Kerberos Error in Windows 2000 System Event Log

[aclarke_31]

  Quote

Event Type: Error

Event Source: Kerberos

Event Category: None

Event ID: 594

Date: 01/08/2007

Time: 11:00:21

User: N/A

Computer: SERVER_NAME

Description:

A Kerberos Error Message was received:

on logon session InitializeSecurityContext

Client Time:

Server Time:

Error Code: 10:0:21.0000 8/1/2007 (null) 0x7

Extended Error: KDC_ERR_S_PRINCIPAL_UNKNOWN

Client Realm:

Client Name:

Server Realm: LOCAL_DOMAIN

Server Name: krbtgt/LOCAL_DOMAIN

Target Name: HOST/*IPADDRESS*@LOCAL_DOMAIN

Error Text:

File:

Line:

Error Data is in record data.

Does anyone think they can be able to lend a hand.

This is a Kerberos Error on a Windows 2000 Domain Controller running Active Directory. If I try to associate the problem with the AD, the user "krbtgt" is disabled in the AD. Should this user be enabled in order for the system to work correctly and thus resolve this issue?

[aclarke_31]

Right, come on guys. Someone must be able to help me with this?

[+BudMan MVC]

*************

http://support.microsoft.com/kb/230476

0x7 (KRB_ERR_S_PRINCIPAL_UNKNOWN) "Server not found in Kerberos database"

The KDC could not translate the server principal name from the KDC request into an account in the Active Directory. Generally, verifying whether the server account exists and has propagated to the domain controller that generated the error. Checking Active Directory replication may provides an indication of why the error occurred. Also if the server is not at least Windows 2000, there will not be any service principal names registered because that server is not capable of authenticating with Kerberos. In this case, this error can be ignored because the client will then switch to NTLM for authentication.

http://support.microsoft.com/kb/247008

KRBTGT User Account Cannot Be Enabled in Active Directory

After you run the DCPromo utility to install the Active Directory on a domain controller running Microsoft Windows 2000 Server, the KRBTGT user account is disabled by default. When you try to enable it in the Active Directory Users and Computers Microsoft Management Console (MMC) snap-in, you cannot do so.

http://www.microsoft.com/technet/security/...g/w2kscgcd.mspx

krbtgt

Key distribution service center account. Windows 2000 Kerberos authentication is achieved by the use of tickets enciphered with a symmetric key derived from the password of the server or service to which access is requested. To request such a session ticket, a special ticket, called the Ticket Granting Ticket (TGT) must be presented to the Kerberos service itself. The TGT is enciphered with a key derived from the password of the krbtgt account, which is known only by the Kerberos service.

This account is disabled on Domain Controllers by default.

Requirement:

Unlike other user accounts, the krbtgt account cannot be used to log on to the domain and in fact, cannot be enabled

*********

Some actual details of what is happening, or not happening is required to help... You have given us nothing a but a random event error to work off of.. What is not working?

[aclarke_31]

Basically I get slow logon's period ranging anywhere from 5 minutes to 30 minutes.

I've been trying to track it down, bu the only thing I can think of is this Kerberos error that is appearing in our Main Domain Controller.

Not entirely sure what's going on, but I thought it may have something to do with the user in the Active Directory not being able to log on to the Domain Controller to try and issue a Kerberos Ticket. I have another Error as well that might help. I'll post it up in a little while (Need to track it down)

[+BudMan MVC]

A vast majority of time slow logins are related to dns.. Your clients ONLY point to the AD dns?? Or do you have them pointing elsewhere? Clients in AD should ONLY point to AD dns!

I would suggest you run dcdiag to start with..

The /test:dns would be a good starting place ;)

An verify that clients all point only to your AD server running dns, most of the time this is your DC.

An from that error "The KDC could not translate the server principal name from the KDC request into an account in the Active Directory." I would assume you have some issue with name resolution..

[aclarke_31]

Well after checking the DNS setup on our clients, the systems all point to two valid DNS servers which are internal to the domain and working without any problems. We have one that runs on 192.***.***.8 and 192.***.***.7. 192.***.***.7 is the main Domain Controller and the backup DNS server is 192.***.***.8.

I did a dcdiag /test:dns on both server, this passed without flaw. It might have something to do with name resolution, but I wouldn't know where to start looking to try and identify this. Is there any chance you could point me in the right direction please Budman?

Many thanks :)

[+BudMan MVC]

How many of these errors are you getting? And you snipped this??

Target Name: HOST/*IPADDRESS*@LOCAL_DOMAIN

Or does the error actually state that?? Could you post the data of the error messsages as well.. And do not snip names an or IPs please..

" Error Data is in record data."

there is NOTHING I could do with a 192.168 address.. An some host name on Local_domain is not going to tell me anything about where your located, etc. But the actual info will be helpful in trying to fix your problem!

Please do not snip out info.. Unless its your public IP, or a FQDN that is resolvable on the net - there is nothing I can learn from it that could threaten you in anyway.. Or if the name states what company you work for, etc..

edit: Here is good place to start

http://www.microsoft.com/technet/prodtechn...y/tkerbdel.mspx

Troubleshooting Kerberos Delegation

[aclarke_31]

Sorry for the snipping but its got to be done. The server name is associated with the name of the company I work for and I'm not 100% about the realm from the internet so to be on the safe side I've blanked that too >.<

I'm sorry I'm being fussy Budman but I obviously don't want to divulge information that can used to compromise our systems.

I've done a notepad shot so you get a completed idea of the error. Please see the attached GIF's

PS: I've only snipped the stuff in yellow

[+BudMan MVC]

Well read the article I linked too.. Yes it would seem have some issue with kerberos.. I assume the reason your getting these is you turned on kerberos logging?

"Server not found in Kerberos database"

the host entry points to an IP.. do you not have a reverse setup? Did you snipped out the host name with its IP? How do you have the DNS setup on your DCs? Do they point to themselves?

http://support.microsoft.com/default.aspx?...Ben-us%3B291382

Question: What are the common mistakes that are made when administrators set up DNS on network that contains a single Windows 2000 or Windows Server 2003 domain controller?

Answer: The most common mistakes are:

? The domain controller is not pointing to itself for DNS resolution on all network interfaces.

You stated there were no errors on the /test:dns did you run the full tests? Also here is another article.. this is the one I meant to link too.

http://www.microsoft.com/technet/prodtechn...y/tkerberr.mspx

Troubleshooting Kerberos Errors

If an SPN is not set for a service, then clients will have no way of locating that service. Thus, common results of not setting an SPN are KDC_ERR_C_PRINCIPAL_UNKNOWN or KDC_ERR_S_PRINCIPAL_UNKNOWN errorsThese two errors usually indicate that an SPN has not been set correctlyb>. Furthermore, there are many other errors for which the cause might be a missing or incorrectly set SPN. Kerberoauthentication is not possible without properly set SPNs.b>

If your having to fall back to NTLM, then yeah it could take a while to log in.

You can verify what spn's are setup with the setspn -L computername

[aclarke_31]

The silly thing is that I do have a reverse DNS setup on this Server. There may be a naming problem with one of the servers. If a check the DNS security settings on the record for the server that's producing these messages, the security is resolving to the correct server, but the name for that server is incorrect. I'm not sure where its pulling this name from, but it would useful to know where it coming from.

DC DNS do point to themselves. The clients point to the Main DC DNS and the Backup DC DNS, then the DC DNS point out to external DNS hosted by the ISP (I think)

I'm going to give the web links you've giving me a GOOD read and see if I can find out whats going wrong.

I'll post back when I have some more info.

Thanks :)

PS: After checking the DNS settings against the interfaces, one query I do have. Because we have a backup DNS Server, in the interface settings for the server thats showing the Kerberos problem, do we need to register the Backup DNS as well as the Main DNS?

At the moment the Main DC DNS is pointing to itself, and the Backup DNS is pointing to itself, but they both aren't pointing to each other.

Hope that clarifies.

Cheers :)

PSS: After checking the setspn -L computername command, the server reports "ldap_search_s failed: No Such Object"

Edited August 8, 2007 by aclarke_31

[aclarke_31]

I am assuming the the error message "ldap_search_s failed: No Such Object" means there are no SPN's set up on the Domain Controller hence the "KDC_ERR_S_PRINCIPAL_UNKNOWN" errors. If this is the case, I then assume its a simple factor of registering new SPN's on the Domain Controller to fix the problem we are having.

Can you please confirm for me Budman?

Cheers again :)

[+BudMan MVC]

where did you do the setspn -L computername on? The DC? or some client? an what computer name did you use, the DCs name? Where did you get the copy of setspn from? A search for that error shows up a thread where a guy was getting the same error - an it was do to a mismatch in his copy of setspn or somethinig.

yeah that would not be right - getting that error.. you should get lots of nice info ;)

Here is a snipped up version of my output.. You should get something like this;

C:\>setspn -L dchostname

Registered ServicePrincipalNames for CN=dchostname,OU=DC1,OU=Domain Controllers,DC=locationsubdomain,DC=domain,DC=net:

NPComponentManager/dchostname.locationsubdomain.domain.net

ldap/dchostname.locationsubdomain.domain.net/ForestDnsZones.domain.net

ldap/dchostname.locationsubdomain.domain.net/DomainDnsZones.locationsubdomain.domain.net

DNS/dchostname.locationsubdomain.domain.net

HOST/dchostname.locationsubdomain.domain.net/locationsubdomain

HOST/dchostname.locationsubdomain.domain.net/locationsubdomain.domain.net

GC/dchostname.locationsubdomain.domain.net/domain.net

ldap/ca214ffa-7337-4211-9b10-0e25fc925d73._msdcs.domain.net

ldap/dchostname.locationsubdomain.domain.net/locationsubdomain

ldap/dchostname

ldap/dchostname.locationsubdomain.domain.net

ldap/dchostname.locationsubdomain.domain.net/locationsubdomain.domain.net

NtFrs-88f5d2bd-b646-11d2-a6d3-00c04fc9b232/dchostname.locationsubdomain.domain.net

E3514235-4B06-11D1-AB04-00C04FC2DCD2/ca214ffa-7337-4211-9b10-0e25fc925d73/locationsubdomain.domain.net

HOST/dchostname.locationsubdomain.domain.net

HOST/dchostname

Well to be honest, pointing the DC as each other is not really a requirement.. But lots of location do it that way..

Ya lost me on this;

"the security is resolving to the correct server, but the name for that server is incorrect."

The name is incorrect? yeah you might want to look it where its getting that name from.. Are you running wins? Do you have lmhost files? Does your reverse dns for the IP point to only the correct forward? etc..

[aclarke_31]

I tried the "setspn -l dchostname" where dchostname equals the name of the domain controller of the problem. The error I get is "ldap_search_s failed: No Such Object". I even tried the FQDN and got an error message of "Object not found in the Directory"

DNS Query - I'll need to consider changing the DNS setup so they point at each other, just to be on the safe side

Don't worry about Query 3.

Yes I am running a WINS server. WINS is also setup on the domain controller I'm having the problem with. I'll check the LMHOSTS file but I'm fairly certain there won't be a problem there.

NOTE: Checked the LMHOSTS file. Everything was remmed out, so there's no problems there >.>

Can you assist with problem 1 please Budman? ^_^

Thanks

[+BudMan MVC]

An where did you get this copy of setspn? If you search on that specific error;

ldap_search_s failed: No Such Object

You find this thread.

--

http://groups.google.com/group/microsoft.p...2003-03%3F&

When I run

setspn -L computername

from a WinXP machine I get a list of service principals. However, on 3

different networks I have tried the same thing from Win2K machines and all I

get is

ldap_search_s failed: No such object.

then goes on to say;

I found the answer to my question. The version of setspn.exe that comes

with the Win2K Resource Professional kit must have a bug. When the version

that comes with WinXP Support tools is copied over to a Win2K machine, it

works fine.

--

So where did you run this command from? Was it a 2k machine, XP.. I want to make sure your getting valid results an not some bug like this thread points out.. When I get to work I will see if I can duplicate the error from a 2k server with the resource kit, etc.. But when I run the command its on my XP workstation, or the DC directly which is 2k3.

Be happy to help you track this sucker down - but lets verify that your not just seeing a bug in a version of setspn that your using.

Also -- can we clarify what exactly is your problem number 1?

[aclarke_31]

Sounds like a bug in the version I'm using as I would of installed from the Win 2k Resource Kit.

I'll download the 2k3 setspn file and try again. I'm about to home for the day so I'll check this tomorrow and re-post report for you :)

BTW: All servers here are Windows 2k, bar 1 server that's Win 2k3, but is not classed as a DC.

Speak tomorrow. Cheers B

[aclarke_31]

  Quote

C:\XP Support Tools>setspn -l dchostname

Registered ServicePrincipalNames for CN=dchostname,OU=Domain Controllers,DC=domain,DC=net:

MSSQLSvc/dchostname.domain.net:1433

DNS/dchostname.domain.net

HOST/dchostname.domain.net/locationsubdomain

HOST/dchostname.domain.net/domain.net

GC/dchostname.domain.net/domain.net

LDAP/9e4e0571-4d94-494e-97cc-2fb6f9c76818._msdcs.domain.net

LDAP/dchostname.domain.net/locationsubdomain

LDAP/dchostname

LDAP/dchostname.domain.net

LDAP/dchostname.domain.net/locationsubdomain

E3514235-4B06-11D1-AB04-00C04FC2DCD2/9e4e0571-4d94-494e-97cc-2fb6f9c76818/domain.net

NtFrs-88f5d2bd-b646-11d2-a6d3-00c04fc9b232/dchostname.domain.net

SMTPSVC/dchostname.domain.net

HOST/dchostname.domain.net

HOST/dchostname

SMTPSVC/dchostname

C:\XP Support Tools>

I did run this from a workstation. If I need to run this from a server to be sure, let me know.

Cheers

[+BudMan MVC]

Well that all looks good, your running MSSQL, SMTP, etc.. I see. On your DC really?

Anyway.. I do not believe that error is related to your problem then.. I would suggest look more to the client(s) that are having issues to track this down.

You can turn on netlogon debuging.. which will give you all kinds of good details of what could be hanging up the login process.. For example - had some issues with a remote location not applying GPs.. They were across a VPN that was blocking large ICMP packets, which xp uses to test for a fast or slow link.. Long story short this was causing a failure in the test an prevented gp from being applied..

http://support.microsoft.com/kb/109626

Enabling debug logging for the Net Logon service

If you feel your having issues with kerberos auth, an failing back to NTLM - which could cause a slow login for sure.. You could check this at a client level as well.

Use the link I already provided

http://www.microsoft.com/technet/prodtechn...y/tkerberr.mspx

Troubleshooting Kerberos Errors

What errors if any are you seeing at the clients that take long to log in? Enable the net logon debug an post anything you have questions on.

[aclarke_31]

  Quote

08/10 16:31:56 [CRITICAL] Error in reading mailslot message from browser. WinStatus = 3

08/10 16:31:56 [MISC] Eventlog: 5703 (2) 3 00000003 ....

08/10 16:31:56 [CRITICAL] Error writing this event in the eventlog, Status = 1717

08/10 16:31:57 [CRITICAL] Error in reading mailslot message from browser. WinStatus = 3

08/10 16:31:57 [MISC] Eventlog: 5703 (2) 3 00000003 ....

08/10 16:31:57 [CRITICAL] Error writing this event in the eventlog, Status = 1717

08/10 16:32:10 [CRITICAL] Error in reading mailslot message from browser. WinStatus = 3

08/10 16:32:10 [MISC] Eventlog: 5703 (2) 3 00000003 ....

08/10 16:32:10 [CRITICAL] Error writing this event in the eventlog, Status = 1717

08/10 16:32:11 [CRITICAL] Error in reading mailslot message from browser. WinStatus = 3

08/10 16:32:11 [MISC] Eventlog: 5703 (2) 3 00000003 ....

08/10 16:32:11 [CRITICAL] Error writing this event in the eventlog, Status = 1717

This message when logging off. Assistance please.

  Quote

08/10 16:35:32 [CRITICAL] NetpDcGetNameIp: (BACKUPDNS)dchostname.domain.net: No data returned from DnsQuery.

08/10 16:35:32 [CRITICAL] NetpDcGetName: (BACKUPDNS)dchostname.domain.net: IP and Netbios are both done.

This message when logging on. Assistance please.

Where I've put "(BACKUPDNS)" this is the name of the backup DNS Server we have on our site. Can you confirm the errors and find what they are please Budman?

Thank you :)

PS: This was on the client end, not on the server end. Thanks

[+BudMan MVC]

is that the WHOLE log?? Can you please post the WHOLE proccess - so I can figure out where your at in the proccess..

But off the top..

NetpDcGetNameIp: (BACKUPDNS)dchostname.domain.net: No data returned from DnsQuery

That does not seem good.. An points to DNS.. which is what I said is 99% of the time the reason for slow logins.

If I am reading that right?? It asked your dchostname.domain.net about backupdns -- and did not get anything back..

But I really need to see the whole log to make heads or tails of it.. Fell free to change names to dchostname, backupdns, etc.. Just don't remove info, etc.

We will get to the bottom of this yet ;)

mailslot is when the client is trying to find the DC with netbios vs dns.. Hmmm do you have wins running?? Does your Domain have a correct 1C record for it??

Here this is how DNS works in AD

http://technet2.microsoft.com/windowsserve...3.mspx?mfr=true

How DNS Support for Active Directory Works

• If the name of the logon domain is a NetBIOS name, the computer must send a mailslot message to find a domain controller for the specified domain.

It sure seems like you have some type of name resolution issue going on.. An ALL your clients have this issue, only some?

edit2: you had mentioned before you were getting a different name back for something.. You got something wrong in DNS or Wins, etc..

Edited August 10, 2007 by BudMan

[aclarke_31]

You want the whole log, you can't handle the whole log ;) lol

Here we go :p

  Quote

08/10 16:29:54 [iNIT] Group Policy is not defined for Netlogon

08/10 16:29:54 [iNIT] Following are the effective values after parsing

08/10 16:29:54 [iNIT] Sysvol = C:\WINDOWS\SYSVOL\SYSVOL

08/10 16:29:54 [iNIT] Scripts = (null)

08/10 16:29:54 [iNIT] SiteName (0) = Default-First-Site-Name

08/10 16:29:54 [iNIT] RpcDacl = (null)

08/10 16:29:54 [iNIT] Pulse = 300 (0x12c)

08/10 16:29:54 [iNIT] Randomize = 1 (0x1)

08/10 16:29:54 [iNIT] PulseMaximum = 7200 (0x1c20)

08/10 16:29:54 [iNIT] PulseConcurrency = 10 (0xa)

08/10 16:29:54 [iNIT] PulseTimeout1 = 10 (0xa)

08/10 16:29:54 [iNIT] PulseTimeout2 = 300 (0x12c)

08/10 16:29:54 [iNIT] MaximumMailslotMessages = 500 (0x1f4)

08/10 16:29:54 [iNIT] MailslotMessageTimeout = 10 (0xa)

08/10 16:29:54 [iNIT] MailslotDuplicateTimeout = 2 (0x2)

08/10 16:29:54 [iNIT] ExpectedDialupDelay = 0 (0x0)

08/10 16:29:54 [iNIT] ScavengeInterval = 900 (0x384)

08/10 16:29:54 [iNIT] MaximumPasswordAge = 30 (0x1e)

08/10 16:29:54 [iNIT] LdapSrvPriority = 0 (0x0)

08/10 16:29:54 [iNIT] LdapSrvWeight = 100 (0x64)

08/10 16:29:54 [iNIT] LdapSrvPort = 389 (0x185)

08/10 16:29:54 [iNIT] LdapGcSrvPort = 3268 (0xcc4)

08/10 16:29:54 [iNIT] KdcSrvPort = 88 (0x58)

08/10 16:29:54 [iNIT] KerbIsDoneWithJoinDomainEntry = 0 (0x0)

08/10 16:29:54 [iNIT] DnsTtl = 600 (0x258)

08/10 16:29:54 [iNIT] DnsRefreshInterval = 86400 (0x15180)

08/10 16:29:54 [iNIT] CloseSiteTimeout = 900 (0x384)

08/10 16:29:54 [iNIT] SiteNameTimeout = 300 (0x12c)

08/10 16:29:54 [iNIT] DuplicateEventlogTimeout = 14400 (0x3840)

08/10 16:29:54 [iNIT] MaxConcurrentApi = 0 (0x0)

08/10 16:29:54 [iNIT] NegativeCachePeriod = 45 (0x2d)

08/10 16:29:54 [iNIT] BackgroundRetryInitialPeriod = 600 (0x258)

08/10 16:29:54 [iNIT] BackgroundRetryMaximumPeriod = 3600 (0xe10)

08/10 16:29:54 [iNIT] BackgroundRetryQuitTime = 0 (0x0)

08/10 16:29:54 [iNIT] BackgroundSuccessfulRefreshPeriod = 4294967295 (0xffffffff)

08/10 16:29:54 [iNIT] NonBackgroundSuccessfulRefreshPeriod = 1800 (0x708)

08/10 16:29:54 [iNIT] DnsFailedDeregisterTimeout = 172800 (0x2a300)

08/10 16:29:54 [iNIT] MaxLdapServersPinged = 55 (0x37)

08/10 16:29:54 [iNIT] DBFlag = 545325055 (0x2080ffff)

08/10 16:29:54 [iNIT] MaximumLogFileSize = 20000000 (0x1312d00)

08/10 16:29:54 [iNIT] RefusePasswordChange = FALSE

08/10 16:29:54 [iNIT] AllowReplInNonMixed = FALSE

08/10 16:29:54 [iNIT] AvoidSamRepl = TRUE

08/10 16:29:54 [iNIT] AvoidLsaRepl = TRUE

08/10 16:29:54 [iNIT] SignSecureChannel = TRUE

08/10 16:29:54 [iNIT] SealSecureChannel = TRUE

08/10 16:29:54 [iNIT] RequireSignOrSeal = TRUE

08/10 16:29:54 [iNIT] RequireStrongKey = FALSE

08/10 16:29:54 [iNIT] SysVolReady = TRUE

08/10 16:29:54 [iNIT] UseDynamicDns = TRUE

08/10 16:29:54 [iNIT] RegisterDnsARecords = TRUE

08/10 16:29:54 [iNIT] AvoidPdcOnWan = FALSE

08/10 16:29:54 [iNIT] AutoSiteCoverage = TRUE

08/10 16:29:54 [iNIT] AvoidDnsDeregOnShutdown = TRUE

08/10 16:29:54 [iNIT] DnsUpdateOnAllAdapters = FALSE

08/10 16:29:54 [iNIT] Nt4Emulator = FALSE

08/10 16:29:54 [iNIT] DisablePasswordChange = FALSE

08/10 16:29:54 [iNIT] NeutralizeNt4Emulator = FALSE

08/10 16:29:54 [iNIT] AllowSingleLabelDnsDomain = FALSE

08/10 16:29:54 [iNIT] Command line parsed successfully ...

08/10 16:29:54 [sITE] Setting site name to 'Default-First-Site-Name'

08/10 16:29:54 [sESSION] \Device\NetBT_Tcpip_{2E4D606B-4EED-4BF2-9432-B2E7DCC356FC}: Transport Added (192.2.2.86)

08/10 16:29:54 [sESSION] Winsock Addrs: 192.2.2.86 (1)

08/10 16:29:54 [DNS] Set DnsForestName to: domain.net

08/10 16:29:54 [DOMAIN] LocalDomain: Adding new domain

08/10 16:29:54 [DOMAIN] Setting our computer name to machinename machinename.domain.net

08/10 16:29:54 [DOMAIN] Setting Netbios domain name to LocalDomain

08/10 16:29:54 [DOMAIN] Setting DNS domain name to domain.net.

08/10 16:29:54 [DOMAIN] Setting Domain GUID to a1cd66e9-aa03-4e51-9929-cd42b117aff1

08/10 16:29:54 [CRITICAL] C:\WINDOWS\system32\config\netlogon.ftj: Unable to open. 2

08/10 16:29:54 [iNIT] Getting cached trusted domain list from binary file.

08/10 16:29:54 [LOGON] NlSetForestTrustList: New trusted domain list:

08/10 16:29:54 [LOGON] 0: LocalDomain domain.net (NT 5) (Forest Tree Root) (Primary Domain) (Native)

08/10 16:29:54 [LOGON] Dom Guid: a1cd66e9-aa03-4e51-9929-cd42b117aff1

08/10 16:29:54 [LOGON] Dom Sid: S-1-5-21-1229272821-1757981266-682003330

08/10 16:29:54 [iNIT] Starting RPC server.

08/10 16:29:54 [sESSION] LocalDomain: NlSessionSetup: Try Session setup

08/10 16:29:54 [sESSION] LocalDomain: NlDiscoverDc: Start Synchronous Discovery

08/10 16:29:54 [MISC] NetpDcGetName: domain.net. using cached information

08/10 16:29:54 [sESSION] LocalDomain: NlDiscoverDc: Found DC \\dchostname.domain.net

08/10 16:29:54 [MISC] NlpInitializeTrace succeeded 0

08/10 16:29:54 [sESSION] LocalDomain: NlSetStatusClientSession: Set connection status to 0

08/10 16:29:54 [DOMAIN] Setting LSA NetbiosDomain: LocalDomain DnsDomain: domain.net. DnsTree: domain.net. DomainGuid:a1cd66e9-aa03-4e51-9929-cd42b117aff1

08/10 16:29:54 [LOGON] NlSetForestTrustList: New trusted domain list:

08/10 16:29:54 [LOGON] 0: LocalDomain domain.net (NT 5) (Forest Tree Root) (Primary Domain) (Native)

08/10 16:29:54 [LOGON] Dom Guid: a1cd66e9-aa03-4e51-9929-cd42b117aff1

08/10 16:29:54 [LOGON] Dom Sid: S-1-5-21-1229272821-1757981266-682003330

08/10 16:29:54 [sESSION] LocalDomain: NlSetStatusClientSession: Set connection status to 0

08/10 16:29:54 [sESSION] LocalDomain: NlSessionSetup: negotiated 6007ffff flags rather than 600fffff

08/10 16:29:54 [sESSION] LocalDomain: NlSessionSetup: Session setup Succeeded

08/10 16:29:54 [iNIT] Started successfully

08/10 16:29:54 [iNIT] Group Policy is not defined for Netlogon

08/10 16:29:54 [iNIT] Following are the effective values after parsing

08/10 16:29:54 [MISC] NlWksScavenger: Can be called again in 21 days (0x6f51473f)

08/10 16:31:55 [sESSION] \Device\NetBT_Tcpip_{2E4D606B-4EED-4BF2-9432-B2E7DCC356FC}: Transport Removed

08/10 16:31:56 [CRITICAL] Error in reading mailslot message from browser. WinStatus = 3

08/10 16:31:56 [MISC] Eventlog: 5703 (2) 3 00000003 ....

08/10 16:31:56 [CRITICAL] Error writing this event in the eventlog, Status = 1717

08/10 16:31:57 [CRITICAL] Error in reading mailslot message from browser. WinStatus = 3

08/10 16:31:57 [MISC] Eventlog: 5703 (2) 3 00000003 ....

08/10 16:31:57 [CRITICAL] Error writing this event in the eventlog, Status = 1717

08/10 16:32:10 [CRITICAL] Error in reading mailslot message from browser. WinStatus = 3

08/10 16:32:10 [MISC] Eventlog: 5703 (2) 3 00000003 ....

08/10 16:32:10 [CRITICAL] Error writing this event in the eventlog, Status = 1717

08/10 16:32:11 [CRITICAL] Error in reading mailslot message from browser. WinStatus = 3

08/10 16:32:11 [MISC] Eventlog: 5703 (2) 3 00000003 ....

08/10 16:32:11 [CRITICAL] Error writing this event in the eventlog, Status = 1717

08/10 16:33:13 [iNIT] Group Policy is not defined for Netlogon

08/10 16:33:14 [iNIT] Following are the effective values after parsing

08/10 16:33:14 [iNIT] Sysvol = C:\WINDOWS\SYSVOL\SYSVOL

08/10 16:33:14 [iNIT] Scripts = (null)

08/10 16:33:14 [iNIT] SiteName (0) = Default-First-Site-Name

08/10 16:33:14 [iNIT] RpcDacl = (null)

08/10 16:33:14 [iNIT] Pulse = 300 (0x12c)

08/10 16:33:14 [iNIT] Randomize = 1 (0x1)

08/10 16:33:14 [iNIT] PulseMaximum = 7200 (0x1c20)

08/10 16:33:14 [iNIT] PulseConcurrency = 10 (0xa)

08/10 16:33:14 [iNIT] PulseTimeout1 = 10 (0xa)

08/10 16:33:14 [iNIT] PulseTimeout2 = 300 (0x12c)

08/10 16:33:14 [iNIT] MaximumMailslotMessages = 500 (0x1f4)

08/10 16:33:14 [iNIT] MailslotMessageTimeout = 10 (0xa)

08/10 16:33:14 [iNIT] MailslotDuplicateTimeout = 2 (0x2)

08/10 16:33:14 [iNIT] ExpectedDialupDelay = 0 (0x0)

08/10 16:33:14 [iNIT] ScavengeInterval = 900 (0x384)

08/10 16:33:14 [iNIT] MaximumPasswordAge = 30 (0x1e)

08/10 16:33:14 [iNIT] LdapSrvPriority = 0 (0x0)

08/10 16:33:14 [iNIT] LdapSrvWeight = 100 (0x64)

08/10 16:33:14 [iNIT] LdapSrvPort = 389 (0x185)

08/10 16:33:14 [iNIT] LdapGcSrvPort = 3268 (0xcc4)

08/10 16:33:14 [iNIT] KdcSrvPort = 88 (0x58)

08/10 16:33:14 [iNIT] KerbIsDoneWithJoinDomainEntry = 0 (0x0)

08/10 16:33:14 [iNIT] DnsTtl = 600 (0x258)

08/10 16:33:14 [iNIT] DnsRefreshInterval = 86400 (0x15180)

08/10 16:33:14 [iNIT] CloseSiteTimeout = 900 (0x384)

08/10 16:33:14 [iNIT] SiteNameTimeout = 300 (0x12c)

08/10 16:33:14 [iNIT] DuplicateEventlogTimeout = 14400 (0x3840)

08/10 16:33:14 [iNIT] MaxConcurrentApi = 0 (0x0)

08/10 16:33:14 [iNIT] NegativeCachePeriod = 45 (0x2d)

08/10 16:33:14 [iNIT] BackgroundRetryInitialPeriod = 600 (0x258)

08/10 16:33:14 [iNIT] BackgroundRetryMaximumPeriod = 3600 (0xe10)

08/10 16:33:14 [iNIT] BackgroundRetryQuitTime = 0 (0x0)

08/10 16:33:14 [iNIT] BackgroundSuccessfulRefreshPeriod = 4294967295 (0xffffffff)

08/10 16:33:14 [iNIT] NonBackgroundSuccessfulRefreshPeriod = 1800 (0x708)

08/10 16:33:14 [iNIT] DnsFailedDeregisterTimeout = 172800 (0x2a300)

08/10 16:33:14 [iNIT] MaxLdapServersPinged = 55 (0x37)

08/10 16:33:14 [iNIT] DBFlag = 545325055 (0x2080ffff)

08/10 16:33:14 [iNIT] MaximumLogFileSize = 20000000 (0x1312d00)

08/10 16:33:14 [iNIT] RefusePasswordChange = FALSE

08/10 16:33:14 [iNIT] AllowReplInNonMixed = FALSE

08/10 16:33:14 [iNIT] AvoidSamRepl = TRUE

08/10 16:33:14 [iNIT] AvoidLsaRepl = TRUE

08/10 16:33:14 [iNIT] SignSecureChannel = TRUE

08/10 16:33:14 [iNIT] SealSecureChannel = TRUE

08/10 16:33:14 [iNIT] RequireSignOrSeal = TRUE

08/10 16:33:14 [iNIT] RequireStrongKey = FALSE

08/10 16:33:14 [iNIT] SysVolReady = TRUE

08/10 16:33:14 [iNIT] UseDynamicDns = TRUE

08/10 16:33:14 [iNIT] RegisterDnsARecords = TRUE

08/10 16:33:14 [iNIT] AvoidPdcOnWan = FALSE

08/10 16:33:14 [iNIT] AutoSiteCoverage = TRUE

08/10 16:33:14 [iNIT] AvoidDnsDeregOnShutdown = TRUE

08/10 16:33:14 [iNIT] DnsUpdateOnAllAdapters = FALSE

08/10 16:33:14 [iNIT] Nt4Emulator = FALSE

08/10 16:33:14 [iNIT] DisablePasswordChange = FALSE

08/10 16:33:14 [iNIT] NeutralizeNt4Emulator = FALSE

08/10 16:33:14 [iNIT] AllowSingleLabelDnsDomain = FALSE

08/10 16:33:14 [iNIT] Command line parsed successfully ...

08/10 16:33:14 [iNIT] Netlogon.dll has been unloaded (recover from it).

08/10 16:33:14 [sITE] Setting site name to 'Default-First-Site-Name'

08/10 16:33:14 [sESSION] \Device\NetBT_Tcpip_{2E4D606B-4EED-4BF2-9432-B2E7DCC356FC}: Transport Added (192.2.2.86)

08/10 16:33:14 [sESSION] Winsock Addrs: 192.2.2.86 (1)

08/10 16:33:14 [DNS] Set DnsForestName to: domain.net

08/10 16:33:14 [DOMAIN] LocalDomain: Adding new domain

08/10 16:33:14 [DOMAIN] Setting our computer name to machinename machinename.domain.net

08/10 16:33:14 [DOMAIN] Setting Netbios domain name to LocalDomain

08/10 16:33:14 [DOMAIN] Setting DNS domain name to domain.net.

08/10 16:33:14 [DOMAIN] Setting Domain GUID to a1cd66e9-aa03-4e51-9929-cd42b117aff1

08/10 16:33:14 [CRITICAL] C:\WINDOWS\system32\config\netlogon.ftj: Unable to open. 2

08/10 16:33:14 [iNIT] Getting cached trusted domain list from binary file.

08/10 16:33:14 [MISC] NlpInitializeTrace succeeded 0

08/10 16:33:14 [LOGON] NlSetForestTrustList: New trusted domain list:

08/10 16:33:14 [LOGON] 0: LocalDomain domain.net (NT 5) (Forest Tree Root) (Primary Domain) (Native)

08/10 16:33:14 [LOGON] Dom Guid: a1cd66e9-aa03-4e51-9929-cd42b117aff1

08/10 16:33:14 [LOGON] Dom Sid: S-1-5-21-1229272821-1757981266-682003330

08/10 16:33:14 [iNIT] Starting RPC server.

08/10 16:33:14 [MISC] DsGetDcName function called: Dom:(null) Acct:(null) Flags: DS

08/10 16:33:14 [sESSION] LocalDomain: NlSessionSetup: Try Session setup

08/10 16:33:14 [sESSION] LocalDomain: NlDiscoverDc: Start Synchronous Discovery

08/10 16:33:14 [MAILSLOT] NetpDcPingListIp: domain.net.: Sent UDP ping to 192.2.2.8

08/10 16:33:14 [sESSION] LocalDomain: NlDiscoverDc: Found DC \\dchostname.domain.net

08/10 16:33:14 [sESSION] LocalDomain: NlSetStatusClientSession: Set connection status to 0

08/10 16:33:14 [DOMAIN] Setting LSA NetbiosDomain: LocalDomain DnsDomain: domain.net. DnsTree: domain.net. DomainGuid:a1cd66e9-aa03-4e51-9929-cd42b117aff1

08/10 16:33:14 [LOGON] NlSetForestTrustList: New trusted domain list:

08/10 16:33:14 [LOGON] 0: LocalDomain domain.net (NT 5) (Forest Tree Root) (Primary Domain) (Native)

08/10 16:33:14 [LOGON] Dom Guid: a1cd66e9-aa03-4e51-9929-cd42b117aff1

08/10 16:33:14 [LOGON] Dom Sid: S-1-5-21-1229272821-1757981266-682003330

08/10 16:33:14 [sESSION] LocalDomain: NlSetStatusClientSession: Set connection status to 0

08/10 16:33:14 [sESSION] LocalDomain: NlSessionSetup: negotiated 6007ffff flags rather than 600fffff

08/10 16:33:14 [sESSION] LocalDomain: NlSessionSetup: Session setup Succeeded

08/10 16:33:14 [iNIT] Started successfully

08/10 16:33:14 [iNIT] Group Policy is not defined for Netlogon

08/10 16:33:14 [iNIT] Following are the effective values after parsing

08/10 16:33:14 [MISC] NlWksScavenger: Can be called again in 21 days (0x6fb2efaa)

08/10 16:33:15 [MAILSLOT] NetpDcPingListIp: domain.net.: Sent UDP ping to 192.2.2.8

08/10 16:33:15 [MISC] DsGetDcName function returns 0: Dom:(null) Acct:(null) Flags: DS

08/10 16:33:16 [MISC] DsGetDcName function called: Dom:domain.net Acct:(null) Flags: IP KDC

08/10 16:33:16 [MISC] NetpDcGetName: domain.net using cached information

08/10 16:33:16 [MISC] DsGetDcName function returns 0: Dom:domain.net Acct:(null) Flags: IP KDC

08/10 16:33:16 [MISC] DsGetDcName function called: Dom:LocalDomain Acct:(null) Flags: DS BACKGROUND NETBIOS RET_DNS

08/10 16:33:16 [MISC] NetpDcGetName: domain.net. using cached information

08/10 16:33:16 [MISC] DsGetDcName function returns 0: Dom:LocalDomain Acct:(null) Flags: DS BACKGROUND NETBIOS RET_DNS

08/10 16:33:17 [sESSION] I_NetLogonGetAuthData: (null) domain.net

08/10 16:33:18 [sESSION] NetrLogonGetTimeServiceParentDomain: domain.net. is the parent domain. (PdcSameSite: 1)

08/10 16:33:19 [sITE] DsrGetSiteName: Returning site name 'Default-First-Site-Name' from local cache.

08/10 16:33:19 [MISC] DsGetDcName function called: Dom:(null) Acct:(null) Flags: IP TIMESERV AVOIDSELF BACKGROUND

08/10 16:33:19 [MISC] NetpDcGetName: domain.net. using cached information

08/10 16:33:19 [MISC] DsGetDcName function returns 0: Dom:(null) Acct:(null) Flags: IP TIMESERV AVOIDSELF BACKGROUND

08/10 16:33:19 [sITE] DsrGetSiteName: Returning site name 'Default-First-Site-Name' from local cache.

08/10 16:33:19 [MISC] DsGetDcName function called: Dom:(null) Acct:(null) Flags: IP TIMESERV AVOIDSELF BACKGROUND

08/10 16:33:19 [MISC] NetpDcGetName: domain.net. using cached information

08/10 16:33:19 [MISC] DsGetDcName function returns 0: Dom:(null) Acct:(null) Flags: IP TIMESERV AVOIDSELF BACKGROUND

08/10 16:33:21 [MISC] DsGetDcName function called: Dom:LocalDomain Acct:(null) Flags: DS NETBIOS RET_DNS

08/10 16:33:21 [MISC] NetpDcGetName: domain.net. using cached information

08/10 16:33:21 [MISC] DsGetDcName function returns 0: Dom:LocalDomain Acct:(null) Flags: DS NETBIOS RET_DNS

08/10 16:33:21 [sITE] DsrGetSiteName: Returning site name 'Default-First-Site-Name' from local cache.

08/10 16:33:21 [LOGON] SamLogon: Generic logon of domain.net\(null) from (null) Package:Kerberos Entered

08/10 16:33:21 [LOGON] SamLogon: Generic logon of domain.net\(null) from (null) Package:Kerberos Returns 0x0

08/10 16:33:21 [MISC] DsGetDcName function called: Dom:domain.net Acct:(null) Flags: DS DNS RET_DNS

08/10 16:33:21 [MISC] NetpDcGetName: domain.net using cached information

08/10 16:33:21 [MISC] DsGetDcName function returns 0: Dom:domain.net Acct:(null) Flags: DS DNS RET_DNS

08/10 16:33:21 [MISC] DsGetDcName function called: Dom:(null) Acct:(null) Flags: DS

08/10 16:33:21 [MISC] NetpDcGetName: domain.net. using cached information

08/10 16:33:21 [MISC] DsGetDcName function returns 0: Dom:(null) Acct:(null) Flags: DS

08/10 16:33:21 [MISC] DsGetDcName function called: Dom:domain.net Acct:(null) Flags: DS DNS RET_DNS

08/10 16:33:21 [MISC] NetpDcGetName: domain.net using cached information

08/10 16:33:21 [MISC] DsGetDcName function returns 0: Dom:domain.net Acct:(null) Flags: DS DNS RET_DNS

08/10 16:33:21 [LOGON] SamLogon: Generic logon of domain.net\(null) from (null) Package:Kerberos Entered

08/10 16:33:21 [LOGON] SamLogon: Generic logon of domain.net\(null) from (null) Package:Kerberos Returns 0x0

08/10 16:33:28 [MISC] DsrEnumerateDomainTrusts: Called, Flags = 0x3

08/10 16:33:28 [MISC] DsrEnumerateDomainTrusts: returns: 0

08/10 16:33:31 [MISC] DsGetDcName function called: Dom:LocalDomain Acct:(null) Flags: IP KDC

08/10 16:33:31 [MISC] NetpDcGetName: domain.net. using cached information

08/10 16:33:31 [MISC] DsGetDcName function returns 0: Dom:LocalDomain Acct:(null) Flags: IP KDC

08/10 16:33:31 [MISC] DsrEnumerateDomainTrusts: Called, Flags = 0x9

08/10 16:33:31 [MISC] DsrEnumerateDomainTrusts: returns: 0

08/10 16:33:32 [MISC] DsGetDcName function called: Dom:LocalDomain Acct:(null) Flags:

08/10 16:33:32 [MISC] NetpDcGetName: domain.net. using cached information

08/10 16:33:32 [MISC] DsGetDcName function returns 0: Dom:LocalDomain Acct:(null) Flags:

08/10 16:33:32 [MISC] DsrEnumerateDomainTrusts: Called, Flags = 0x3

08/10 16:33:32 [MISC] DsrEnumerateDomainTrusts: returns: 0

08/10 16:33:32 [MISC] DsGetDcName function called: Dom:LocalDomain Acct:(null) Flags:

08/10 16:33:32 [MISC] NetpDcGetName: domain.net. using cached information

08/10 16:33:32 [MISC] DsGetDcName function returns 0: Dom:LocalDomain Acct:(null) Flags:

08/10 16:33:32 [MISC] DsrEnumerateDomainTrusts: Called, Flags = 0x1

08/10 16:33:32 [MISC] DsrEnumerateDomainTrusts: returns: 0

08/10 16:34:23 [MISC] DsGetDcName function called: Dom:(null) Acct:(null) Flags: BACKGROUND RET_DNS

08/10 16:34:23 [MISC] NetpDcGetName: domain.net. using cached information

08/10 16:34:23 [MISC] DsGetDcName function returns 0: Dom:(null) Acct:(null) Flags: BACKGROUND RET_DNS

08/10 16:34:58 [MISC] DsGetDcName function called: Dom:LocalDomain Acct:(null) Flags: DS NETBIOS RET_DNS

08/10 16:34:58 [MISC] NetpDcGetName: domain.net. using cached information

08/10 16:34:58 [MISC] DsGetDcName function returns 0: Dom:LocalDomain Acct:(null) Flags: DS NETBIOS RET_DNS

08/10 16:34:58 [MISC] DsGetDcName function called: Dom:LocalDomain Acct:(null) Flags: DS NETBIOS RET_DNS

08/10 16:34:58 [MISC] NetpDcGetName: domain.net. using cached information

08/10 16:34:58 [MISC] DsGetDcName function returns 0: Dom:LocalDomain Acct:(null) Flags: DS NETBIOS RET_DNS

08/10 16:34:58 [MISC] DsrEnumerateDomainTrusts: Called, Flags = 0x1

08/10 16:34:58 [MISC] DsrEnumerateDomainTrusts: returns: 0

08/10 16:34:58 [sITE] DsrGetSiteName: Returning site name 'Default-First-Site-Name' from local cache.

08/10 16:34:58 [MISC] DsGetDcName function called: Dom:domain.net Acct:(null) Flags: DS DNS RET_DNS

08/10 16:34:58 [MISC] NetpDcGetName: domain.net using cached information

08/10 16:34:58 [MISC] DsGetDcName function returns 0: Dom:domain.net Acct:(null) Flags: DS DNS RET_DNS

08/10 16:34:58 [MISC] DsGetDcName function called: Dom:(null) Acct:(null) Flags: DS

08/10 16:34:58 [MISC] NetpDcGetName: domain.net. using cached information

08/10 16:34:58 [MISC] DsGetDcName function returns 0: Dom:(null) Acct:(null) Flags: DS

08/10 16:34:58 [MISC] DsGetDcName function called: Dom:domain.net Acct:(null) Flags: DS DNS RET_DNS

08/10 16:34:58 [MISC] NetpDcGetName: domain.net using cached information

08/10 16:34:58 [MISC] DsGetDcName function returns 0: Dom:domain.net Acct:(null) Flags: DS DNS RET_DNS

08/10 16:35:02 [MISC] DsrEnumerateDomainTrusts: Called, Flags = 0x1

08/10 16:35:02 [MISC] DsrEnumerateDomainTrusts: returns: 0

08/10 16:35:23 [MISC] DsGetDcName function called: Dom:(null) Acct:(null) Flags: DSP

08/10 16:35:23 [MISC] NetpDcGetName: domain.net. using cached information

08/10 16:35:23 [MISC] DsGetDcName function returns 0: Dom:(null) Acct:(null) Flags: DSP

08/10 16:35:31 [MISC] DsGetDcName function called: Dom:(null) Acct:(null) Flags: DSP

08/10 16:35:31 [MISC] NetpDcGetName: domain.net. using cached information

08/10 16:35:31 [MISC] DsGetDcName function returns 0: Dom:(null) Acct:(null) Flags: DSP

08/10 16:35:31 [MISC] DsGetDcName function called: Dom:domain.net Acct:(null) Flags: DS RET_DNS

08/10 16:35:31 [MISC] NetpDcGetName: domain.net using cached information

08/10 16:35:31 [MISC] DsGetDcName function returns 0: Dom:domain.net Acct:(null) Flags: DS RET_DNS

08/10 16:35:32 [MISC] DsGetDcName function called: Dom:dchostname.domain.net Acct:(null) Flags: DS WRITABLE DNS RET_DNS

08/10 16:35:32 [CRITICAL] NetpDcGetNameIp: dchostname.domain.net: No data returned from DnsQuery.

08/10 16:35:32 [CRITICAL] NetpDcGetName: dchostname.domain.net: IP and Netbios are both done.

08/10 16:35:32 [MISC] DsGetDcName function returns 1355: Dom:dchostname.domain.net Acct:(null) Flags: DS WRITABLE DNS RET_DNS

08/10 16:35:32 [MISC] DsGetDcName function called: Dom:dchostname.domain.net Acct:(null) Flags: DS WRITABLE DNS RET_DNS

08/10 16:35:32 [MISC] NetpDcGetName: dchostname.domain.net similar query failed recently 203

08/10 16:35:32 [MISC] DsGetDcName function returns 1355: Dom:dchostname.domain.net Acct:(null) Flags: DS WRITABLE DNS RET_DNS

EDIT: And in to your answer of do we run WINS, the answer is yes :p (Sure I said before, maybe you didn't notice (No probs tho) ^_^ )

Edited August 13, 2007 by aclarke_31

[aclarke_31]

The slow login problem happened on my system this morning so I thought I would post up a new post with the information I've pulled from the event log.

I'll mark parts I'm concerned with,

  Quote

08/15 08:32:29 [MISC] DsrEnumerateDomainTrusts: Called, Flags = 0x3

08/15 08:32:29 [MAILSLOT] NetpDcPingListIp: domain.net.: Sent UDP ping to 192.2.2.7

08/15 08:32:29 [MISC] NlPingDcNameWithContext: Sent 1/1 ldap pings to dchostname.domain.net

08/15 08:32:29 [MISC] NlPingDcNameWithContext: dchostname.domain.net responded over IP.

08/15 08:32:29 [MISC] LocalDomain: DsrEnumerateDomainTrusts: Domain List collected from \\dchostname.domain.net

08/15 08:32:29 [DOMAIN] Setting LSA NetbiosDomain: LocalDomain DnsDomain: domain.net. DnsTree: domain.net. DomainGuid:a1cd66e9-aa03-4e51-9929-cd42b117aff1

08/15 08:32:29 [LOGON] NlSetForestTrustList: New trusted domain list:

08/15 08:32:29 [LOGON] 0: LocalDomain domain.net (NT 5) (Forest Tree Root) (Primary Domain) (Native)

08/15 08:32:29 [LOGON] Dom Guid: a1cd66e9-aa03-4e51-9929-cd42b117aff1

08/15 08:32:29 [LOGON] Dom Sid: S-1-5-21-1229272821-1757981266-682003330

08/15 08:32:29 [MISC] DsrEnumerateDomainTrusts: returns: 0

08/15 08:32:31 [MISC] DsGetDcName function called: Dom:LocalDomain Acct:(null) Flags: IP KDC

08/15 08:32:31 [MISC] NetpDcGetName: domain.net. cache is too old. 4476344

08/15 08:32:31 [MAILSLOT] NetpDcPingListIp: domain.net.: Sent UDP ping to 192.2.2.7

08/15 08:32:31 [MISC] NlPingDcNameWithContext: Sent 1/1 ldap pings to dchostname.domain.net

08/15 08:32:31 [MISC] NlPingDcNameWithContext: dchostname.domain.net responded over IP.

08/15 08:32:31 [MISC] NetpDcGetName: domain.net. using cached information

08/15 08:32:31 [MISC] DsGetDcName function returns 0: Dom:LocalDomain Acct:(null) Flags: IP KDC

08/15 08:32:31 [MISC] DsGetDcName function called: Dom:domain.net Acct:(null) Flags: IP KDC

08/15 08:32:31 [MISC] NetpDcGetName: domain.net using cached information

08/15 08:32:31 [MISC] DsGetDcName function returns 0: Dom:domain.net Acct:(null) Flags: IP KDC

08/15 08:32:31 [MISC] DsGetDcName function called: Dom:LocalDomain Acct:(null) Flags:

08/15 08:32:31 [MISC] NetpDcGetName: domain.net. cache is too old. 4476594

08/15 08:32:31 [MAILSLOT] NetpDcPingListIp: domain.net.: Sent UDP ping to 192.2.2.7

08/15 08:32:31 [MISC] NlPingDcNameWithContext: Sent 1/1 ldap pings to dchostname.domain.net

08/15 08:32:31 [MISC] DsrEnumerateDomainTrusts: Called, Flags = 0x1

08/15 08:32:31 [MISC] DsrEnumerateDomainTrusts: returns: 0

08/15 08:32:31 [MISC] NlPingDcNameWithContext: dchostname.domain.net responded over IP.

08/15 08:32:31 [MISC] NetpDcGetName: domain.net. using cached information

08/15 08:32:31 [MISC] DsGetDcName function returns 0: Dom:LocalDomain Acct:(null) Flags:

08/15 08:33:47 [MISC] NlWksScavenger: Can be called again in 17 days (0x57aa1670)

08/15 08:35:29 [sESSION] LocalDomain: NlTimeoutApiClientSession: Unbind from server \\dchostname.domain.net (TCP) 0.

08/15 08:38:08 [MISC] DsGetDcName function called: Dom:(null) Acct:(null) Flags: DS BACKGROUND

08/15 08:38:08 [MISC] NetpDcGetName: domain.net. using cached information

08/15 08:38:08 [MISC] DsGetDcName function returns 0: Dom:(null) Acct:(null) Flags: DS BACKGROUND

** See the time gap between these two records...... **

08/15 08:45:46 [MISC] DsGetDcName function called: Dom:LocalDomain Acct:(null) Flags: DS NETBIOS RET_DNS

08/15 08:45:46 [MISC] NetpDcGetName: domain.net. using cached information

08/15 08:45:46 [MISC] DsGetDcName function returns 0: Dom:LocalDomain Acct:(null) Flags: DS NETBIOS RET_DNS

08/15 08:45:46 [MISC] DsGetDcName function called: Dom:LocalDomain Acct:(null) Flags: DS NETBIOS RET_DNS

08/15 08:45:46 [MISC] NetpDcGetName: domain.net. using cached information

08/15 08:45:46 [MISC] DsGetDcName function returns 0: Dom:LocalDomain Acct:(null) Flags: DS NETBIOS RET_DNS

08/15 08:45:46 [MISC] DsrEnumerateDomainTrusts: Called, Flags = 0x1

08/15 08:45:46 [MISC] LocalDomain: DsrEnumerateDomainTrusts: Domain List collected from \\dchostname.domain.net

08/15 08:45:46 [DOMAIN] Setting LSA NetbiosDomain: LocalDomain DnsDomain: domain.net. DnsTree: domain.net. DomainGuid:a1cd66e9-aa03-4e51-9929-cd42b117aff1

08/15 08:45:46 [LOGON] NlSetForestTrustList: New trusted domain list:

08/15 08:45:46 [LOGON] 0: LocalDomain domain.net (NT 5) (Forest Tree Root) (Primary Domain) (Native)

08/15 08:45:46 [LOGON] Dom Guid: a1cd66e9-aa03-4e51-9929-cd42b117aff1

08/15 08:45:46 [LOGON] Dom Sid: S-1-5-21-1229272821-1757981266-682003330

08/15 08:45:46 [MISC] DsrEnumerateDomainTrusts: returns: 0

08/15 08:45:46 [sITE] DsrGetSiteName: Site name 'Default-First-Site-Name' is old. Getting a new one from DC.

08/15 08:45:46 [MAILSLOT] NetpDcPingListIp: domain.net.: Sent UDP ping to 192.2.2.7

08/15 08:45:46 [MISC] NlPingDcNameWithContext: Sent 1/1 ldap pings to dchostname.domain.net

08/15 08:45:47 [MISC] NlPingDcNameWithContext: dchostname.domain.net responded over IP.

08/15 08:45:47 [MISC] DsGetDcName function called: Dom:domain.net Acct:(null) Flags: DS DNS RET_DNS

Any help would be awsome :(

Thanks Budman

[+BudMan MVC]

? did remove a DC from the domain?

Also could we take a look at the userenv.log

Here is how you can get debugging set

http://support.microsoft.com/?id=221833

How to enable user environment debug logging in retail builds of Windows

[aclarke_31]

No DC's have been removed.

The userenv log is over 200kb.

Its way too big to be putting as normal text on Neowin.

The next time I experience the problem I'll post the file as an attachment on Neowin.

Until then we'll just have to hold fire :(

[+BudMan MVC]

Does anything catch your eye in the log??

[aclarke_31]

I had the same problem trying to login this morning so I'll post what I've got inside the userenv.log file now

  Quote

USERENV(288.f74) 16:16:19:930 PolicyChangedThread: UpdateUser failed with 0.

USERENV(288.28c) 17:29:59:554 UnLoadClassHive: failed to unload classes key with 13

USERENV(288.28c) 17:31:47:550 ReconcileFile: Unable to open temporary file

LOGGED ON THIS MORNING FROM HERE ONWARDS

USERENV(288.370) 08:36:00:194 PolicyChangedThread: UpdateUser failed with 0.