Solved

Server 2012 problems logging in

Posted on 2014-04-01
13
292 Views
Last Modified: 2014-04-22
We're having some problems with one of our servers. Some of the apps on it aren't running. Spice works, Trend etc. When loggining into it it takes 10 Plus min. I believe the problem hs something to do with the below GP errors but cannot find a solution to the problem. DNS seems fine it resolves server names etc

Event ID 1054
the processing of group policy failed windows could not obtain the name of a domain controller

and
the processing of group policy failed windows could not resolve the user name

Event ID 1053
0
Comment
Question by:Axis52401
  • 6
  • 5
  • 2
13 Comments
 
LVL 29

Expert Comment

by:becraig
ID: 39970903
Are all these servers in the same forest ?
If so take a look at:
Explanation

A network connectivity or configuration problem exists. Group Policy settings cannot be applied until the problem is fixed.
   
User Action

To troubleshoot the network connectivity or configuration problem, try one or all of the following:

    In Event Viewer, click System, and check for any networking-related messages, such as Netlogon messages, that indicate a network connectivity issue.
    At the command prompt, type netdiag, and note any errors. Those errors usually have to be resolved before Group Policy processing can continue.
    At the command prompt, type gpupdate, and then check Event Viewer to see if the Userenv 1053 event is logged again.
    To verify that the domain controller can be contacted through Domain Name System (DNS), try to access \\mydomain.com\sysvol\mydomain.com, where mydomain.com is the fully qualified DNS name of your domain.
    Verify that you can access the domain controller by using tools such as the Active Directory Users and Computers snap-in.
    Check to see whether other computers on your network are having the same problem.
    If this computer is a part of a cross-forest domain, verify that the forest for the user account is currently available and can be contacted by the computer on which the Group Policy processing failed.


Reprinted from
http://www.microsoft.com/technet/support/ee/transform.aspx?ProdName=Windows+Operating+System&ProdVer=5.2&EvtID=1053&EvtSrc=Userenv&LCID=1033
0
 
LVL 7

Expert Comment

by:Delete
ID: 39970905
Have you validated that your DNS settings are pointing to a functioning Domain Controller?  

Have you also validated that your system can talk to your Domain Controllers?

What happens when you do a gpupdate /force?

If after doing the gpupdate /force validate group policy is working properly by checking that the last Group Policy event in the System log is one of the below EventID's.

1500
1501
1502
1503
0
 
LVL 2

Author Comment

by:Axis52401
ID: 39970919
Yes all the same forest and even running on VMware on the same physical server.

Netdiag says command not recognized.
  I've tried GPUPDATE /force and get the same errors after about 10 min

No other computers are having the problem.

How do I validate the DNS server is pointing to a functioning DC beyond having it set statically in the adapter setting?

I can ping the DC by servername and IP
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 7

Expert Comment

by:Delete
ID: 39970923
You can do an nslookup on your domain name to each DNS server and make sure you are getting a quick response.  Make sure to do the lookup against each DNS server you have listed in your client DNS settings.

You can also test that you can successfully make an LDAP call to your DC's by remotely connecting to them using ADUC or LDP.exe.
0
 
LVL 2

Author Comment

by:Axis52401
ID: 39970927
NSlookup gives me
Default Server: DCservername.mydomain.etc
10.0.0.3

Seems correct as that is the DC

I'm not famaliar with LDP.exe

I googled it and found the below but when i try it I get Windows cannot find LDP



    Click Start and then click Run. In the Run dialog box, type ldp and then click OK.

    In Ldp.exe, click Connection and then click Connect.

    In the Connect dialog box, in the Server box, type the fully qualified domain name (FQDN) of your global catalog server (for example, gcserver.contoso.com) and then click OK.

    Click Connection and then click Bind.

    In the Bind dialog box, select Bind as currently logged on user and then click OK.

    Click View and then click Tree.

    In the Tree View dialog box, click OK.

    Verify that your Active Directory containers appear in the left pane of the Ldp.exe window.
0
 
LVL 29

Expert Comment

by:becraig
ID: 39970928
you can also look at using portqry to verify connectivity issues:

The link below will give you several scenarios.

http://support.microsoft.com/kb/816103
0
 
LVL 2

Author Comment

by:Axis52401
ID: 39970934
When I use portqry I get its not recognized as a command
0
 
LVL 7

Expert Comment

by:Delete
ID: 39970937
In nslookup do the following for each DNS IP you have configured.

>Server EnterDNS_IP
>set q=ns
>mydomain.com

Don't worry about LDP, if you have Remote Server Administration Tools installed then open ADUC and make sure you can connect to each DC.

If you don't have RSAT then you can download them here:
http://www.microsoft.com/en-us/download/details.aspx?id=39296
0
 
LVL 7

Expert Comment

by:Delete
ID: 39970946
Another question....is the time correctly synchronized on the server that is having issues?  It can't be more than 5 minutes off from your Domain Controllers.
0
 
LVL 2

Author Comment

by:Axis52401
ID: 39970950
Yes, the time is the same on both

I ran that
In nslookup do the following for each DNS IP you have configured.

>Server EnterDNS_IP
>set q=ns
>mydomain.com
0
 
LVL 2

Author Comment

by:Axis52401
ID: 39970953
I cant get to http://www.microsoft.com/en-us/download/details.aspx?id=39296 or any site on this server. I can ping google and other sites but none of them connect
0
 
LVL 7

Accepted Solution

by:
Delete earned 500 total points
ID: 39971164
This appears to be a DNS issue.  Now we just have to figure out if it is the DNS service itself or network/OS issues not allowing the successful resolution of DNS.

Here are several questions that will help to further troubleshoot.

1.  The server having the issue, did it work previously or has it never worked?
2.  Are there other servers working without issue?
2a. If so are they on the same subnet?
3.  Are you able to browse the internet from your Domain Controller(s)?
4.  Does the server that is having the issue have any new software installed?
5.  Does the problem server have AV/HIPS installed?
6.  Can you paste this IP into your browser and see if it takes you to a website: http://74.125.193.105/
7.  Is the Windows Firewall on?
0
 
LVL 2

Author Comment

by:Axis52401
ID: 39971998
!. yes it worked before
2. No
3  yes
4 No
5 It Hosts the Trend Micro server but doesn't have the client itself installed
6 that brings up google
7. no
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
domain controllers numbers 4 76
Cannot create a homegroup on my computer 7 21
Password recovery software 4 26
Need help on Windows Firewall blocking program 7 30
What to do when Windows Update is not working correctly? What tools can I use to detect the cause of the malfunction problem? What does this numeric error code mean? These and other questions that you have been asking in the past are answered here (…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
In this Micro Tutorial viewers will learn how to use Windows Server Backup to create full image of their system. Tutorial shows how to install Windows Server Backup Feature on Windows 2012R2 and how to configure scheduled Bare Metal Recovery backup.…
In this Micro Tutorial viewers will learn how to restore their server from Bare Metal Backup image created with Windows Server Backup feature. As an example Windows 2012R2 is used.

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question