By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
434,880 Members | 2,443 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 434,880 IT Pros & Developers. It's quick & easy.

Login Problem on Windows 2003 Server

P: 1
I have a test network consisting of four servers running windows 2003 server R2 SP2. I have set up a domain which functioned correctly for about a day and a half until the other servers decided they can no longer connect to the domain controller. Ping resolves the domain controllers name to the correct ip nslookup finds the ip but can not resolve the name.

When I attempt to log on to a machine on the domain it takes around twenty minutes before logging me on I assume with cached credentails the following error appears in the event log under application

Event ID: 1053 Source: Usernev User: NT AUTHORITY\SYSTEM

Windows cannot determine the user or computer name. (The system detected a possible attempt to compromise security. Please ensure that you can contact the server that authenticated you. ). Group Policy processing aborted.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

And under System I get Event Id: 5719 Source: NETLOGON

This computer was not able to set up a secure session with a domain controller in domain abc due to the following:
There are currently no logon servers available to service the logon request.
This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator.

ADDITIONAL INFO
If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.

For more information, see Help and Support Center at

And under System on the DC I get this error Event Id: 4321 Source: NetBT

The name "abc :1d" could not be registered on the Interface with IP address 172.28.144.1. The machine with the IP address 172.28.144.2 did not allow the name to be claimed by this machine.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

172.28.144.2 is runnning ISA 2006 I'm also seeing some more errors to do with group policy I'm wondering if this has something to do with it?

I can access the AD on the DC using the Active Directory Users and Computers snap in I'm also seeing successful account logons under security on the DC.

netdiag output for the DC is

....................................

Computer Name: PRDC
DNS Host Name: prdc.abc.local
System info : Microsoft Windows Server 2003 R2 (Build 3790)
Processor : x86 Family 6 Model 15 Stepping 6, GenuineIntel
List of installed hotfixes :
KB924667-v2
KB925398_WMP64
KB925902
KB926122
KB927891
KB929123
KB930178
KB931784
KB932168
KB933854
KB935839
KB935840
KB935966
KB936357
Q147222


Netcard queries test . . . . . . . : Passed
[WARNING] The net card 'Intel(R) PRO/1000 MT Network Connection' may not be
working.



Per interface results:

Adapter : Local Area Connection 2

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : prdc01
IP Address . . . . . . . . : 172.28.144.1
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 172.28.144.2
Dns Servers. . . . . . . . :

AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Passed

NetBT name test. . . . . . : Passed
[WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messeng
r Service', <20> 'WINS' names is missing.

WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.

Adapter : Local Area Connection

Netcard queries test . . . : Failed
NetCard Status: DISCONNECTED
Some tests will be skipped on this interface.

Host Name. . . . . . . . . : prdc01
Autoconfiguration IP Address : 169.254.218.48
Subnet Mask. . . . . . . . : 255.255.0.0
Default Gateway. . . . . . :
Dns Servers. . . . . . . . :



Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{935A7EDA-268B-4ADC-9AAF-9CC87D65FF21}
NetBT_Tcpip_{3765197D-13D3-44E5-A442-5205E6DCCF6D}
2 NetBt transports currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed
[WARNING] You don't have a single interface with the <00> 'WorkStation Serv
ce', <03> 'Messenger Service', <20> 'WINS' names defined.


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server '127.0.0.1'
nd other DCs also have some of the names registered.


Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{935A7EDA-268B-4ADC-9AAF-9CC87D65FF21}
NetBT_Tcpip_{3765197D-13D3-44E5-A442-5205E6DCCF6D}
The redir is bound to 2 NetBt transports.

List of NetBt transports currently bound to the browser
NetBT_Tcpip_{935A7EDA-268B-4ADC-9AAF-9CC87D65FF21}
NetBT_Tcpip_{3765197D-13D3-44E5-A442-5205E6DCCF6D}
The browser is bound to 2 NetBt transports.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

Note: run "netsh ipsec dynamic show /?" for more detailed information



and for one of the member machines



Computer Name: PRVM01
DNS Host Name: PRVM01.abc.local
System info : Microsoft Windows Server 2003 (Build 3790)
Processor : EM64T Family 6 Model 15 Stepping 7, GenuineIntel
List of installed hotfixes :
Q147222


Netcard queries test . . . . . . . : Passed
[WARNING] The net card 'RAS Async Adapter' may not be working because it has
not received any packets.
[WARNING] The net card 'VMware Virtual Ethernet Adapter for VMnet8' may not
be working because it has not received any packets.
[WARNING] The net card 'VMware Virtual Ethernet Adapter for VMnet1' may not
be working because it has not received any packets.



Per interface results:

Adapter : Local Area Connection

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : PRVM01
IP Address . . . . . . . . : 172.28.144.4
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 172.28.144.2
Dns Servers. . . . . . . . : 172.28.144.1


AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Passed

NetBT name test. . . . . . : Passed
No names have been found.

WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.

Adapter : VMware Network Adapter VMnet1

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : PRVM01
IP Address . . . . . . . . : 192.168.192.1
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . :
Dns Servers. . . . . . . . :

AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Skipped
[WARNING] No gateways defined for this adapter.

NetBT name test. . . . . . : Passed
No names have been found.

WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.

Adapter : VMware Network Adapter VMnet8

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : PRVM01
IP Address . . . . . . . . : 192.168.245.1
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . :
Dns Servers. . . . . . . . :

AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Skipped
[WARNING] No gateways defined for this adapter.

NetBT name test. . . . . . : Passed
No names have been found.

WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{A65E2222-2E24-4A61-B407-4F32C4F9B577}
NetBT_Tcpip_{6678801B-0329-4E3E-825A-C204788FC6B5}
NetBT_Tcpip_{AE0F51FA-9B1E-48EC-A411-2A4403C02809}
3 NetBt transports currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed
[WARNING] You don't have a single interface with the <00> 'WorkStation Servi
ce', <03> 'Messenger Service', <20> 'WINS' names defined.


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Passed
[WARNING] Cannot find a primary authoritative DNS server for the name
'PRVM01.abc.local.'. [ERROR_TIMEOUT]
The name 'PRVM01.abc.local.' may not be registered in DNS.
[WARNING] Cannot find a primary authoritative DNS server for the name
'PRVM01.abc.local.'. [ERROR_TIMEOUT]
The name 'PRVM01.abc.local.' may not be registered in DNS.


Redir and Browser test . . . . . . : Failed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{A65E2222-2E24-4A61-B407-4F32C4F9B577}
NetBT_Tcpip_{6678801B-0329-4E3E-825A-C204788FC6B5}
NetBT_Tcpip_{AE0F51FA-9B1E-48EC-A411-2A4403C02809}
The redir is bound to 3 NetBt transports.

List of NetBt transports currently bound to the browser
NetBT_Tcpip_{AE0F51FA-9B1E-48EC-A411-2A4403C02809}
NetBT_Tcpip_{6678801B-0329-4E3E-825A-C204788FC6B5}
NetBT_Tcpip_{A65E2222-2E24-4A61-B407-4F32C4F9B577}
The browser is bound to 3 NetBt transports.
[FATAL] Cannot send mailslot message to 'abc*' via browser. [ERROR_INVALI
D_FUNCTION]


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Failed
[WARNING] Cannot call DsBind to prdc01.abc.local (172.28.144.1). [SEC_E_D
OWNGRADE_DETECTED]


Trust relationship test. . . . . . : Failed
[WARNING] Don't have access to test your domain sid for domain 'abc'.
[Test skipped]
Secure channel for domain 'abc' is to '\\PRDC01'.
Cannot test secure channel for domain 'abc' to DC 'prdc01'. [ERROR_NO_LOG
ON_SERVERS]


Kerberos test. . . . . . . . . . . : Failed
[FATAL] Cannot lookup package Kerberos.
The error occurred was: (null)


LDAP test. . . . . . . . . . . . . : Failed
[FATAL] Cannot do Negotiate authenticated ldap_bind to 'prdc01.abc.local'
: Local Error.
[WARNING] Failed to query SPN registration on DC 'prdc01.abc.local'.
[FATAL] No LDAP servers work in the domain 'abc'.


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

Note: run "netsh ipsec dynamic show /?" for more detailed information


The command completed successfully

I should probably point out that networking is not my forte so any help/links on how to interpret the netdiag output plus any other suggestions as to what may be occuring would be good.
Sep 10 '07 #1
Share this Question
Share on Google+
1 Reply


Cyberdyne
Expert 100+
P: 627
On prdc01 you are missing the DNS and Gateway entries.

DNS is crucial on a Domain setup.

What are the roles of your servers, you said you have 4.
How are they connected? Do you have a Firewall and hub setup, which server takes care of the DHCP or are you using your firewall to assign these and running your servers static?

Thank you fo such a detailed info but it is a bit confusing.

I will rename this thread so more people can help. As far as I can tell you are having a problem login in to your domain controller because some of the settings on the network are incorrect or because there is a security issue within the domain that locks up your login.

Regards, Cyberdyne.
Sep 11 '07 #2

Post your reply

Sign in to post your reply or Sign up for a free account.