Hi, I need help with a DNS issue in Windows 2008 R2 GReport: "Group Policy Infrastructure failed due to the error listed below." The Event Viewer shows the following errors: Source: GroupPolicy EventID: 1053 Level: Error Info: The processing of Group Policy failed. Windows could not resolve the user name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller). Source: LSA (LsaSrv) EventID: 40960 Level: Warning Info: The description for Event ID 40960 from source LsaSrv cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: DNS/nxssrvdc001.nexussa.cl Kerberos "There are currently no logon servers available to service the logon request. (0xc000005e)" the message resource is present but the message is not found in the string/message table Source: NETLOGON EventID: 5719 Level: Error Info: This computer was not able to set up a secure session with a domain controller in domain NEXUS_NT_1 due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain. Source: DnsApi EventID: 111666 Level: Warning Info: The system failed to register host (A or AAAA) resource records (RRs) for network adapter with settings: Adapter Name : {5A74E56A-09B2-470B-9E42-44391E20437B} Host Name : NXSSRVIISCSD02 Primary Domain Suffix : nexussa.cl DNS server list : 200.10.XXX.XXX, 200.10.XXX.XXX Sent update to server : 200.10.XXX.XXX:53 IP Address(es) : 2002:c80a:860::c80a:860, 2002:c8c8:c8c2::c8c8:c8c2 The reason the system could not register these RRs was because of a security related problem. The cause of this could be (a) your computer does not have permissions to register and update the specific DNS domain name set for this adapter, or (b) there might have been a problem negotiating valid credentials with the DNS server during the processing of the update request. You can manually retry DNS registration of the network adapter and its settings by typing "ipconfig /registerdns" at the command prompt. If problems still persist, contact your DNS server or network systems administrator. See event details for specific error code information. Please help for resolved this issue. Thanks

Please refer following articles, might help you.. EventID: 40960-40961 http://social.technet.microsoft.com/Forums/en/winserverDS/thread/005f219d-1da0-48ad-8f5f-bc80d92cde92 Event ID 5719 is logged when you start a computer http://support.microsoft.com/kb/938449 Active Directory: Event ID 5719 Source Netlogon (dsforum2wiki) http://social.technet.microsoft.com/wiki/contents/articles/2466.active-directory-event-id-5719-source-netlogon-dsforum2wiki.aspx Event ID 11166 DNS Client Registration http://technet.microsoft.com/en-us/library/cc735785(v=ws.10) Event ID 1053 Group Policy Preprocessing (Security) http://technet.microsoft.com/en-us/library/cc727337(v=ws.10).aspx I do not represent the organisation I work for, all the opinions expressed here are my own. This posting is provided "AS IS" with no warranties or guarantees and confers no rights. - .... .- -. -.- ... --..-- ... .- -. - --- ... ....

As there are multiple errors, I would suggest you to fix each one of them one by one to narrow down to the root cause. There is no such thumb rule to say that, the suggestion works for sure i.e. 100% guaranteed ! A solution which might work for me, might not work for others due to several other environmental or application constraints. If the server in question is critical host for you, then I would suggest you to create a support request with Microsoft and you would be assured a definite solution. I do not represent the organisation I work for, all the opinions expressed here are my own. This posting is provided "AS IS" with no warranties or guarantees and confers no rights. - .... .- -. -.- ... --..-- ... .- -. - --- ... ....

GPUPDATE /Force results: Updating Policy... User Policy update has completed successfully. Computer policy could not be updated successfully. The following errors were enc ountered: The processing of Group Policy failed. Windows attempted to retrieve new Group P olicy settings for this user or computer. Look in the details tab for error code and description. Windows will automatically retry this operation at the next re fresh cycle. Computers joined to the domain must have proper name resolution and network connectivity to a domain controller for discovery of new Group Policy o bjects and settings. An event will be logged when Group Policy is successful. To diagnose the failure, review the event log or run GPRESULT /H GPReport.html f rom the command line to access information about Group Policy results. The Event Viewer shows the following errors: Source: GroupPolicy EventID: 1053 /// Error Code: 1355 Level: Error Info: The processing of Group Policy failed. Windows could not resolve the user name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller). Source: LSA (LsaSrv) EventID: 40960 Level: Warning Info: The description for Event ID 40960 from source LsaSrv cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: DNS/nxssrvdc001.nexussa.cl Kerberos "There are currently no logon servers available to service the logon request. (0xc000005e)" the message resource is present but the message is not found in the string/message table Source: NETLOGON EventID: 5719 Level: Error Info: This computer was not able to set up a secure session with a domain controller in domain NEXUS_NT_1 due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain. Source: DnsApi EventID: 111666 Level: Warning Info: The system failed to register host (A or AAAA) resource records (RRs) for network adapter with settings: Adapter Name : {5A74E56A-09B2-470B-9E42-44391E20437B} Host Name : NXSSRVIISCSD02 Primary Domain Suffix : nexussa.cl DNS server list : 200.10.XXX.XXX, 200.10.XXX.XXX Sent update to server : 200.10.XXX.XXX:53 IP Address(es) : 2002:c80a:860::c80a:860, 2002:c8c8:c8c2::c8c8:c8c2 The reason the system could not register these RRs was because of a security related problem. The cause of this could be (a) your computer does not have permissions to register and update the specific DNS domain name set for this adapter, or (b) there might have been a problem negotiating valid credentials with the DNS server during the processing of the update request. You can manually retry DNS registration of the network adapter and its settings by typing "ipconfig /registerdns" at the command prompt. If problems still persist, contact your DNS server or network systems administrator. See event details for specific error code information. Please help for resolved this issue. Thanks

Hi, Its a DNS name resolution issue. Make sure that client is configured to point the correct DNS server and the domain controller can be contacted using its FQDN. Please post the unedited ipconfig /all from both the machines to proceed further. Regards, Rafic If you found this post helpful, please give it a "Helpful" vote. If it answered your question, remember to mark it as an "Answer". This posting is provided "AS IS" with no warranties and confers no rights! Always test ANY suggestion in a test environment before implementing!

Cross post ! Windows 2008 R2 - DNS Problem http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/39f94ca0-f163-41e6-a157-be7b6afe8f04 In your earlier thread, you have mentioned following The problem came when they added a new card in server. The nic princial "Team 01" is 2.0 Gbps Additionally there is another nic: "xxx" which is 100 Mbps When I add the new card, began to appear the error messages. The affected server is in production and the impact should be minimal, so I must be 100% which is the solution to make. It appears that, the server in question is a DC and you have multihomed it. Multihoming DCs are not recommended. Why ? here is an excerpt from this thread Technically speaking, multihomed domain controller is supported. However its not recommended as numerous issues can occur in such an environment, such as name resolving (DNS, WINS). Though some general configuration change can be performed to avoid the issues that result from the multihomed domain controller, considering the different network environments (default gateway, route table and reason for multihome) and different application usage, you may need to perform some additional operation and troubleshooting to make it work. If it is possible, we strongly suggest that you do not configure domain controller as multihomed. Here I listed the following known issues of multihomed domain controller for your reference: - Browsing Service is much affected by multihomed computers. Because the browser service does not merge networks. Each browser service bound to each interface operates independently, and the DC maintains a "separate" cumulative list on each interface that are not merged. Symptoms of multihomed browsers http://support.microsoft.com/default.aspx?scid=kb;EN-US;191611 Troubleshooting browser Event ID 8021 and 8032 on master browsers http://support.microsoft.com/kb/135404 - Influence on the name resolve. Active Directory communication fails on multihomed domain controllers http://support.microsoft.com/kb/272294 Name resolution and connectivity issues occur on Windows 2000 domain controllers that have the Routing and Remote Access service and DNS installed http://support.microsoft.com/kb/830063 Delay in NetBIOS connections from a multi-homed computer http://support.microsoft.com/kb/166159 I do not represent the organisation I work for, all the opinions expressed here are my own. This posting is provided "AS IS" with no warranties or guarantees and confers no rights. - .... .- -. -.- ... --..-- ... .- -. - --- ... ....

Cross post ! Windows 2008 R2 - DNS Problem http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/39f94ca0-f163-41e6-a157-be7b6afe8f04 In your earlier thread, you have mentioned following The problem came when they added a new card in server. The nic princial "Team 01" is 2.0 Gbps Additionally there is another nic: "xxx" which is 100 Mbps When I add the new card, began to appear the error messages. The affected server is in production and the impact should be minimal, so I must be 100% which is the solution to make. It appears that, the server in question is a DC and you have multihomed it. Multihoming DCs are not recommended. Why ? here is an excerpt from this thread Technically speaking, multihomed domain controller is supported. However its not recommended as numerous issues can occur in such an environment, such as name resolving (DNS, WINS). Though some general configuration change can be performed to avoid the issues that result from the multihomed domain controller, considering the different network environments (default gateway, route table and reason for multihome) and different application usage, you may need to perform some additional operation and troubleshooting to make it work. If it is possible, we strongly suggest that you do not configure domain controller as multihomed. Here I listed the following known issues of multihomed domain controller for your reference: - Browsing Service is much affected by multihomed computers. Because the browser service does not merge networks. Each browser service bound to each interface operates independently, and the DC maintains a "separate" cumulative list on each interface that are not merged. Symptoms of multihomed browsers http://support.microsoft.com/default.aspx?scid=kb;EN-US;191611 Troubleshooting browser Event ID 8021 and 8032 on master browsers http://support.microsoft.com/kb/135404 - Influence on the name resolve. Active Directory communication fails on multihomed domain controllers http://support.microsoft.com/kb/272294 Name resolution and connectivity issues occur on Windows 2000 domain controllers that have the Routing and Remote Access service and DNS installed http://support.microsoft.com/kb/830063 Delay in NetBIOS connections from a multi-homed computer http://support.microsoft.com/kb/166159 I do not represent the organisation I work for, all the opinions expressed here are my own. This posting is provided "AS IS" with no warranties or guarantees and confers no rights. - .... .- -. -.- ... --..-- ... .- -. - --- ... .... yeah, is the same post. But the server it is not a DC and the errors in the event viewer began the add new card ethernet. The server is a IIS aplication and the second card it used for external clients so the second card is not configured DNS Thanks for you help!!

Cross post ! Windows 2008 R2 - DNS Problem http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/39f94ca0-f163-41e6-a157-be7b6afe8f04 In your earlier thread, you have mentioned following The problem came when they added a new card in server. The nic princial "Team 01" is 2.0 Gbps Additionally there is another nic: "xxx" which is 100 Mbps When I add the new card, began to appear the error messages. The affected server is in production and the impact should be minimal, so I must be 100% which is the solution to make. It appears that, the server in question is a DC and you have multihomed it. Multihoming DCs are not recommended. Why ? here is an excerpt from this thread Technically speaking, multihomed domain controller is supported. However its not recommended as numerous issues can occur in such an environment, such as name resolving (DNS, WINS). Though some general configuration change can be performed to avoid the issues that result from the multihomed domain controller, considering the different network environments (default gateway, route table and reason for multihome) and different application usage, you may need to perform some additional operation and troubleshooting to make it work. If it is possible, we strongly suggest that you do not configure domain controller as multihomed. Here I listed the following known issues of multihomed domain controller for your reference: - Browsing Service is much affected by multihomed computers. Because the browser service does not merge networks. Each browser service bound to each interface operates independently, and the DC maintains a "separate" cumulative list on each interface that are not merged. Symptoms of multihomed browsers http://support.microsoft.com/default.aspx?scid=kb;EN-US;191611 Troubleshooting browser Event ID 8021 and 8032 on master browsers http://support.microsoft.com/kb/135404 - Influence on the name resolve. Active Directory communication fails on multihomed domain controllers http://support.microsoft.com/kb/272294 Name resolution and connectivity issues occur on Windows 2000 domain controllers that have the Routing and Remote Access service and DNS installed http://support.microsoft.com/kb/830063 Delay in NetBIOS connections from a multi-homed computer http://support.microsoft.com/kb/166159 I do not represent the organisation I work for, all the opinions expressed here are my own. This posting is provided "AS IS" with no warranties or guarantees and confers no rights. - .... .- -. -.- ... --..-- ... .- -. - --- ... .... yeah, is the same post. But the server it is not a DC and the errors in the event viewer began the add new card ethernet. The server is a IIS aplication and the second card it used for external clients so the second card is not configured DNS Thanks for you help!! Oops ! I overlooked server host name CSD02 and misread that as DC02. Really sorry for the confusion !I do not represent the organisation I work for, all the opinions expressed here are my own. This posting is provided "AS IS" with no warranties or guarantees and confers no rights. - .... .- -. -.- ... --..-- ... .- -. - --- ... ....

What is the message you see when you run nslookup from cmd ? Is power saving enabled on the NIC's? Check for latest NIC driver as well.I do not represent the organisation I work for, all the opinions expressed here are my own. This posting is provided "AS IS" with no warranties or guarantees and confers no rights. - .... .- -. -.- ... --..-- ... .- -. - --- ... ....

What is the message you see when you run nslookup from cmd ? Is power saving enabled on the NIC's? Check for latest NIC driver as well.I do not represent the organisation I work for, all the opinions expressed here are my own. This posting is provided "AS IS" with no warranties or guarantees and confers no rights. - .... .- -. -.- ... --..-- ... .- -. - --- ... ....

Can you also post ipconfig /all from DCs ?Don't be a prick ! Be reasonable and provide your feedback. Say something whether the suggestion was helpful or not, mark a reply as answer or click on to vote helpful if any suggestion really helps you, don't leave that choice to moderators, let the credit go to a contributor who has invested his precious time on your questions. Please be informed that, moderators are also humans and they also make mistakes ;-) Last but not the least, Unmark as answer if any post doesn't answer your question/s !!!

Hi, I would like to confirm what is the current situation? If there is anything that I can do for you, please do not hesitate to let me know, and I will be happy to help. Regards, Arthur Li TechNet Subscriber Support If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.Arthur Li TechNet Community Support