1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Problems with users logins to Windows 2003 Domain

Discussion in 'Windows Server' started by noobmoone, Jan 27, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. noobmoone

    noobmoone Thread Starter

    Joined:
    Dec 14, 2010
    Messages:
    13
    I have a problem when i try to log on from my pc to AD in the domain.
    When i boot the pc, and enter username, password and domain to which i want to log on, i need to wait 3-4 minutes, at Applying your personal settings... pop
    up. After that i can log on, but when i check logs on my pc, at Application logs i fount thise two logs:

    -----> LOG1
    Event Type: Error
    Event Source: Userenv
    Event Category: None
    Event ID: 1030
    Date: 1/27/2011
    Time: 10:05:29 AM
    User: DOMAIN\user1
    Computer: user1pc
    Description:
    Windows cannot query for the list of Group Policy objects.
    A message that describes the reason for this was previously logged by the policy engine.


    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    ----> LOG2
    Event Type: Error
    Event Source: Userenv
    Event Category: None
    Event ID: 1006
    Date: 1/27/2011
    Time: 10:05:29 AM
    User: DOMAIN\user1
    Computer: user1pc
    Description:
    Windows cannot bind to domain.com domain. (Local Error).
    Group Policy processing aborted.

    For more information,
    see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    I log off and log on back several times, and its the same situation, 3-4 minutes waiting at log on, and always this two logs.


    The DFS service is started at DC.
    -------------
    About sysvol:
    -------------
    I have the following path: c:\Windows\sysvol\sysvol\domain.com\

    For the File permisions:
    ********************
    C:\Windows\sysvol\

    Folder is not shared.

    Authenticated users and Server Operators have Read&Execute
    Administrators, Creator Owners and System have Full Control

    In the column Inherited From: they all have <not inherited>

    In the column Apply To:
    Creator Owner: Subfolders and Files only
    Others: This foler, subfolders and files

    Check box: Allow inheritable permissions from the parrent to propagate... is Unchecked
    Check box: Replace permmision enttries on all child objects... is unchecked

    ************************
    C:\Windows\sysvol\sysvol\

    Folder is shared.

    Administrators: Full control
    Authenticated users: Read & Execute, List Folder Contents, Read
    Creator Owner: Full control
    SYSTEM: Full control
    Server Operators: Read and Execute
    Everyone: Read & Execute
    Domain users: Read & Execute



    In the column Inherited from for Domain users and Everyone is <not inherited>
    For the rest is "inherited from C:\\Windows\sysvol\"

    In the column Apply to
    For Creator Owner: Subfolders and files only
    For Everyone: This folder only
    For all the rest: This folder, subfolders and files

    Check box: Allow inheritable permissions from the parrent to propagate... is Unchecked for all
    Check box: Replace permmision enttries on all child objects... is unchecked
    *********************************


    Any ideas, solutions?
     
  2. Rockn

    Rockn

    Joined:
    Jul 29, 2001
    Messages:
    21,334
    Is this computer a member of this domain?
     
  3. noobmoone

    noobmoone Thread Starter

    Joined:
    Dec 14, 2010
    Messages:
    13
    Yes it is a member of the Domain.

    When i try Start->Run-> gpupdate, the same logs appears.

    The same thing don't happen to the other pc's in the domain.

    I know it something about GPO's.

    I recently chance XP licence key on this pc.
    Maybe that's the problem????
     
  4. Rockn

    Rockn

    Joined:
    Jul 29, 2001
    Messages:
    21,334
    Delete the computer account from the domain and join the domain again. I am sure that license key is the issue.
     
  5. noobmoone

    noobmoone Thread Starter

    Joined:
    Dec 14, 2010
    Messages:
    13
    I reset the computer acount, then add the computer to the AD with the same user acount, but again it was generating the same logs.

    Then i tried pinging my pc from the DC and i couldn't.

    I forgot that i have Firewall client (which is ok), but also a Comodo Firewall on my pc. After uninstaling the comodo, and rebooting the pc, everything is working fine now. :)

    Thax a lot for the help
     
  6. Rockn

    Rockn

    Joined:
    Jul 29, 2001
    Messages:
    21,334
    Resetting the account is the last thing you want ot try.....for future reference.
     
  7. noobmoone

    noobmoone Thread Starter

    Joined:
    Dec 14, 2010
    Messages:
    13
    What's the risk in doing that.

    I've made that action several times in other machines when there is no other alternative.
    off course, i first try to do everything else i know to solve the problem ...
     
  8. Rockn

    Rockn

    Joined:
    Jul 29, 2001
    Messages:
    21,334
    Resetting the computer account on occaision will screw things up worse, especiallyif you do it when the computer has lost connection with the network.
     
  9. noobmoone

    noobmoone Thread Starter

    Joined:
    Dec 14, 2010
    Messages:
    13
    Could you be more tech specific.
    Like: It will screw this this and that.
    Above statements are all too general
     
  10. Rockn

    Rockn

    Joined:
    Jul 29, 2001
    Messages:
    21,334
    Can't be more specific than that. If the computer account for whatever reason becomes disconnected from the network and you reset the computer account it iwll cause the computer account to not be able to connect to the server and then you will sit an troubleshoot another problem you just created. Resetting the account creates a new security token between the computer and AD and if those tokens do not match it will never authenticate. It will reset the computer account whether or not the computer is physically connected to the network.....plain enough?
     
  11. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/977273

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice