hosts the Trend Micro server but doesn't have the client itself installed
6 that brings up google
7. no
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Join & Write a Comment

The article will show you how you can maintain a simple logfile of all Startup and Shutdown events on Windows servers and desktops with PowerShell. The script can be easily adapted into doing more like gracefully silencing/updating your monitoring s…
OfficeMate Freezes on login or does not load after login credentials are input.
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
In this Micro Tutorial viewers will learn how to restore single file or folder from Bare Metal backup image of their system. Tutorial shows how to restore files and folders from system backup. Often it is not needed to restore entire system when onl…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now