Guest sblair0320 Posted October 5, 2007 Posted October 5, 2007 The computer configuration of group policy fails on all computers on the network except on the server. Here is hat I get in my event viewer when I try to refress my group policy. Event Source: Userenv Event ID: 1053 Description: Windows cannot determine the user or computer name. (Access is denied. ). Group Policy processing aborted. Event Source: AutoEnrollment Event ID: 15 Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007052b). Unable to update the password. The value provided as the current password is incorrect. Enrollment will not be performed. I have been trying to fix this problem for some time now and have been unsuccessful. Here is what I have checked so far: I have used nslookup to search my DNS records from one of the computers having the problem. I have searched most if not all the SRV and A records needed for Active Directory. What DNS records should I be looking for? I have reset the server machine account. I can access the Sysvol folder from all the client computers. Here are the highlights from a dcdiag: Starting test: NetLogons * Warning BUILTIN\Administrators did not have the "Access this computer from network" right. [sERVER2] An net use or LsaPolicy operation failed with error 1, Incorrect function........................... SERVER2 failed test NetLogons Starting test: Services IsmServ Service is stopped on [sERVER2] ......... SERVER2 failed test Services Here are the highlights from a netdiag /debug from the client: Testing the WINS server Local Area Connection Sending name query to primary WINS server 192.168.1.3 - querying name HAVANA-BQ9WJ76F on server 192.168.1.3 bytes sent 50 querying name HAVANA-BQ9WJ76F on server 192.168.1.3 bytes sent 50 Failed Testing Kerberos authentication... Failed WINS service test. . . . . : Failed Sending name query to primary WINS server 192.168.1.3 - Failed There is no secondary WINS server defined for this adapter. The test failed. We were unable to query the WINS servers. IPX test : IPX is not installed on this machine. Redir and Browser test . . . . . . : Failed List of transports currently bound to the Redir NetbiosSmb NetBT_Tcpip_{B8DE7FD8-8E3E-4FF6-A520-65F7A34CF85F} The redir is bound to 1 NetBt transport. List of transports currently bound to the browser NetBT_Tcpip_{B8DE7FD8-8E3E-4FF6-A520-65F7A34CF85F} The browser is bound to 1 NetBt transport. [FATAL] Cannot send mailslot message to '\\havanagroup*\MAILSLOT\NET\NETLOGON' via redir. [ERROR_BAD_NETPATH] Kerberos test. . . . . . . . . . . : Failed [FATAL] Kerberos does not have a ticket for host/HAVANA-BQ9WJ76F.havanagroup.local. Now here is a portion of the clients Userenv log. USERENV(444.a6c) 07:14:43:231 ProcessGPOs: MyGetUserName failed with 5. USERENV(444.a6c) 09:05:48:946 MyGetUserName: GetUserNameEx failed with 5. USERENV(444.a6c) 09:05:49:681 MyGetUserName: GetUserNameEx failed with 5. USERENV(444.a6c) 09:05:50:415 MyGetUserName: GetUserNameEx failed with 5. USERENV(444.a6c) 09:05:51:165 MyGetUserName: GetUserNameEx failed with 5. USERENV(444.a6c) 09:05:51:165 ProcessGPOs: MyGetUserName failed with 5.
Guest Meinolf Weber Posted October 5, 2007 Posted October 5, 2007 Re: Group Policy processing aborted Hello sblair0320, Check on the server that all services running. I think you have to start with the server to get it running properly. Please give some mor infos about. What OS with which SP level? How many servers with which roles/functions and how are they connected and located? How is DNS setup on the Domain controller? Please post an ipconfig /all from all servers, On which level is the policy located, Domain or OU? Also post an ipconfig /all from one client Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. > The computer configuration of group policy fails on all computers on > the network except on the server. Here is hat I get in my event viewer > when I try to refress my group policy. > > Event Source: Userenv > Event ID: 1053 > Description: > Windows cannot determine the user or computer name. (Access is denied. > ). > Group Policy processing aborted. > Event Source: AutoEnrollment > Event ID: 15 > Description: > Automatic certificate enrollment for local system failed to contact > the > active directory (0x8007052b). Unable to update the password. The > value > provided as the current password is incorrect. > Enrollment will not be performed. > I have been trying to fix this problem for some time now and have been > unsuccessful. Here is what I have checked so far: > > I have used nslookup to search my DNS records from one of the > computers having the problem. I have searched most if not all the SRV > and A records needed for Active Directory. What DNS records should I > be looking for? > > I have reset the server machine account. > > I can access the Sysvol folder from all the client computers. > > Here are the highlights from a dcdiag: > > Starting test: NetLogons > * Warning BUILTIN\Administrators did not have the "Access > this > computer from network" right. > [sERVER2] An net use or LsaPolicy operation failed with error > 1, > Incorrect function........................... SERVER2 failed test > NetLogons > Starting test: Services > IsmServ Service is stopped on [sERVER2] ......... SERVER2 failed test > Services > Here are the highlights from a netdiag /debug from the client: > > Testing the WINS server > Local Area Connection > Sending name query to primary WINS server 192.168.1.3 - > querying name HAVANA-BQ9WJ76F on server 192.168.1.3 > bytes sent 50 > querying name HAVANA-BQ9WJ76F on server 192.168.1.3 > bytes sent 50 > Failed > Testing Kerberos authentication... Failed > > WINS service test. . . . . : Failed > Sending name query to primary WINS server 192.168.1.3 - > Failed > There is no secondary WINS server defined for this > adapter. > The test failed. We were unable to query the WINS > servers. > IPX test : IPX is not installed on this machine. > Redir and Browser test . . . . . . : Failed > List of transports currently bound to the Redir > NetbiosSmb > NetBT_Tcpip_{B8DE7FD8-8E3E-4FF6-A520-65F7A34CF85F} > The redir is bound to 1 NetBt transport. > List of transports currently bound to the browser > NetBT_Tcpip_{B8DE7FD8-8E3E-4FF6-A520-65F7A34CF85F} > The browser is bound to 1 NetBt transport. > [FATAL] Cannot send mailslot message to > '\\havanagroup*\MAILSLOT\NET\NETLOGON' via redir. [ERROR_BAD_NETPATH] > Kerberos test. . . . . . . . . . . : Failed > [FATAL] Kerberos does not have a ticket for > host/HAVANA-BQ9WJ76F.havanagroup.local. > Now here is a portion of the clients Userenv log. > > USERENV(444.a6c) 07:14:43:231 ProcessGPOs: MyGetUserName failed with > 5. USERENV(444.a6c) 09:05:48:946 MyGetUserName: GetUserNameEx failed > with 5. USERENV(444.a6c) 09:05:49:681 MyGetUserName: GetUserNameEx > failed with 5. USERENV(444.a6c) 09:05:50:415 MyGetUserName: > GetUserNameEx failed with 5. USERENV(444.a6c) 09:05:51:165 > MyGetUserName: GetUserNameEx failed with 5. USERENV(444.a6c) > 09:05:51:165 ProcessGPOs: MyGetUserName failed with 5. >
Guest sblair0320 Posted October 12, 2007 Posted October 12, 2007 Re: Group Policy processing aborted We own one server with all the roles. Microsoft Windows Server 2003 for Small Business W/ SP1 Intel Pentium 4 w/ 2.8 Ghz CPU 1024 MB of ram IPconfig /all Windows IP Configuration Host Name . . . . . . . . . . . . : SERVER2 Primary Dns Suffix . . . . . . . : havanagroup.local Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : Yes WINS Proxy Enabled. . . . . . . . : Yes DNS Suffix Search List. . . . . . : havanagroup.local Ethernet adapter Server Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Broadcom NetXtreme 5751 Gigabit Controller Physical Address. . . . . . . . . : 00-13-20-2F-35-82 DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 192.168.1.3 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.1.254 DNS Servers . . . . . . . . . . . : 192.168.1.3 Primary WINS Server . . . . . . . : 192.168.1.3 NetBIOS over Tcpip. . . . . . . . : Disabled I have one service that is not running that should be (LanService). It is set to automatic but will not startup. Here is a client ipconfig /all. Windows IP Configuration Host Name . . . . . . . . . . . . : HAVANA-BQ9WJ76F Primary Dns Suffix . . . . . . . : havanagroup.local Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : havanagroup.local Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel® PRO/100 M Network Connection Physical Address. . . . . . . . . : 00-30-6E-4B-6D-5A Dhcp Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 192.168.1.47 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.1.254 DNS Servers . . . . . . . . . . . : 192.168.1.3 Primary WINS Server . . . . . . . : 192.168.1.3 "Meinolf Weber" wrote: > Hello sblair0320, > > Check on the server that all services running. I think you have to start > with the server to get it running properly. Please give some mor infos about. > > What OS with which SP level? > > How many servers with which roles/functions and how are they connected and > located? > > How is DNS setup on the Domain controller? > > Please post an ipconfig /all from all servers, > > On which level is the policy located, Domain or OU? > > Also post an ipconfig /all from one client > > Best regards > > Meinolf Weber > Disclaimer: This posting is provided "AS IS" with no warranties, and confers > no rights. > > > The computer configuration of group policy fails on all computers on > > the network except on the server. Here is hat I get in my event viewer > > when I try to refress my group policy. > > > > Event Source: Userenv > > Event ID: 1053 > > Description: > > Windows cannot determine the user or computer name. (Access is denied. > > ). > > Group Policy processing aborted. > > Event Source: AutoEnrollment > > Event ID: 15 > > Description: > > Automatic certificate enrollment for local system failed to contact > > the > > active directory (0x8007052b). Unable to update the password. The > > value > > provided as the current password is incorrect. > > Enrollment will not be performed. > > I have been trying to fix this problem for some time now and have been > > unsuccessful. Here is what I have checked so far: > > > > I have used nslookup to search my DNS records from one of the > > computers having the problem. I have searched most if not all the SRV > > and A records needed for Active Directory. What DNS records should I > > be looking for? > > > > I have reset the server machine account. > > > > I can access the Sysvol folder from all the client computers. > > > > Here are the highlights from a dcdiag: > > > > Starting test: NetLogons > > * Warning BUILTIN\Administrators did not have the "Access > > this > > computer from network" right. > > [sERVER2] An net use or LsaPolicy operation failed with error > > 1, > > Incorrect function........................... SERVER2 failed test > > NetLogons > > Starting test: Services > > IsmServ Service is stopped on [sERVER2] ......... SERVER2 failed test > > Services > > Here are the highlights from a netdiag /debug from the client: > > > > Testing the WINS server > > Local Area Connection > > Sending name query to primary WINS server 192.168.1.3 - > > querying name HAVANA-BQ9WJ76F on server 192.168.1.3 > > bytes sent 50 > > querying name HAVANA-BQ9WJ76F on server 192.168.1.3 > > bytes sent 50 > > Failed > > Testing Kerberos authentication... Failed > > > > WINS service test. . . . . : Failed > > Sending name query to primary WINS server 192.168.1.3 - > > Failed > > There is no secondary WINS server defined for this > > adapter. > > The test failed. We were unable to query the WINS > > servers. > > IPX test : IPX is not installed on this machine. > > Redir and Browser test . . . . . . : Failed > > List of transports currently bound to the Redir > > NetbiosSmb > > NetBT_Tcpip_{B8DE7FD8-8E3E-4FF6-A520-65F7A34CF85F} > > The redir is bound to 1 NetBt transport. > > List of transports currently bound to the browser > > NetBT_Tcpip_{B8DE7FD8-8E3E-4FF6-A520-65F7A34CF85F} > > The browser is bound to 1 NetBt transport. > > [FATAL] Cannot send mailslot message to > > '\\havanagroup*\MAILSLOT\NET\NETLOGON' via redir. [ERROR_BAD_NETPATH] > > Kerberos test. . . . . . . . . . . : Failed > > [FATAL] Kerberos does not have a ticket for > > host/HAVANA-BQ9WJ76F.havanagroup.local. > > Now here is a portion of the clients Userenv log. > > > > USERENV(444.a6c) 07:14:43:231 ProcessGPOs: MyGetUserName failed with > > 5. USERENV(444.a6c) 09:05:48:946 MyGetUserName: GetUserNameEx failed > > with 5. USERENV(444.a6c) 09:05:49:681 MyGetUserName: GetUserNameEx > > failed with 5. USERENV(444.a6c) 09:05:50:415 MyGetUserName: > > GetUserNameEx failed with 5. USERENV(444.a6c) 09:05:51:165 > > MyGetUserName: GetUserNameEx failed with 5. USERENV(444.a6c) > > 09:05:51:165 ProcessGPOs: MyGetUserName failed with 5. > > > > >
Guest Meinolf Weber Posted October 12, 2007 Posted October 12, 2007 Re: Group Policy processing aborted Hello sblair0320, Reregister the client again on the DNS server with ipconfig /registerdns and check again. Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. > We own one server with all the roles. Microsoft Windows Server 2003 > for Small Business W/ SP1 Intel Pentium 4 w/ 2.8 Ghz CPU 1024 MB of > ram > > IPconfig /all > Windows IP Configuration > Host Name . . . . . . . . . . . . : SERVER2 > Primary Dns Suffix . . . . . . . : havanagroup.local > Node Type . . . . . . . . . . . . : Unknown > IP Routing Enabled. . . . . . . . : Yes > WINS Proxy Enabled. . . . . . . . : Yes > DNS Suffix Search List. . . . . . : havanagroup.local > Ethernet adapter Server Local Area Connection: > Connection-specific DNS Suffix . : > Description . . . . . . . . . . . : Broadcom NetXtreme 5751 Gigabit > Controller > Physical Address. . . . . . . . . : 00-13-20-2F-35-82 > DHCP Enabled. . . . . . . . . . . : No > IP Address. . . . . . . . . . . . : 192.168.1.3 > Subnet Mask . . . . . . . . . . . : 255.255.255.0 > Default Gateway . . . . . . . . . : 192.168.1.254 > DNS Servers . . . . . . . . . . . : 192.168.1.3 > Primary WINS Server . . . . . . . : 192.168.1.3 > NetBIOS over Tcpip. . . . . . . . : Disabled > I have one service that is not running that should be (LanService). It > is > set to automatic but will not startup. > > Here is a client ipconfig /all. > Windows IP Configuration > Host Name . . . . . . . . . . . . : HAVANA-BQ9WJ76F > Primary Dns Suffix . . . . . . . : havanagroup.local > Node Type . . . . . . . . . . . . : Hybrid > IP Routing Enabled. . . . . . . . : No > WINS Proxy Enabled. . . . . . . . : No > DNS Suffix Search List. . . . . . : havanagroup.local > Ethernet adapter Local Area Connection: > Connection-specific DNS Suffix . : > Description . . . . . . . . . . . : Intel® PRO/100 M Network > Connection > Physical Address. . . . . . . . . : 00-30-6E-4B-6D-5A > Dhcp Enabled. . . . . . . . . . . : No > IP Address. . . . . . . . . . . . : 192.168.1.47 > Subnet Mask . . . . . . . . . . . : 255.255.255.0 > Default Gateway . . . . . . . . . : 192.168.1.254 DNS > Servers . . . . . . . . . . . : 192.168.1.3 > Primary WINS Server . . . . . . . : 192.168.1.3 > "Meinolf Weber" wrote: > >> Hello sblair0320, >> >> Check on the server that all services running. I think you have to >> start with the server to get it running properly. Please give some >> mor infos about. >> >> What OS with which SP level? >> >> How many servers with which roles/functions and how are they >> connected and located? >> >> How is DNS setup on the Domain controller? >> >> Please post an ipconfig /all from all servers, >> >> On which level is the policy located, Domain or OU? >> >> Also post an ipconfig /all from one client >> >> Best regards >> >> Meinolf Weber >> Disclaimer: This posting is provided "AS IS" with no warranties, and >> confers >> no rights. >>> The computer configuration of group policy fails on all computers on >>> the network except on the server. Here is hat I get in my event >>> viewer when I try to refress my group policy. >>> >>> Event Source: Userenv >>> Event ID: 1053 >>> Description: >>> Windows cannot determine the user or computer name. (Access is >>> denied. >>> ). >>> Group Policy processing aborted. >>> Event Source: AutoEnrollment >>> Event ID: 15 >>> Description: >>> Automatic certificate enrollment for local system failed to contact >>> the >>> active directory (0x8007052b). Unable to update the password. The >>> value >>> provided as the current password is incorrect. >>> Enrollment will not be performed. >>> I have been trying to fix this problem for some time now and have >>> been >>> unsuccessful. Here is what I have checked so far: >>> I have used nslookup to search my DNS records from one of the >>> computers having the problem. I have searched most if not all the >>> SRV and A records needed for Active Directory. What DNS records >>> should I be looking for? >>> >>> I have reset the server machine account. >>> >>> I can access the Sysvol folder from all the client computers. >>> >>> Here are the highlights from a dcdiag: >>> >>> Starting test: NetLogons >>> * Warning BUILTIN\Administrators did not have the "Access >>> this >>> computer from network" right. >>> [sERVER2] An net use or LsaPolicy operation failed with error >>> 1, >>> Incorrect function........................... SERVER2 failed test >>> NetLogons >>> Starting test: Services >>> IsmServ Service is stopped on [sERVER2] ......... SERVER2 failed >>> test >>> Services >>> Here are the highlights from a netdiag /debug from the client: >>> Testing the WINS server >>> Local Area Connection >>> Sending name query to primary WINS server 192.168.1.3 - >>> querying name HAVANA-BQ9WJ76F on server 192.168.1.3 >>> bytes sent 50 >>> querying name HAVANA-BQ9WJ76F on server 192.168.1.3 >>> bytes sent 50 >>> Failed >>> Testing Kerberos authentication... Failed >>> WINS service test. . . . . : Failed >>> Sending name query to primary WINS server 192.168.1.3 - >>> Failed >>> There is no secondary WINS server defined for this >>> adapter. >>> The test failed. We were unable to query the WINS >>> servers. >>> IPX test : IPX is not installed on this machine. >>> Redir and Browser test . . . . . . : Failed >>> List of transports currently bound to the Redir >>> NetbiosSmb >>> NetBT_Tcpip_{B8DE7FD8-8E3E-4FF6-A520-65F7A34CF85F} >>> The redir is bound to 1 NetBt transport. >>> List of transports currently bound to the browser >>> NetBT_Tcpip_{B8DE7FD8-8E3E-4FF6-A520-65F7A34CF85F} >>> The browser is bound to 1 NetBt transport. >>> [FATAL] Cannot send mailslot message to >>> '\\havanagroup*\MAILSLOT\NET\NETLOGON' via redir. >>> [ERROR_BAD_NETPATH] >>> Kerberos test. . . . . . . . . . . : Failed >>> [FATAL] Kerberos does not have a ticket for >>> host/HAVANA-BQ9WJ76F.havanagroup.local. >>> Now here is a portion of the clients Userenv log. >>> USERENV(444.a6c) 07:14:43:231 ProcessGPOs: MyGetUserName failed with >>> 5. USERENV(444.a6c) 09:05:48:946 MyGetUserName: GetUserNameEx >>> failed with 5. USERENV(444.a6c) 09:05:49:681 MyGetUserName: >>> GetUserNameEx failed with 5. USERENV(444.a6c) 09:05:50:415 >>> MyGetUserName: GetUserNameEx failed with 5. USERENV(444.a6c) >>> 09:05:51:165 MyGetUserName: GetUserNameEx failed with 5. >>> USERENV(444.a6c) 09:05:51:165 ProcessGPOs: MyGetUserName failed with >>> 5. >>>
Recommended Posts