I got this Error in Eventvwr in one Member server(2003 R2 SP2).

Event Type:        Error

Event Source:    Userenv

Event Category:                None

Event ID:              1054

Date:                     05/06/11

Time:                     12:18:23 PM

User:                     NT AUTHORITY\SYSTEM

Computer:          FS001.Contoso.com

Description:

Windows cannot obtain the domain controller name for your computer network. (An unexpected network error occurred. ). Group Policy processing aborted.

 

When I run gpresult I get this error

"INFO: The user "Domain\user" does not have RSOP data".

When i run rsop.msc I can see all computer policies is getting applied But I cannot see any user setting.

I tried netdiag /test:DNS. Out put I got all passed.

I can ping the DC(2003 Std SP2). The DNS Setting also perfect.(I do not want to disjoin and rejoin this server to doamin)

Any help is greatly appriciated.

 

 

Make sure user policies are not disable or there is only settings configured in computer configuration.

Make sure member server points local DNS server only not any public or ISP's dns addres.

Refer the below article.

http://support.microsoft.com/kb/324174

http://social.technet.microsoft.com/Forums/en/winserverGP/thread/6a0c9a0e-3dee-4b00-8ad7-45f5f9b9ce76

 

 

Regards

Hello,

please post an unedited ipconfig /all from the DC/DNS servers and the problem machine. Any of them multihomed? Was there a crash/reinstall before this started?

Hi ...Thanks Guys

The DNS configuration in that member server is perfect. The user config is not disabled . The server is up for last 15 days.

The machine is multihomed but its nic2 is disabled.

I can access the sysvol share as well. The User I am trying is have domain admin rights.

 

One More info whenever I am trying rsop.msc I am getting this message "Rsop loggins was never enabled or data is corrupt".Then I close this error message. Then I can see in the"Resultant Set of policy processing...."

Doamin\doaminadmin  (Access Denied).

I have deleted the domainadmin profile from the member server.

 

The Userenv log :::

 

USERENV(1e14.147c) 11:12:46:989 ProcessGPOs:
USERENV(1e14.147c) 11:12:46:989 EnterCriticalPolicySectionEx: Entering with timeout 600000 and flags 0x0
USERENV(1e14.147c) 11:12:46:989 EnterCriticalPolicySectionEx: User critical section has been claimed.  Handle = 0x348
USERENV(1e14.147c) 11:12:46:989 EnterCriticalPolicySectionEx: Leaving successfully.
USERENV(1e14.147c) 11:12:46:989 ProcessGPOs:  Machine role is 2.
USERENV(1e14.147c) 11:12:47:599 PingComputer: PingBufferSize set as 2048
USERENV(1e14.147c) 11:12:47:771 PingComputer: Adapter speed 1000000000 bps
USERENV(1e14.147c) 11:12:52:977 PingComputer:  First send 0x196d900a failed with 11010
USERENV(1e14.147c) 11:12:58:481 PingComputer:  First send 0x196d900a failed with 11010
USERENV(1e14.147c) 11:13:03:984 PingComputer:  First send 0x196d900a failed with 11010
USERENV(1e14.147c) 11:13:03:984 PingComputer:  No data available
USERENV(1e14.147c) 11:13:04:109 PingComputer: PingBufferSize set as 2048
USERENV(1e14.147c) 11:13:04:109 PingComputer: Adapter speed 1000000000 bps
USERENV(1720.1280) 11:13:08:034 LibMain: Process Name:  C:\WINDOWS\system32\cscript.exe
USERENV(1f6c.19d8) 11:13:08:847 LibMain: Process Name:  C:\WINDOWS\system32\cscript.exe
USERENV(1e14.147c) 11:13:09:488 PingComputer:  First send 0x196d900a failed with 11010
USERENV(1e14.147c) 11:13:14:991 PingComputer:  First send 0x196d900a failed with 11010
USERENV(1e14.147c) 11:13:20:495 PingComputer:  First send 0x196d900a failed with 11010
USERENV(1e14.147c) 11:13:20:495 PingComputer:  No data available
USERENV(1e14.147c) 11:13:20:526 ProcessGPOs: DSGetDCName failed with 59.
USERENV(1e14.147c) 11:13:20:776 ProcessGPOs: No WMI logging done in this policy cycle.
USERENV(1e14.147c) 11:13:20:776 ProcessGPOs: Processing failed with error 59.
USERENV(1e14.147c) 11:13:20:776 LeaveCriticalPolicySection: Critical section 0x348 has been released.
USERENV(1e14.147c) 11:13:20:776 ProcessGPOs: User Group Policy has been applied.
USERENV(1e14.147c) 11:13:20:776 ProcessGPOs: Leaving with 0.
USERENV(1e14.147c) 11:13:20:776 ApplyGroupPolicy: Leaving successfully.
USERENV(1e14.1bec) 11:13:20:776 GPOThread:  Next refresh will happen in 112 minutes
USERENV(6a8.1f64) 11:13:20:964 LibMain: Process Name:  C:\WINDOWS\system32\userinit.exe
USERENV(1e14.6b4) 11:13:21:652 IsSyncForegroundPolicyRefresh: Synchronous, Reason: policy set to SYNC
USERENV(1c78.1f94) 11:13:21:824 LibMain: Process Name:  C:\WINDOWS\system32\userinit.exe
USERENV(183c.1af4) 11:13:22:918 LibMain: Process Name:  C:\WINDOWS\Explorer.EXE
USERENV(183c.1af4) 11:13:23:121 GetProfileType:  Profile already loaded.
USERENV(183c.1af4) 11:13:23:121 GetProfileType: ProfileFlags is 0
USERENV(183c.1af4) 11:13:23:121 GetProfileType:  Profile already loaded.
USERENV(183c.1af4) 11:13:23:121 GetProfileType: ProfileFlags is 0
USERENV(183c.d9c) 11:13:23:371 GetProfileType:  Profile already loaded.
USERENV(183c.d9c) 11:13:23:528 GetProfileType: ProfileFlags is 0
USERENV(814.1c7c) 11:13:24:091 LibMain: Process Name:  C:\WINDOWS\system32\mobsync.exe
USERENV(16dc.fe8) 11:13:26:045 LibMain: Process Name:  C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
USERENV(19f0.c18) 11:13:26:123 LibMain: Process Name:  C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
USERENV(b24.1b28) 11:13:27:265 LibMain: Process Name:  C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe
USERENV(1fb8.15ac) 11:13:32:721 LibMain: Process Name:  C:\WINDOWS\system32\mshta.exe
USERENV(5a8.15b8) 11:13:36:161 LibMain: Process Name:  C:\WINDOWS\system32\userinit.exe

Hello,

was that domain upgraded from Windows 2000 to newer version?

Did you run adprep /domainprep /gpprep ?

Please see also: http://technet.microsoft.com/en-us/library/cc775785(WS.10).aspx

Yes this domain was upgraded 3 years back. This issue i am facing from today.. 

This issue is for one machine only. I have checked other servers in the same ou. Those are ok.

Is the member server is running with latest SP & Patches & did you follow the link posted above?

 

Regards

Yes is has all latest patches. OS 2003 R2 Sp2.

I checked both the links but My scenario is different. Because all computer policies are getting applied correctly

 

Have you ever logged into this server using this particular user account? For testing purpose, try logon to this server using this account and run RSOP again.

I would agree with Santhosh and to add another option, try running RSOP against the machine with a different account and try using th user account on a different machine.  This should help you narrow down if the user or the machine is the issue.

--
Paul Bergson
MVP - Directory Services
MCITP: Enterprise Administrator
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, Vista, 2003, 2000 (Early Achiever), NT4
http://www.pbbergs.com    Twitter @pbbergs
http://blogs.dirteam.com/blogs/paulbergson

Please no e-mails, any questions should be posted in the NewsGroup. This posting is provided "AS IS" with no warranties, and confers no rights.

Hi ,

 

I have tried with two domain admin account. it is same for both the users.

 

I have tried those two account in another server it is ok over there.

Did you logon to this server locally using the same account?

Is it possible o disjoin the server from the domain & rejoin it back& one more thing is the account used by you for running RSOP.MSC is also member of local administrator group, if not try to make it member of local administrator group, log off & relogin.

http://minasi.com/forum/topic.asp?TOPIC_ID=5772

http://technet.microsoft.com/en-us/library/cc775785%28WS.10%29.aspx

 

Regards

The issue seems to be some network issue..

Add this twol keys in registry and logoff if possible restart. The issue should get resolved.

You might have to add the "Windows" and "System" folders

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
"GroupPolicyMinTransferRate"=dword:00000000

Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System]
"GroupPolicyMinTransferRate"=dword:00000000

 

Check

http://www.eventid.net/display.asp?eventid=1053&eventno=1584&source=Userenv&phase=1

• Marked as answer by answernick Tuesday, June 07, 2011 7:53 AM

Hello

 

I have a domain network of 50+ computers with 2 domains (win2008 R2 & win2008. all work ok.

Only one user with Windows 7 prof. 64 bit is having this issue.

When i run the gpresult /r i get the error message :

"the user does not have rsop data".

 @Tanmoy Manik i tried to add this at the registry but i have only the

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
"GroupPolicyMinTransferRate"=dword:00000000

and i dont know if i added this correct.

The
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System]

i dont have it at all.

 

Any suggestions?

 

thx

 

 

 

Hello,

did you follow test all other suggestions made in this thread? If yes what was the outcome on each of them, if questions where asked?

Hello

from one of the 2 DC's the log of the ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Arahide
   Primary Dns Suffix  . . . . . . . : goldenfoods.local
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : goldenfoods.local

Ethernet adapter Local Area Connection 2:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection #2
   Physical Address. . . . . . . . . : 00-0C-29-C4-77-F2
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.10.4(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 0.0.0.0
   DNS Servers . . . . . . . . . . . : 192.168.10.4
                                       192.168.10.7
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
   Physical Address. . . . . . . . . : 00-0C-29-C4-77-E8
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.1.224(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.1
   DNS Servers . . . . . . . . . . . : 192.168.1.224
                                       192.168.1.227
   Primary WINS Server . . . . . . . : 192.168.1.224
   Secondary WINS Server . . . . . . : 192.168.1.227
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 8:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.{5097FF92-A056-4684-A682-60CC271F1474}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 02-00-54-55-4E-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.{0C215F94-DC2A-4D7F-9FFF-67221E841534}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

from the problematic workstation:

Windows IP Configuration

   Host Name . . . . . . . . . . . . : VGRIGORIU
   Primary Dns Suffix  . . . . . . . : goldenfoods.local
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : goldenfoods.local

Wireless LAN adapter Wireless Network Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : 70-1A-04-4D-26-E8
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : 0C-60-76-99-25-8F
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : goldenfoods.local
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 00-24-E8-E1-28-99
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : goldenfoods.local
   Description . . . . . . . . . . . : Dell Wireless 1397 WLAN Mini-Card
   Physical Address. . . . . . . . . : 70-1A-04-4D-26-E8
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.1.28(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Friday, 26 August, 2011 13:59:30
   Lease Expires . . . . . . . . . . : Sunday, 28 August, 2011 13:59:31
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.224
   DNS Servers . . . . . . . . . . . : 192.168.1.224
                                       192.168.1.227
   Primary WINS Server . . . . . . . : 192.168.1.224
   Secondary WINS Server . . . . . . : 192.168.1.227
   NetBIOS over Tcpip. . . . . . . . : Enabled

for me also the user in not disabled, and the DC's server are working fine at the rest of the machines.

Singel thing i didnt manage to do is the registry thing mentioned here.

As i said to my previous post at

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
"GroupPolicyMinTransferRate"=dword:00000000

and i dont know if i added this correct.

The
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System]

i dont have it at all.

thx in advance

 

Hello,

Arahide is multi-homed which is not recommended for DCs, so please first remove this setup and cleanup DNS, then run ipconfig /flushdns and ipconfig /registerdns and restart the netlogon service.

Why is this configuration, which mostly is the reason for problems?

http://support.microsoft.com/kb/157025

http://msmvps.com/blogs/acefekay/archive/2009/08/17/multihomed-dcs-with-dns-rras-and-or-pppoe-adapters.aspx

Hello

Arahide has 2 NIC's because i have 2 LAN's.

The second LAN has a persistance route to a specific IP in order to backup every night through there.

Why is this a probem since to my other computers is working fine with no problems.

ipconfig /flushdns and ipconfig /registerdns should i run to the DC's or to the user?

thx

Hello,

LANs should NOT be connected with a server, this may work for lot's of machines but at some point you run into trouble. With your setup the DC has 2 ip addresses registered in DNS zones and this will result in problems you see now, as clients are not able to resolve the correct DC ip address from each site of the LAN. Again this may work very often but then it will result in problems you see now.

Networks should be divided with VLANs(manageable switches) or routers not with the DC. Please see also Ace Fekay's article about, where the detailed steps are included how the DC MUST be configured to avoid problems. But in your case you are not able to prevent one NIC from registering in DNS as one of the used subnets will not be able to resolve the names correct anymore.

So please redesign your network:

Internet > router WANport > router LANport > switch > one subnet

                                       > router second LANport > other subnet

Hello

My network is designed as:

LAN 1:

Internet > router WANport > router LANport > switch > one subnet -> NIC 1 fot eh 1st DC and NIC 2 from the 2nd DC.

The > router second LANport > other subnet -> NIC2 of each DC is only between the server machines 7 in total.

Is there a way to restrict the second IP 192.168.10.4 from the DNS and WINS?

 

thx

Hello,

according to your description the subnets are separated already. So remove each other subnets DC NIC from it and run ipconfig /flushdns and ipconfig /registerdns  and restart the netlogon service on the DCs.

The router handles the routing, that's the job of the router, just use it as DG in each subnet on the DC and there is no need to use the second NICs in the other subnet.

 

Hello All

@Meinolf Weber you might be correct with what you said about the DC being multi-homed but i have found the problem.

The probelm was that at the DC at the Active Directoy Users and Computers i had a special OU for that specific user and that OU had the sign "\". THat was the problem.

Before it was: "VG D:\"

I renamed it to: "VG" and all worked fine.

Thx for the advice on the multi-hommed though.

 

Good suggestion!.  I had the same error while running gpresult for a user on a Win7 PC.  After logging in once on the machine as the user in question, the problem went away.  I guess something was not initialised for this user.

I have just been searching through many threads on this topic and they weren't leading me anywhere.  They did get me to thinking and I did find my specific problem.  Hope this helps:

On an Enterprise Domain, many users will belong to several security groups and many of those groups are nested.  "Token Bloat".  The main reason I didn't think of this sooner was, because of token issues, our standard computer builds contain the below settings already.  My recent problem came from introducing a Vendor Configured system to the Domain.  It did not have the settings and was fixed when applied.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters]

"MaxPacketSize"=dword:00000001

"MaxTokenSize"=dword:0000ffff

Also important to note, not only does the local machine need the settings, but any server being authenticated against also needs them.  If your security token is large (doesn't have to be Max) it could be complete on the local machine, but when passed to a server without the settings, it will get truncated (randomly) and the security bit you require (GPO in this case) would be missing.  It's very difficult to troubleshoot as some bits exist in the token, so some services work and others don't.  It just depends what gets truncated out and it could be different every time.

I would start with those settings as they cannot hurt.

Change your account password acording to policy complexity rules. Log off and log on and try gpresult or gpurdate one more time.

Kind Regards!

Just discovered that a corrupt user profile can also cause this gpresult error.

In my case, it was only showing no group members for one user.  Other users logged into the same machine were ok.

We did remove / re-add the PC back to the domain though.  Could also be related.