Group Policy processing aborted

[Guest sblair0320]

The computer configuration of group policy fails on all computers on the

network except on the server. Here is hat I get in my event viewer when I try

to refress my group policy.

 

Event Source: Userenv

Event ID: 1053

Description:

Windows cannot determine the user or computer name. (Access is denied. ).

Group Policy processing aborted.

 

Event Source: AutoEnrollment

Event ID: 15

Description:

Automatic certificate enrollment for local system failed to contact the

active directory (0x8007052b). Unable to update the password. The value

provided as the current password is incorrect.

Enrollment will not be performed.

 

I have been trying to fix this problem for some time now and have been

unsuccessful. Here is what I have checked so far:

 

I have used nslookup to search my DNS records from one of the computers

having the problem. I have searched most if not all the SRV and A records

needed for Active Directory. What DNS records should I be looking for?

 

I have reset the server machine account.

 

I can access the Sysvol folder from all the client computers.

 

Here are the highlights from a dcdiag:

 

Starting test: NetLogons

* Warning BUILTIN\Administrators did not have the "Access this

computer from network" right.

[sERVER2] An net use or LsaPolicy operation failed with error 1,

Incorrect function........................... SERVER2 failed test NetLogons

 

Starting test: Services

IsmServ Service is stopped on [sERVER2] ......... SERVER2 failed test

Services

 

Here are the highlights from a netdiag /debug from the client:

 

Testing the WINS server

Local Area Connection

Sending name query to primary WINS server 192.168.1.3 -

querying name HAVANA-BQ9WJ76F on server 192.168.1.3

bytes sent 50

 

querying name HAVANA-BQ9WJ76F on server 192.168.1.3

bytes sent 50

Failed

 

Testing Kerberos authentication... Failed

 

WINS service test. . . . . : Failed

Sending name query to primary WINS server 192.168.1.3 - Failed

There is no secondary WINS server defined for this adapter.

The test failed. We were unable to query the WINS servers.

IPX test : IPX is not installed on this machine.

 

Redir and Browser test . . . . . . : Failed

List of transports currently bound to the Redir

NetbiosSmb

NetBT_Tcpip_{B8DE7FD8-8E3E-4FF6-A520-65F7A34CF85F}

The redir is bound to 1 NetBt transport.

 

List of transports currently bound to the browser

NetBT_Tcpip_{B8DE7FD8-8E3E-4FF6-A520-65F7A34CF85F}

The browser is bound to 1 NetBt transport.

[FATAL] Cannot send mailslot message to

'\\havanagroup*\MAILSLOT\NET\NETLOGON' via redir. [ERROR_BAD_NETPATH]

 

Kerberos test. . . . . . . . . . . : Failed

[FATAL] Kerberos does not have a ticket for

host/HAVANA-BQ9WJ76F.havanagroup.local.

 

Now here is a portion of the clients Userenv log.

 

USERENV(444.a6c) 07:14:43:231 ProcessGPOs: MyGetUserName failed with 5.

USERENV(444.a6c) 09:05:48:946 MyGetUserName: GetUserNameEx failed with 5.

USERENV(444.a6c) 09:05:49:681 MyGetUserName: GetUserNameEx failed with 5.

USERENV(444.a6c) 09:05:50:415 MyGetUserName: GetUserNameEx failed with 5.

USERENV(444.a6c) 09:05:51:165 MyGetUserName: GetUserNameEx failed with 5.

USERENV(444.a6c) 09:05:51:165 ProcessGPOs: MyGetUserName failed with 5.

[Guest Meinolf Weber]

Re: Group Policy processing aborted

 

Hello sblair0320,

 

Check on the server that all services running. I think you have to start

with the server to get it running properly. Please give some mor infos about.

 

What OS with which SP level?

 

How many servers with which roles/functions and how are they connected and

located?

 

How is DNS setup on the Domain controller?

 

Please post an ipconfig /all from all servers,

 

On which level is the policy located, Domain or OU?

 

Also post an ipconfig /all from one client

 

Best regards

 

Meinolf Weber

Disclaimer: This posting is provided "AS IS" with no warranties, and confers

no rights.

> The computer configuration of group policy fails on all computers on

> the network except on the server. Here is hat I get in my event viewer

> when I try to refress my group policy.

>

> Event Source: Userenv

> Event ID: 1053

> Description:

> Windows cannot determine the user or computer name. (Access is denied.

> ).

> Group Policy processing aborted.

> Event Source: AutoEnrollment

> Event ID: 15

> Description:

> Automatic certificate enrollment for local system failed to contact

> the

> active directory (0x8007052b). Unable to update the password. The

> value

> provided as the current password is incorrect.

> Enrollment will not be performed.

> I have been trying to fix this problem for some time now and have been

> unsuccessful. Here is what I have checked so far:

>

> I have used nslookup to search my DNS records from one of the

> computers having the problem. I have searched most if not all the SRV

> and A records needed for Active Directory. What DNS records should I

> be looking for?

>

> I have reset the server machine account.

>

> I can access the Sysvol folder from all the client computers.

>

> Here are the highlights from a dcdiag:

>

> Starting test: NetLogons

> * Warning BUILTIN\Administrators did not have the "Access

> this

> computer from network" right.

> [sERVER2] An net use or LsaPolicy operation failed with error

> 1,

> Incorrect function........................... SERVER2 failed test

> NetLogons

> Starting test: Services

> IsmServ Service is stopped on [sERVER2] ......... SERVER2 failed test

> Services

> Here are the highlights from a netdiag /debug from the client:

>

> Testing the WINS server

> Local Area Connection

> Sending name query to primary WINS server 192.168.1.3 -

> querying name HAVANA-BQ9WJ76F on server 192.168.1.3

> bytes sent 50

> querying name HAVANA-BQ9WJ76F on server 192.168.1.3

> bytes sent 50

> Failed

> Testing Kerberos authentication... Failed

>

> WINS service test. . . . . : Failed

> Sending name query to primary WINS server 192.168.1.3 -

> Failed

> There is no secondary WINS server defined for this

> adapter.

> The test failed. We were unable to query the WINS

> servers.

> IPX test : IPX is not installed on this machine.

> Redir and Browser test . . . . . . : Failed

> List of transports currently bound to the Redir

> NetbiosSmb

> NetBT_Tcpip_{B8DE7FD8-8E3E-4FF6-A520-65F7A34CF85F}

> The redir is bound to 1 NetBt transport.

> List of transports currently bound to the browser

> NetBT_Tcpip_{B8DE7FD8-8E3E-4FF6-A520-65F7A34CF85F}

> The browser is bound to 1 NetBt transport.

> [FATAL] Cannot send mailslot message to

> '\\havanagroup*\MAILSLOT\NET\NETLOGON' via redir. [ERROR_BAD_NETPATH]

> Kerberos test. . . . . . . . . . . : Failed

> [FATAL] Kerberos does not have a ticket for

> host/HAVANA-BQ9WJ76F.havanagroup.local.

> Now here is a portion of the clients Userenv log.

>

> USERENV(444.a6c) 07:14:43:231 ProcessGPOs: MyGetUserName failed with

> 5. USERENV(444.a6c) 09:05:48:946 MyGetUserName: GetUserNameEx failed

> with 5. USERENV(444.a6c) 09:05:49:681 MyGetUserName: GetUserNameEx

> failed with 5. USERENV(444.a6c) 09:05:50:415 MyGetUserName:

> GetUserNameEx failed with 5. USERENV(444.a6c) 09:05:51:165

> MyGetUserName: GetUserNameEx failed with 5. USERENV(444.a6c)

> 09:05:51:165 ProcessGPOs: MyGetUserName failed with 5.

>

[Guest sblair0320]

Re: Group Policy processing aborted

 

We own one server with all the roles.

Microsoft Windows Server 2003 for Small Business W/ SP1

Intel Pentium 4 w/ 2.8 Ghz CPU

1024 MB of ram

 

IPconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : SERVER2

Primary Dns Suffix . . . . . . . : havanagroup.local

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : Yes

WINS Proxy Enabled. . . . . . . . : Yes

DNS Suffix Search List. . . . . . : havanagroup.local

Ethernet adapter Server Local Area Connection:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Broadcom NetXtreme 5751 Gigabit

Controller

Physical Address. . . . . . . . . : 00-13-20-2F-35-82

DHCP Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 192.168.1.3

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.254

DNS Servers . . . . . . . . . . . : 192.168.1.3

Primary WINS Server . . . . . . . : 192.168.1.3

NetBIOS over Tcpip. . . . . . . . : Disabled

I have one service that is not running that should be (LanService). It is

set to automatic but will not startup.

 

Here is a client ipconfig /all.

Windows IP Configuration

Host Name . . . . . . . . . . . . : HAVANA-BQ9WJ76F

Primary Dns Suffix . . . . . . . : havanagroup.local

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : havanagroup.local

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel® PRO/100 M Network

Connection

Physical Address. . . . . . . . . : 00-30-6E-4B-6D-5A

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 192.168.1.47

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.254 DNS

Servers . . . . . . . . . . . : 192.168.1.3

Primary WINS Server . . . . . . . : 192.168.1.3

 

 

"Meinolf Weber" wrote:

> Hello sblair0320,

>

> Check on the server that all services running. I think you have to start

> with the server to get it running properly. Please give some mor infos about.

>

> What OS with which SP level?

>

> How many servers with which roles/functions and how are they connected and

> located?

>

> How is DNS setup on the Domain controller?

>

> Please post an ipconfig /all from all servers,

>

> On which level is the policy located, Domain or OU?

>

> Also post an ipconfig /all from one client

>

> Best regards

>

> Meinolf Weber

> Disclaimer: This posting is provided "AS IS" with no warranties, and confers

> no rights.

>

> > The computer configuration of group policy fails on all computers on

> > the network except on the server. Here is hat I get in my event viewer

> > when I try to refress my group policy.

> >

> > Event Source: Userenv

> > Event ID: 1053

> > Description:

> > Windows cannot determine the user or computer name. (Access is denied.

> > ).

> > Group Policy processing aborted.

> > Event Source: AutoEnrollment

> > Event ID: 15

> > Description:

> > Automatic certificate enrollment for local system failed to contact

> > the

> > active directory (0x8007052b). Unable to update the password. The

> > value

> > provided as the current password is incorrect.

> > Enrollment will not be performed.

> > I have been trying to fix this problem for some time now and have been

> > unsuccessful. Here is what I have checked so far:

> >

> > I have used nslookup to search my DNS records from one of the

> > computers having the problem. I have searched most if not all the SRV

> > and A records needed for Active Directory. What DNS records should I

> > be looking for?

> >

> > I have reset the server machine account.

> >

> > I can access the Sysvol folder from all the client computers.

> >

> > Here are the highlights from a dcdiag:

> >

> > Starting test: NetLogons

> > * Warning BUILTIN\Administrators did not have the "Access

> > this

> > computer from network" right.

> > [sERVER2] An net use or LsaPolicy operation failed with error

> > 1,

> > Incorrect function........................... SERVER2 failed test

> > NetLogons

> > Starting test: Services

> > IsmServ Service is stopped on [sERVER2] ......... SERVER2 failed test

> > Services

> > Here are the highlights from a netdiag /debug from the client:

> >

> > Testing the WINS server

> > Local Area Connection

> > Sending name query to primary WINS server 192.168.1.3 -

> > querying name HAVANA-BQ9WJ76F on server 192.168.1.3

> > bytes sent 50

> > querying name HAVANA-BQ9WJ76F on server 192.168.1.3

> > bytes sent 50

> > Failed

> > Testing Kerberos authentication... Failed

> >

> > WINS service test. . . . . : Failed

> > Sending name query to primary WINS server 192.168.1.3 -

> > Failed

> > There is no secondary WINS server defined for this

> > adapter.

> > The test failed. We were unable to query the WINS

> > servers.

> > IPX test : IPX is not installed on this machine.

> > Redir and Browser test . . . . . . : Failed

> > List of transports currently bound to the Redir

> > NetbiosSmb

> > NetBT_Tcpip_{B8DE7FD8-8E3E-4FF6-A520-65F7A34CF85F}

> > The redir is bound to 1 NetBt transport.

> > List of transports currently bound to the browser

> > NetBT_Tcpip_{B8DE7FD8-8E3E-4FF6-A520-65F7A34CF85F}

> > The browser is bound to 1 NetBt transport.

> > [FATAL] Cannot send mailslot message to

> > '\\havanagroup*\MAILSLOT\NET\NETLOGON' via redir. [ERROR_BAD_NETPATH]

> > Kerberos test. . . . . . . . . . . : Failed

> > [FATAL] Kerberos does not have a ticket for

> > host/HAVANA-BQ9WJ76F.havanagroup.local.

> > Now here is a portion of the clients Userenv log.

> >

> > USERENV(444.a6c) 07:14:43:231 ProcessGPOs: MyGetUserName failed with

> > 5. USERENV(444.a6c) 09:05:48:946 MyGetUserName: GetUserNameEx failed

> > with 5. USERENV(444.a6c) 09:05:49:681 MyGetUserName: GetUserNameEx

> > failed with 5. USERENV(444.a6c) 09:05:50:415 MyGetUserName:

> > GetUserNameEx failed with 5. USERENV(444.a6c) 09:05:51:165

> > MyGetUserName: GetUserNameEx failed with 5. USERENV(444.a6c)

> > 09:05:51:165 ProcessGPOs: MyGetUserName failed with 5.

> >

>

>

>

[Guest Meinolf Weber]

Re: Group Policy processing aborted

 

Hello sblair0320,

 

Reregister the client again on the DNS server with ipconfig /registerdns

and check again.

 

Best regards

 

Meinolf Weber

Disclaimer: This posting is provided "AS IS" with no warranties, and confers

no rights.

> We own one server with all the roles. Microsoft Windows Server 2003

> for Small Business W/ SP1 Intel Pentium 4 w/ 2.8 Ghz CPU 1024 MB of

> ram

>

> IPconfig /all

> Windows IP Configuration

> Host Name . . . . . . . . . . . . : SERVER2

> Primary Dns Suffix . . . . . . . : havanagroup.local

> Node Type . . . . . . . . . . . . : Unknown

> IP Routing Enabled. . . . . . . . : Yes

> WINS Proxy Enabled. . . . . . . . : Yes

> DNS Suffix Search List. . . . . . : havanagroup.local

> Ethernet adapter Server Local Area Connection:

> Connection-specific DNS Suffix . :

> Description . . . . . . . . . . . : Broadcom NetXtreme 5751 Gigabit

> Controller

> Physical Address. . . . . . . . . : 00-13-20-2F-35-82

> DHCP Enabled. . . . . . . . . . . : No

> IP Address. . . . . . . . . . . . : 192.168.1.3

> Subnet Mask . . . . . . . . . . . : 255.255.255.0

> Default Gateway . . . . . . . . . : 192.168.1.254

> DNS Servers . . . . . . . . . . . : 192.168.1.3

> Primary WINS Server . . . . . . . : 192.168.1.3

> NetBIOS over Tcpip. . . . . . . . : Disabled

> I have one service that is not running that should be (LanService). It

> is

> set to automatic but will not startup.

>

> Here is a client ipconfig /all.

> Windows IP Configuration

> Host Name . . . . . . . . . . . . : HAVANA-BQ9WJ76F

> Primary Dns Suffix . . . . . . . : havanagroup.local

> Node Type . . . . . . . . . . . . : Hybrid

> IP Routing Enabled. . . . . . . . : No

> WINS Proxy Enabled. . . . . . . . : No

> DNS Suffix Search List. . . . . . : havanagroup.local

> Ethernet adapter Local Area Connection:

> Connection-specific DNS Suffix . :

> Description . . . . . . . . . . . : Intel® PRO/100 M Network

> Connection

> Physical Address. . . . . . . . . : 00-30-6E-4B-6D-5A

> Dhcp Enabled. . . . . . . . . . . : No

> IP Address. . . . . . . . . . . . : 192.168.1.47

> Subnet Mask . . . . . . . . . . . : 255.255.255.0

> Default Gateway . . . . . . . . . : 192.168.1.254 DNS

> Servers . . . . . . . . . . . : 192.168.1.3

> Primary WINS Server . . . . . . . : 192.168.1.3

> "Meinolf Weber" wrote:

>

>> Hello sblair0320,

>>

>> Check on the server that all services running. I think you have to

>> start with the server to get it running properly. Please give some

>> mor infos about.

>>

>> What OS with which SP level?

>>

>> How many servers with which roles/functions and how are they

>> connected and located?

>>

>> How is DNS setup on the Domain controller?

>>

>> Please post an ipconfig /all from all servers,

>>

>> On which level is the policy located, Domain or OU?

>>

>> Also post an ipconfig /all from one client

>>

>> Best regards

>>

>> Meinolf Weber

>> Disclaimer: This posting is provided "AS IS" with no warranties, and

>> confers

>> no rights.

>>> The computer configuration of group policy fails on all computers on

>>> the network except on the server. Here is hat I get in my event

>>> viewer when I try to refress my group policy.

>>>

>>> Event Source: Userenv

>>> Event ID: 1053

>>> Description:

>>> Windows cannot determine the user or computer name. (Access is

>>> denied.

>>> ).

>>> Group Policy processing aborted.

>>> Event Source: AutoEnrollment

>>> Event ID: 15

>>> Description:

>>> Automatic certificate enrollment for local system failed to contact

>>> the

>>> active directory (0x8007052b). Unable to update the password. The

>>> value

>>> provided as the current password is incorrect.

>>> Enrollment will not be performed.

>>> I have been trying to fix this problem for some time now and have

>>> been

>>> unsuccessful. Here is what I have checked so far:

>>> I have used nslookup to search my DNS records from one of the

>>> computers having the problem. I have searched most if not all the

>>> SRV and A records needed for Active Directory. What DNS records

>>> should I be looking for?

>>>

>>> I have reset the server machine account.

>>>

>>> I can access the Sysvol folder from all the client computers.

>>>

>>> Here are the highlights from a dcdiag:

>>>

>>> Starting test: NetLogons

>>> * Warning BUILTIN\Administrators did not have the "Access

>>> this

>>> computer from network" right.

>>> [sERVER2] An net use or LsaPolicy operation failed with error

>>> 1,

>>> Incorrect function........................... SERVER2 failed test

>>> NetLogons

>>> Starting test: Services

>>> IsmServ Service is stopped on [sERVER2] ......... SERVER2 failed

>>> test

>>> Services

>>> Here are the highlights from a netdiag /debug from the client:

>>> Testing the WINS server

>>> Local Area Connection

>>> Sending name query to primary WINS server 192.168.1.3 -

>>> querying name HAVANA-BQ9WJ76F on server 192.168.1.3

>>> bytes sent 50

>>> querying name HAVANA-BQ9WJ76F on server 192.168.1.3

>>> bytes sent 50

>>> Failed

>>> Testing Kerberos authentication... Failed

>>> WINS service test. . . . . : Failed

>>> Sending name query to primary WINS server 192.168.1.3 -

>>> Failed

>>> There is no secondary WINS server defined for this

>>> adapter.

>>> The test failed. We were unable to query the WINS

>>> servers.

>>> IPX test : IPX is not installed on this machine.

>>> Redir and Browser test . . . . . . : Failed

>>> List of transports currently bound to the Redir

>>> NetbiosSmb

>>> NetBT_Tcpip_{B8DE7FD8-8E3E-4FF6-A520-65F7A34CF85F}

>>> The redir is bound to 1 NetBt transport.

>>> List of transports currently bound to the browser

>>> NetBT_Tcpip_{B8DE7FD8-8E3E-4FF6-A520-65F7A34CF85F}

>>> The browser is bound to 1 NetBt transport.

>>> [FATAL] Cannot send mailslot message to

>>> '\\havanagroup*\MAILSLOT\NET\NETLOGON' via redir.

>>> [ERROR_BAD_NETPATH]

>>> Kerberos test. . . . . . . . . . . : Failed

>>> [FATAL] Kerberos does not have a ticket for

>>> host/HAVANA-BQ9WJ76F.havanagroup.local.

>>> Now here is a portion of the clients Userenv log.

>>> USERENV(444.a6c) 07:14:43:231 ProcessGPOs: MyGetUserName failed with

>>> 5. USERENV(444.a6c) 09:05:48:946 MyGetUserName: GetUserNameEx

>>> failed with 5. USERENV(444.a6c) 09:05:49:681 MyGetUserName:

>>> GetUserNameEx failed with 5. USERENV(444.a6c) 09:05:50:415

>>> MyGetUserName: GetUserNameEx failed with 5. USERENV(444.a6c)

>>> 09:05:51:165 MyGetUserName: GetUserNameEx failed with 5.

>>> USERENV(444.a6c) 09:05:51:165 ProcessGPOs: MyGetUserName failed with

>>> 5.

>>>