Solved

Server 2012 problems logging in

Posted on 2014-04-01
13
297 Views
Last Modified: 2014-04-22
We're having some problems with one of our servers. Some of the apps on it aren't running. Spice works, Trend etc. When loggining into it it takes 10 Plus min. I believe the problem hs something to do with the below GP errors but cannot find a solution to the problem. DNS seems fine it resolves server names etc

Event ID 1054
the processing of group policy failed windows could not obtain the name of a domain controller

and
the processing of group policy failed windows could not resolve the user name

Event ID 1053
0
Comment
Question by:Axis52401
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
  • 2
13 Comments
 
LVL 29

Expert Comment

by:becraig
ID: 39970903
Are all these servers in the same forest ?
If so take a look at:
Explanation

A network connectivity or configuration problem exists. Group Policy settings cannot be applied until the problem is fixed.
   
User Action

To troubleshoot the network connectivity or configuration problem, try one or all of the following:

    In Event Viewer, click System, and check for any networking-related messages, such as Netlogon messages, that indicate a network connectivity issue.
    At the command prompt, type netdiag, and note any errors. Those errors usually have to be resolved before Group Policy processing can continue.
    At the command prompt, type gpupdate, and then check Event Viewer to see if the Userenv 1053 event is logged again.
    To verify that the domain controller can be contacted through Domain Name System (DNS), try to access \\mydomain.com\sysvol\mydomain.com, where mydomain.com is the fully qualified DNS name of your domain.
    Verify that you can access the domain controller by using tools such as the Active Directory Users and Computers snap-in.
    Check to see whether other computers on your network are having the same problem.
    If this computer is a part of a cross-forest domain, verify that the forest for the user account is currently available and can be contacted by the computer on which the Group Policy processing failed.


Reprinted from
http://www.microsoft.com/technet/support/ee/transform.aspx?ProdName=Windows+Operating+System&ProdVer=5.2&EvtID=1053&EvtSrc=Userenv&LCID=1033
0
 
LVL 7

Expert Comment

by:Delete
ID: 39970905
Have you validated that your DNS settings are pointing to a functioning Domain Controller?  

Have you also validated that your system can talk to your Domain Controllers?

What happens when you do a gpupdate /force?

If after doing the gpupdate /force validate group policy is working properly by checking that the last Group Policy event in the System log is one of the below EventID's.

1500
1501
1502
1503
0
 
LVL 2

Author Comment

by:Axis52401
ID: 39970919
Yes all the same forest and even running on VMware on the same physical server.

Netdiag says command not recognized.
  I've tried GPUPDATE /force and get the same errors after about 10 min

No other computers are having the problem.

How do I validate the DNS server is pointing to a functioning DC beyond having it set statically in the adapter setting?

I can ping the DC by servername and IP
0
Free eBook: Backup on AWS

Everything you need to know about backup and disaster recovery with AWS, for FREE!

 
LVL 7

Expert Comment

by:Delete
ID: 39970923
You can do an nslookup on your domain name to each DNS server and make sure you are getting a quick response.  Make sure to do the lookup against each DNS server you have listed in your client DNS settings.

You can also test that you can successfully make an LDAP call to your DC's by remotely connecting to them using ADUC or LDP.exe.
0
 
LVL 2

Author Comment

by:Axis52401
ID: 39970927
NSlookup gives me
Default Server: DCservername.mydomain.etc
10.0.0.3

Seems correct as that is the DC

I'm not famaliar with LDP.exe

I googled it and found the below but when i try it I get Windows cannot find LDP



    Click Start and then click Run. In the Run dialog box, type ldp and then click OK.

    In Ldp.exe, click Connection and then click Connect.

    In the Connect dialog box, in the Server box, type the fully qualified domain name (FQDN) of your global catalog server (for example, gcserver.contoso.com) and then click OK.

    Click Connection and then click Bind.

    In the Bind dialog box, select Bind as currently logged on user and then click OK.

    Click View and then click Tree.

    In the Tree View dialog box, click OK.

    Verify that your Active Directory containers appear in the left pane of the Ldp.exe window.
0
 
LVL 29

Expert Comment

by:becraig
ID: 39970928
you can also look at using portqry to verify connectivity issues:

The link below will give you several scenarios.

http://support.microsoft.com/kb/816103
0
 
LVL 2

Author Comment

by:Axis52401
ID: 39970934
When I use portqry I get its not recognized as a command
0
 
LVL 7

Expert Comment

by:Delete
ID: 39970937
In nslookup do the following for each DNS IP you have configured.

>Server EnterDNS_IP
>set q=ns
>mydomain.com

Don't worry about LDP, if you have Remote Server Administration Tools installed then open ADUC and make sure you can connect to each DC.

If you don't have RSAT then you can download them here:
http://www.microsoft.com/en-us/download/details.aspx?id=39296
0
 
LVL 7

Expert Comment

by:Delete
ID: 39970946
Another question....is the time correctly synchronized on the server that is having issues?  It can't be more than 5 minutes off from your Domain Controllers.
0
 
LVL 2

Author Comment

by:Axis52401
ID: 39970950
Yes, the time is the same on both

I ran that
In nslookup do the following for each DNS IP you have configured.

>Server EnterDNS_IP
>set q=ns
>mydomain.com
0
 
LVL 2

Author Comment

by:Axis52401
ID: 39970953
I cant get to http://www.microsoft.com/en-us/download/details.aspx?id=39296 or any site on this server. I can ping google and other sites but none of them connect
0
 
LVL 7

Accepted Solution

by:
Delete earned 500 total points
ID: 39971164
This appears to be a DNS issue.  Now we just have to figure out if it is the DNS service itself or network/OS issues not allowing the successful resolution of DNS.

Here are several questions that will help to further troubleshoot.

1.  The server having the issue, did it work previously or has it never worked?
2.  Are there other servers working without issue?
2a. If so are they on the same subnet?
3.  Are you able to browse the internet from your Domain Controller(s)?
4.  Does the server that is having the issue have any new software installed?
5.  Does the problem server have AV/HIPS installed?
6.  Can you paste this IP into your browser and see if it takes you to a website: http://74.125.193.105/
7.  Is the Windows Firewall on?
0
 
LVL 2

Author Comment

by:Axis52401
ID: 39971998
!. yes it worked before
2. No
3  yes
4 No
5 It Hosts the Trend Micro server but doesn't have the client itself installed
6 that brings up google
7. no
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Resolve DNS query failed errors for Exchange
A procedure for exporting installed hotfix details of remote computers using powershell
In this Micro Tutorial viewers will learn how they can get their files copied out from their unbootable system without need to use recovery services. As an example non-bootable Windows 2012R2 installation is used which has boot problems.
In this Micro Tutorial viewers will learn how to restore single file or folder from Bare Metal backup image of their system. Tutorial shows how to restore files and folders from system backup. Often it is not needed to restore entire system when onl…

687 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question