Vista Business Domain Trust Problem
Hi there,
I have a user running Vista Business SP1 who is having a terribly slow time logging on - it takes about 15 minutes. I have looked under the Event log and found the following:
Log Name: System
Source: DnsApi
Date: 26/06/2008 11:35:41 AM
Event ID: 11166
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer: Computer-name.domain.local
Description:
The system failed to register host (A or AAAA) resource records (RRs) for network adapter
with settings:
Adapter Name : {82AA8FFB-5F77-4EA2-928E-18C4ABCA5113}
Host Name : Computer-name
Primary Domain Suffix : domain.local
DNS server list : 192.168.1.131, 203.0.178.191
Sent update to server : 192.168.1.131:53
IP Address(es) : 192.168.1.113
The reason the system could not register these RRs was because of a security related problem. The cause of this could be (a) your computer does not have permissions to register and update the specific DNS domain name set for this adapter, or (b) there might have been a problem negotiating valid credentials with the DNS server during the processing of the update request.
You can manually retry DNS registration of the network adapter and its settings by typing "ipconfig /registerdns" at the command prompt. If problems still persist, contact your DNS server or network systems administrator. For specific error code, see the record data displayed below.
Log Name: System
Source: Microsoft-Windows-GroupPolicy
Date: 26/06/2008 11:36:03 AM
Event ID: 1129
Task Category: None
Level: Error
Keywords:
User: SYSTEM
Computer: Computer-name.domain.local
Description:
The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
Log Name: System
Source: NETLOGON
Date: 26/06/2008 11:36:10 AM
Event ID: 5719
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Computer-name.domain.local
Description:
This computer was not able to set up a secure session with a domain controller in domain ourdomain due to the following:
There are currently no logon servers available to service the logon request.
This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator.
ADDITIONAL INFO
If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
Log Name: System
Source: Microsoft-Windows-Time-Service
Date: 26/06/2008 11:36:10 AM
Event ID: 130
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer: Computer-name.domain.local
Description:
NtpClient was unable to set a domain peer to use as a time source because of failure in establishing a trust relationship between this computer and the ' ourdomain.local' domain in order to securely synchronize time. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: The trust relationship between this workstation and the primary domain failed. (0x800706FD)
Log Name: System
Source: NETLOGON
Date: 26/06/2008 11:36:17 AM
Event ID: 3210
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Computer-name.domain.local
Description:
This computer could not authenticate with \\ourdnsserver.domain.local, a Windows domain controller for domain ourdomain, and therefore this computer might deny logon requests. This inability to authenticate might be caused by another computer on the same network using the same name or the password for this computer account is not recognized. If this message appears again, contact your system administrator.
The first thing to do would be to leave the domain and rejoin but I really don't want to setup the profile again. Can anyone suggest any other options to get rid of these error messages and speed up logon times by re applying the domain trust?
June 26th, 2008 9:18am
Hi,
I would like to confirm whether you can logon the Windows Vista machine with domain account after waiting 15 minutes.
In addition, I suggest performing the resolution in the following KB and check the result:
A client connected to an Ethernet switch may receive several logon-related error messages during startup
http://support.microsoft.com/default.aspx?scid=kb;EN-US;202840
Hope it helps.
Free Windows Admin Tool Kit Click here and download it now
June 30th, 2008 12:14pm
I think you can also creat and link a GPO that cause logon to wait for network. this seems to be working for me.
June 17th, 2009 9:31pm