Slow logins to domain, several event ID errors (group policy, netlogon, NTP errors)

We have a laptop user who was experiencing slow logons in a remote office.   (Remote office has 100 users, only 1 is reporting the issue). Helpdesk swapped computers to give the user brand new hardware.   The new laptop worked
fine while in the IT department in the main office, the user returned to their desk in their remote office after replacing the laptop and logged in and experienced the same slow logon issues as the older laptop.
Logons take up to 45 mins to process. (Login script hangs and does not process). During the process, you can check IPConfig and it received the proper DNS settings. you can ping the authenticating server by name. We have scanning
on our local copiers setup to scan to the users desktop, and this errors out. DNS on the AD controller shows the proper IP address for the machine and you can ping the machine by name.
System Event log is loaded with errors:
Event ID 5719 - Netlogon, computer not able to setup a secure session with a domain controller in the domain
Event ID 1129 - Group Policy, processing of Group Policy failed because of lack of network connectivity
Event ID 129 - Time Service, NTP Client was unable to set a domain peer to use as a time source
Event ID 5783 - NetLogon, The session setup to the WIndows NT or 2000 domain controller (xxx) for the domain is not responsive. RPC call cancelled.   (NOTE - you can ping this domain controller by name and by IP with no issues)
Event ID 130 - Time-Service, NTP client unable to set a domain peer
All these seem to point to RPC errors timing out because they cannot communicate to the network resources. The problem happens on wired or wireless connections. We had the user move to a different network connection (one we know is working for
another user) the problem persists.   The problem was on the original computer and continues to happen even after replacing the hardware with a brand new laptop.
I have tried running the following hotfix. Which does not resolve the issue:
http://support2.microsoft.com/kb/2459530 which technically this shouldn't be an issue because we use DHCP off the 2003 AD domain controller.
I have checked the domain controller, AD Replication is processing with no issues. DNS is working. The local DHCP server has no issues or events related to this account and neither does the local DNS server or the authenticating server (which
is in another remote office).

Hi,
As we know, most of the time error event 5719 is caused by network connectivity issues or name resolution issue, I suggest you refer to this link to make a further analysis
http://blogs.technet.com/b/instan/archive/2008/09/18/netlogon-5719-and-the-disappearing-domain.aspx
And this link:
Root Causes for Slow Boots and Logons
http://social.technet.microsoft.com/wiki/contents/articles/10130.root-causes-for-slow-boots-and-logons-sbsl.aspx
Yolanda Zhu
TechNet Community Support

Similar Messages

Extreme slow login on Server 2008 R2 TS at Group Policy Preferences - Printers

I see references to this problem everywhere, going back to 2010. However I'm not finding any real answers.
I have Group Policy Preferences installing printers to Terminal Server Users. I have one policy that applies to 4 terminal servers. One of them is a 2008 R2, the others are 2003 x64. Only for the 2008 R2 server, after all of the printers
show (in event viewer) as successfully loaded, there is a long hang. I have many printers applied to me, and that results in my load time being the longest of all at about 3 minutes. I am an administrator on the machine. Others have the exact
same problem, just a bit less pronounced depending on the number of printers.
The policy preference is set to UPDATE, so it's not loading the driver... again, the printer is already successfully applied.
I've tried setting UAC to "Never" on the server. No effect. I've played with the Point and Print policy at both computer and user level, finally just setting both to disabled, but prior to that setting them to Enabled with the "do
not show warning" on both settings. No effect (which makes sense since that is for non-admins and I am having this problem as an admin).
My logging pasted below shows this same thing in all cases.
Is there an answer to this that I am just not finding?
2013-12-06 09:11:44.133 [pid=0x388,tid=0xca0] Filters passed.
2013-12-06 09:11:44.133 [pid=0x388,tid=0xca0] Adding child elements to RSOP.
2013-12-06 09:11:44.133 [pid=0x388,tid=0xca0] Set user security context.
2013-12-06 09:11:44.289 [pid=0x388,tid=0xca0] Set system security context.
2013-12-06 09:14:13.873 [pid=0x388,tid=0xca0] Set user security context.
2013-12-06 09:14:13.909 [pid=0x388,tid=0xca0] Set system security context.
2013-12-06 09:14:13.909 [pid=0x388,tid=0xca0] Properties handled.
2013-12-06 09:14:13.909 [pid=0x388,tid=0xca0] RunOnce value created [SUCCEEDED(S_FALSE)]

Hi,
Based on your description, I want to confirm whether we have used Item-level Targeting of GPP for printer deploying.
GP Preferences settings that use Item- Level Targeting (ILT) are not inherently harmful. However, certain kinds of Item Level Targeting queries can
take more time to run.
Regarding this issue, the following article can be referred to for more information and the hotfix in the article can be downloaded to fix the issue.
You experience a long domain logon time in Windows Vista, Windows 7, Windows Server 2008 or Windows Server 2008 R2 after you deploy Group Policy preferences
to the computer
http://support.microsoft.com/kb/2561285/en-us
In addition, regarding group policy and logon impact, the following article can be referred to for more information.
Group Policy and Logon Impact
http://blogs.technet.com/b/grouppolicy/archive/2013/05/23/group-policy-and-logon-impact.aspx
Best regards,
Frank Shen

Event ID 1053 - Group Policy

Recently encountered this error, following some FRS issues with SYSVOL and our NETLOGON folders (event id 13508, if anyone's interested). These replication issues have been resolved, but there is an issue with clients applying group policies. The computer side
of the policy applies every time, no problem. The issue is to do with user policies.
If a user logs on to a machine they were using prior to our replication issues, they receive all the relevant policies and the machine is locked down, as expected. If they log on to a machine they've never logged on to before, they don't receive any user group
policy settings and the event viewer lists error 1053 (with the machine being wide open to their assault).
Event 1053: The processing of Group Policy failed. Windows could not resolve the user name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
Running a gpupdate /force doesn't apply these policies, only presenting this error...
The processing of group policy. Windows could not resolve the user name.
This could be caused by one of the following:
a) Name Resolution failure on the current domain controller - We're quite confident this isn't the problem.
b) Active Directory Replication Latency (An account created on another domain controller has no replicated to the current domain controller) - Checked this, all accounts have been replicated.
Upon producing a GPreport I receive this error:
Group Policy Infrastructure failed due to the error listed below.
The specified account does not exist.
Note: Due to the GP Core failure, none of the other Group Policy components processed their policy. Consequently, status information for the other components is not available.
Additional information may have been logged. Review the Policy Events tab in the console or the application event log for events between 13/11/2014 14:06:30 and 13/11/2014 14:06:32.
System
Provider
[ Name]
Microsoft-Windows-GroupPolicy
[ Guid]
{AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}
EventID
1053
Version
0
Level
2
Task
0
Opcode
1
Keywords
0x8000000000000000
TimeCreated
[ SystemTime]
2014-11-14T08:18:32.372783400Z
EventRecordID
59591
Correlation
[ ActivityID]
{C3B036F5-272A-42A7-8AB1-2C2C2DCA0448}
Execution
[ ProcessID]
1100
[ ThreadID]
3000
Channel
System
Computer
XX-XXXX-XX.XXXXXXX.local
Security
[ UserID]
S-1-5-21-4153847986-3925515210-898707684-6794
EventData
SupportInfo1
1
SupportInfo2
1632
ProcessingMode
1
ProcessingTimeInMilliseconds
1544
ErrorCode
1317
ErrorDescription
The specified account does not exist.
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-GroupPolicy" Guid="{AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}"
/>
<EventID>1053</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>1</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated
SystemTime="2014-11-14T08:18:32.372783400Z" />
<EventRecordID>59591</EventRecordID>
<Correlation
ActivityID="{C3B036F5-272A-42A7-8AB1-2C2C2DCA0448}" />
<Execution ProcessID="1100" ThreadID="3000" />
<Channel>System</Channel>
<Computer>XX-XXXX-XX.XXXXXXX.local</Computer>
<Security UserID="S-1-5-21-4153847986-3925515210-898707684-6794" />
</System>
<EventData>
<Data Name="SupportInfo1">1</Data>
<Data Name="SupportInfo2">1632</Data>
<Data Name="ProcessingMode">1</Data>
<Data Name="ProcessingTimeInMilliseconds">1544</Data>
<Data Name="ErrorCode">1317</Data>
<Data Name="ErrorDescription">The specified account does not exist.</Data>
</EventData>
</Event>
Any help would be much appreciated.
Thanks,
J.

Hi J,
Looks like this could be an access/permissons issue. Could you just confirm a couple of things though:
Use nslookup to
confirm you can resolve addresses of the domain controllers
Use ipconfig /all on a user PC to make sure you are hitting the correct DNS servers
Assuming this is all okay (which I'm sure it is), take a look at
this thread with a similar issue. In the end it was determined that several necessary ports were not open on the DC, which resulted in errors with group policy.
Have a read of that and let us know how you get on. Sorry I can't be of more help at the moment, it feels like this might be a "trial and error" problem!
Regards,
James Henderson
MTA: Windows Server Admin Essentials
MTA: Networking Fundamentals

Event ID 1058 Group Policy Preprocessing Error Code 3

You will see this in the event logs, the processing of group policy failed. It is trying to process a policy that doesn't exist. After reading http://technet.microsoft.c the
first resolution Error code 3 (The system cannot find the path specified) lead me to this --> http://support.microsoft.c
4. In the right details pane, double-click DisableDFS.
This entry doesn't exist but if I add it, it works. Problem is solved on machine 1.
Machine 2. This is a brand new Windows 7 setup to investigate this problem because it appears on a lot of the workstations and I have no idea why. Applying this fix did NOT solve the problem. I am a bit stuck. I have new GPs to roll out but they
won't apply with this error in place.
I can ping the logon server just fine and I can get to \\FQDN\sysvol as well. gpupdate /force shows the same error in the event log.

Hi,
Have you tried all steps in the link:
http://support.microsoft.com/kb/314494?
Verify you can read gpt.ini using the full network path, full network path to the gpt.ini as \\<dcName>\SYSVOL\<domain>\Policies\<guid>\gpt.ini where <dcName> is the name of the domain controller,
<domain> is the name of the domain, and <guid> is the GUID of the policy folder.
Please post the full event message for further analysis. In addition, we need to know that what policy did you set that could not be applied.
Regards,
Yan Li
Regards, Yan Li

Group Policy client Service Error - Access is denied

I am
at domain admin working on windows 7 roaming profiles, testing with a
staff user. I am in a domain environment. I have changed the
profile path for a user to the folder I created for new windows 7 roaming
profiles. gave it all the permissions noted here and followed these steps
at Microsoft's deploying roaming profiles page for win 7.<o:p></o:p>
once I logged in the user,
it created their profile.v2 but I still couldn't access it. getting
access denied. so I went back and changed the staff roaming profile back
to the original profile path. didn't make any group policy changes.
but now she gets group policy client service failed to logon. access is
denied. I have deleted the .v2 profile that win 7 creates in her old
profile path, moved her profile path back to what is was before testing,
retested her xp profile which does work and she can login and work.
but the win 7 machines no matter where she logs in, will not work. they
all give the same error about group policy client service failed. no
other users are having this problem

Hi,
Regarding the issue here, have you checked the below thread?
Group
Policy Client Service Failed the logon - Access Denied: Windows 7 Ultimate/Server 2008 R2
Please take a try with the steps mentioned by Nina Liu.
QUOTE here:
At this time, let’s refer to the following steps for troubleshooting:
1. Open registry editor on the problematic Windows 7 machine (please log in as domain admin)
2. Highlight HKEY_USERS, choose File -> Load Hive, browse to the location of one failing roaming profile and open NTUSER.DAT file, click open
3. Under Key Name, enter any name you like, but remember what you have entered, such as enter "test"
4. Expand, HKEY_USERS, you should see new registry hive called "test" or any name you entered earlier
5. Right click on that "test" hive and choose permissions. Confirm that the following users have permissions:
- Administrators: Full Control
- SYSTEM: Full Control
- User (or group) that owns this profile: Full Control
6. If the permissions were wrong, correct them, then click on Advanced tab, on Advanced tab and enable "Replace permission entries on all child objects with entries
shown here that apply to child objects" and click Apply.
7. Highlight "test" registry hive, then click on File -> Unload Hive to release handle on NTUSER.DAT file.
8. Log off and log on with the failing roaming profile you have just modified.
Any process, please feel free to contact us.
Best regards
Michael Shao
TechNet Community Support

How to set two DNS domain in one Remote VPN group policy

Hello experts
I am using ASA 8.2 to provide IPsec remote VPN for our staff. And in the group policy I set default domain name which is needed for our DNS server to resolve internal URLs. But the problem is now we have two domain names on our DNS server, and host names in two domains are differents. So if I setup one domain name in the group policy, URLs in the other domain cannot be resolved when using VPN. But ADSM seems doesn't allow me to setup two domain names for the attribute 'Default Domain'. What can I do?
Thanks a lot.

Come on Experts, please help. Any way to achieve that, or it's a mission impossible.

Slow login with Domain Mobile Account in 10.9.1

I've tried searching, although I may have missed something. I saw that this was possibly resolved in 10.7, but I'm having the issue with 10.9.1...so...but, if this has been solved and I did miss it when searching, please be gentle. =)
Got a new MBP for work and it's joined to the domain and set up with a mobile account. When I log in from home, I select my account so that FileVault can decrypt the drive, and after the inital spinning wheel, it sits for about 60 seconds before telling me:
"There was a problem connecting to the server "[server name]".
The server may not exist or it is unavailable at this time. Check the server name or IP address, check your network connection, and then try again."
Thoughts? Questions that I can try to answer?
Thanks in advance.

here's a picture of the message I get on login, if it helps.

Group Policy processing failure on 2008 when MIX Domain 2003 with DC 2008

Dear I try to add additional Windows 2008 Domain to My Domain controller 2003 and I ma Receiving Group policy error in DC 2008 With Event ID 1055
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provider Name="Microsoft-Windows-GroupPolicy" Guid="{AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}" />
<EventID>1055</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>1</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2014-03-06T14:36:44.411955300Z" />
<EventRecordID>3859</EventRecordID>
<Correlation ActivityID="{28DAD258-26D0-4C1E-A4B7-F37DEE04C8F1}" />
<Execution ProcessID="952" ThreadID="3276" />
<Channel>System</Channel>
<Computer>PRIMARYDC.Qtit.com</Computer>
<Security UserID="S-1-5-18" />
</System>
- <EventData>
<Data Name="SupportInfo1">1</Data>
<Data Name="SupportInfo2">1632</Data>
<Data Name="ProcessingMode">0</Data>
<Data Name="ProcessingTimeInMilliseconds">1578</Data>
<Data Name="ErrorCode">5</Data>
<Data Name="ErrorDescription">Access is denied.</Data>
</EventData>
</Event>
I install See KB939820 for a hotfix applicable to Microsoft DC 2003 regrading to he KRBTGT account
Refer Url : http://support.microsoft.com/kb/939820
I run dcdiag /v on and repadmin /showrepl at DC 2008
the dcdiag /v result
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine PRIMARYDC, is a Directory Server.
Home Server = PRIMARYDC
* Connecting to directory service on server PRIMARYDC.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=Qtit,DC=com,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=Qtit,DC=com,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=SECONDAD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=PRIMARYDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\PRIMARYDC
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
* Active Directory RPC Services Check
......................... PRIMARYDC passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\PRIMARYDC
Starting test: Advertising
The DC PRIMARYDC is advertising itself as a DC and having a DS.
The DC PRIMARYDC is advertising as an LDAP server
The DC PRIMARYDC is advertising as having a writeable directory
The DC PRIMARYDC is advertising as a Key Distribution Center
The DC PRIMARYDC is advertising as a time server
The DS PRIMARYDC is advertising as a GC.
......................... PRIMARYDC passed test Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
A warning event occurred. EventID: 0x800034C8
Time Generated: 03/06/2014 10:18:56
Event String:
The File Replication Service has detected an enabled disk write cache on the drive containing the directory c:\windows\ntfrs\jet on the computer PRIMARYDC. The File Replication Service might not recover when power to
the drive is interrupted and critical updates are lost.
A warning event occurred. EventID: 0x800034C8
Time Generated: 03/06/2014 10:53:21
Event String:
The File Replication Service has detected an enabled disk write cache on the drive containing the directory c:\windows\ntfrs\jet on the computer PRIMARYDC. The File Replication Service might not recover when power to
the drive is interrupted and critical updates are lost.
......................... PRIMARYDC passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
Skip the test because the server is running FRS.
......................... PRIMARYDC passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... PRIMARYDC passed test SysVolCheck
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... PRIMARYDC passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=SECONDAD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
Role Domain Owner = CN=NTDS Settings,CN=SECONDAD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
Role PDC Owner = CN=NTDS Settings,CN=SECONDAD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
Role Rid Owner = CN=NTDS Settings,CN=SECONDAD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
Role Infrastructure Update Owner = CN=NTDS Settings,CN=SECONDAD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
......................... PRIMARYDC passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC PRIMARYDC on DC PRIMARYDC.
* SPN found :LDAP/PRIMARYDC.Qtit.com/Qtit.com
* SPN found :LDAP/PRIMARYDC.Qtit.com
* SPN found :LDAP/PRIMARYDC
* SPN found :LDAP/PRIMARYDC.Qtit.com/QTIT
* SPN found :LDAP/e3d8c76c-1b59-4de6-9f7f-c438df9a2863._msdcs.Qtit.com
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/e3d8c76c-1b59-4de6-9f7f-c438df9a2863/Qtit.com
* SPN found :HOST/PRIMARYDC.Qtit.com/Qtit.com
* SPN found :HOST/PRIMARYDC.Qtit.com
* SPN found :HOST/PRIMARYDC
* SPN found :HOST/PRIMARYDC.Qtit.com/QTIT
* SPN found :GC/PRIMARYDC.Qtit.com/Qtit.com
......................... PRIMARYDC passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC PRIMARYDC.
The forest is not ready for RODC. Will skip checking ERODC ACEs.
* Security Permissions Check for
DC=ForestDnsZones,DC=Qtit,DC=com
(NDNC,Version 3)
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=Qtit,DC=com
* Security Permissions Check for
DC=DomainDnsZones,DC=Qtit,DC=com
(NDNC,Version 3)
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=Qtit,DC=com
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=Qtit,DC=com
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=Qtit,DC=com
(Configuration,Version 3)
* Security Permissions Check for
DC=Qtit,DC=com
(Domain,Version 3)
......................... PRIMARYDC failed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\PRIMARYDC\netlogon
Verified share \\PRIMARYDC\sysvol
......................... PRIMARYDC passed test NetLogons
Starting test: ObjectsReplicated
PRIMARYDC is in domain DC=Qtit,DC=com
Checking for CN=PRIMARYDC,OU=Domain Controllers,DC=Qtit,DC=com in domain DC=Qtit,DC=com on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=PRIMARYDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com in domain CN=Configuration,DC=Qtit,DC=com on 1 servers
Object is up-to-date on all servers.
......................... PRIMARYDC passed test ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=Qtit,DC=com
Latency information for 18 entries in the vector were ignored.
18 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=Qtit,DC=com
Latency information for 18 entries in the vector were ignored.
18 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration,DC=Qtit,DC=com
Latency information for 20 entries in the vector were ignored.
20 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=Qtit,DC=com
Latency information for 20 entries in the vector were ignored.
20 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=Qtit,DC=com
Latency information for 20 entries in the vector were ignored.
20 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
* Replication Site Latency Check
......................... PRIMARYDC passed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 14607 to 1073741823
* SecondAD.Qtit.com is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 14107 to 14606
* rIDPreviousAllocationPool is 14107 to 14606
* rIDNextRID: 14124
......................... PRIMARYDC passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... PRIMARYDC passed test Services
Starting test: SystemLog
* The System Event log test
A warning event occurred. EventID: 0x0000A001
Time Generated: 03/06/2014 16:04:05
Event String:
The Security System could not establish a secured connection with the server ldap/PRIMARYDC.Qtit.com/[email protected]. No authentication protocol was available.
An error event occurred. EventID: 0x0000041F
Time Generated: 03/06/2014 16:06:35
Event String:
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
An error event occurred. EventID: 0x0000041F
Time Generated: 03/06/2014 16:11:36
Event String:
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
An error event occurred. EventID: 0x0000041F
Time Generated: 03/06/2014 16:16:38
Event String:
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
An error event occurred. EventID: 0x0000041F
Time Generated: 03/06/2014 16:21:39
Event String:
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
An error event occurred. EventID: 0x0000041F
Time Generated: 03/06/2014 16:26:41
Event String:
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
An error event occurred. EventID: 0x00000457
Time Generated: 03/06/2014 16:30:46
Event String:
Driver TOSHIBA e-STUDIO16/20/25 PCL 6 required for printer TOSHIBA e-STUDIO16/20/25 PCL 6 is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 03/06/2014 16:30:48
Event String:
Driver Microsoft XPS Document Writer v4 required for printer Microsoft XPS Document Writer is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 03/06/2014 16:30:49
Event String:
Driver Send to Microsoft OneNote 15 Driver required for printer Send To OneNote 2013 is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 03/06/2014 16:31:14
Event String:
Driver Send to Microsoft OneNote 15 Driver required for printer Send To OneNote 2013 is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 03/06/2014 16:31:16
Event String:
Driver Microsoft XPS Document Writer v4 required for printer Microsoft XPS Document Writer is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 03/06/2014 16:31:16
Event String:
Driver WebEx Document Loader required for printer WebEx Document Loader is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x0000041F
Time Generated: 03/06/2014 16:31:42
Event String:
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
......................... PRIMARYDC failed test SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference)
CN=PRIMARYDC,OU=Domain Controllers,DC=Qtit,DC=com and backlink on
CN=PRIMARYDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
are correct.
The system object reference (serverReferenceBL)
CN=PRIMARYDC,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=Qtit,DC=com
and backlink on
CN=NTDS Settings,CN=PRIMARYDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
are correct.
The system object reference (frsComputerReferenceBL)
CN=PRIMARYDC,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=Qtit,DC=com
and backlink on CN=PRIMARYDC,OU=Domain Controllers,DC=Qtit,DC=com are
correct.
......................... PRIMARYDC passed test VerifyReferences
Test omitted by user request: VerifyReplicas
Test omitted by user request: DNS
Test omitted by user request: DNS
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : Qtit
Starting test: CheckSDRefDom
......................... Qtit passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Qtit passed test CrossRefValidation
Running enterprise tests on : Qtit.com
Test omitted by user request: DNS
Test omitted by user request: DNS
Starting test: LocatorCheck
GC Name: \\PRIMARYDC.Qtit.com
Locator Flags: 0xe00031fc
PDC Name: \\SecondAD.Qtit.com
Locator Flags: 0xe00001bd
Time Server Name: \\PRIMARYDC.Qtit.com
Locator Flags: 0xe00031fc
Preferred Time Server Name: \\PRIMARYDC.Qtit.com
Locator Flags: 0xe00031fc
KDC Name: \\PRIMARYDC.Qtit.com
Locator Flags: 0xe00031fc
......................... Qtit.com passed test LocatorCheck
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... Qtit.com passed test Intersite
repadmin /showrepl Result
******************************8
==== INBOUND NEIGHBORS ===================================
DC=Qtit,DC=com
Default-First-Site-Name\SECONDAD via RPC
DSA object GUID: c5ef6e17-77f0-43f6-8d39-5497c563f
Last attempt @ 2014-03-06 16:41:04 was successful.
CN=Configuration,DC=Qtit,DC=com
Default-First-Site-Name\SECONDAD via RPC
DSA object GUID: c5ef6e17-77f0-43f6-8d39-5497c563f
Last attempt @ 2014-03-06 16:41:39 was successful.
CN=Schema,CN=Configuration,DC=Qtit,DC=com
Default-First-Site-Name\SECONDAD via RPC
DSA object GUID: c5ef6e17-77f0-43f6-8d39-5497c563f
Last attempt @ 2014-03-06 15:53:01 was successful.
DC=DomainDnsZones,DC=Qtit,DC=com
Default-First-Site-Name\SECONDAD via RPC
DSA object GUID: c5ef6e17-77f0-43f6-8d39-5497c563f
Last attempt @ 2014-03-06 16:27:31 was successful.
DC=ForestDnsZones,DC=Qtit,DC=com
Default-First-Site-Name\SECONDAD via RPC
DSA object GUID: c5ef6e17-77f0-43f6-8d39-5497c563f
Last attempt @ 2014-03-06 15:53:01 was successful.
I try to down the DC 2003 and access \\Qtit.com it success open the syslog on DC 2008
Any help or advice

Hi,
Were there other error codes logged in Event Viewer?
Regarding Event ID 1055, the following article can be referred to for troubleshooting.
Event ID 1055 — Group Policy Preprocessing (Security)
http://technet.microsoft.com/en-us/library/cc727272(v=ws.10).aspx
Based on the report you posted, this issue may be related to FRS replication service. As a result, we can use ntfrsutl tool to check whether the replication service is healthy.
Regarding this point, the following articles can be referred to for more information.
Troubleshooting File Replication Service
http://technet.microsoft.com/en-us/library/bb727056.aspx
Ntfrsutl
http://technet.microsoft.com/en-us/library/hh875636.aspx
In addition, we can also try doing a non-authoritative Sysvol restore on Windows Server 2008 DC to see whether the issue persists.
Using the BurFlags registry key to reinitialize File Replication Service replica sets
http://support.microsoft.com/kb/290762/en-us
Hope it helps.
Best regards,
Frank Shen

Group policy error: Failed to open group policy object on this computer.

Hi all,
I received this message when i tried to look at the local group policy setting on one of my machines (Windows XP SP3), which is joined in my domain.
"Failed to open group policy object on this computer. You may not have appropriate rights.
Details:
Unspecified error."
note that I am local admin.
It's all started when I was troublshooting WSUS connectivity and i looked at the WinsdowsUpdate.log, the WSUS server was <Null> & WSUS status server <Null>, I tried to force the domain GP by using GPupdate /force, it went fine and asked to
log off, but nothing changed in the WindowsUpdate.log still <Null>. Then i tried to look at the local policy setting.
I searched the internet nothing related to my case.
Thanks in advance for advising.
Mohammed Adel

I guess reinstall windows is the solution, I also found one log "event id 1096", related to "registry.pol" it was corrupted.
Regards,
Mohammed Adel

To get some errors about group policy due to disabled an account

Hello
I have an active directory on windows 2012 datacenter. there is a domain on it. it works well.
Also there is a another AD on another location. there is another domain on it. also it works too.
there is a trust relationship between 2 domains.
I disabled an account on first AD server 4 days ago. and then my colleague who manages second AD, notified that started to recieve some errors from eventviewer and have an issue about their group policy.
the issue event as below;
The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller
(LDAP Bind function call failed). Look in the details tab for error code and description.
Event ID 1006
Event Source Group Policy
I think the concerning account was built on the second AD for a service. But we don't know how we can find the account on the second AD server in order to change it.
How can I fix the issue?
Thanks

Hi Yavuz,
>>But we don't know how we can find the account on the second AD server in order to change it.
What account did we disable? We can check the error code (displayed as a decimal) and error description fields of Event ID 1006 to see if more information can be found.
Regarding Event ID 1006, the following article can be referred to for more information.
Event ID 1006 — Group Policy Preprocessing (Active Directory)
https://technet.microsoft.com/en-us/library/cc727283(v=ws.10).aspx
Best regards,
Frank Shen
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

REIMS application Group policy error

Hi all,
We r getting the error 'Group policy processing aborted' in REIMS application event log on EDI server.Plz help me out if any one has any light on this.
Thanks in advance.
Sap Basis.

Hi，
As I go through the .xml logs, nothing special was detected.
Would you please let me the file server's hardware configuration and how is the server's performance?
Besides that, could you please ask user to try on another pc and check if the problem still occurs.
Then we may able to narrow down the scope for troubleshooting.
Thanks and regards,
Elaine
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

Cases in which Domain Group Policy settings would be reverted to default settings on a Win7 client

Hi - I'm sure this info is out there somewhere, but I'm having a hard time finding it. Basically, I'm trying to identify the cases in which settings deployed via Domain Group Policy on 2008R2/Win7SP1 would get reverted back to "default settings"
on a Win7SP1 client that is still a member of the domain, and is in a proper OU, properly targeted, WMI filters should still evaluate true, etc...
For instance, it appears that if machine-level registry settings contained within a LocalGPO file on a client get corrupted (C:\Windows\System32\GroupPolicy\Machine\registry.pol), all of those settings, plus all machine level administrative template settings
defined in Domain Group Policy, get reverted to default settings (corresponds with Event ID 1096 in System Event Log where it references "LocalGPO"). I have not confirmed if this is the case for machine level settings defined outside of administrative
templates in Domain Group Policy, or for any user level settings though. (But I suspect not.)
When a workstation is unable to talk to a Domain Controller in order to identify applicable Domain Group Policy settings (for instance, this issue:
http://support.microsoft.com/kb/2421599/en-us), do administrative templates Domain Group Policy settings revert to defaults up until the next successful processing interval? I don't believe
so, but would like confirmation.
Are there any other cases in which Domain Group Policy settings for a client still joined to the Domain would be reverted to defaults?
And when a client is unjoined from the Domain, what Domain Group Policy settings would remain on the client? I understand that some Domain Group Policy settings outside of administrative templates are "tattooed" to the registry. Does
anyone know of a full list of these settings? I believe that most or all of the ones in Windows Settings\Security Settings are tattooed, and the only way to get these settings removed is to explicitly change them via registry edit or LocalGPO/Local Security
Policy, after unjoining the domain.
Any info/insight/links to other doc/etc would be much appreciated!

Hi Shaun,
>>If a client cannot talk to a domain controller at all, admin template settings still stay in-place on the client, correct?
As far as I know, it's not this case. If a client can't communicate with domain controllers, it means that the GPOs applied to the client are out of scope. As suggested by
the article I provided, for native policy, "when a Group Policy object (GPO) goes out of scope, the policy setting is removed allowing the original configuration value to be used."
>>What if a client looses network connectivity while reading Domain GPO?
Group policy will be get updated when computers start up and users log on. Besides, for workstations, group policy will get refreshed at background with by default an interval
of 90 minutes. As long as workstations can restore network connectivity, the group policy settings will get updated.
>>Are there any other failure cases like this where some or all Group Policy settings (admin template or other areas) would get reverted?
There are many reasons which can cause GP malfunction. However, Windows itself provides necessary tools for troubleshooting various issues. When GP malfunctions, we can check
Event Viewer, collect group policy result, or generate group policy log to troubleshoot.
TechNet Subscriber Support
If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.
Best regards,
Frank Shen

Group Policy Printer Error (0x80070005 Access Denied)

I am trying the deploy two network printers via group policy using Server 2008 R2 SP1. I created the GPO and added the printers from our print server under computer configuration so that it will apply to the computers, not just the users. After a computer in
the correct OU Gpupdates I recieve the following error in it's application event log:
WARNING: GROUP POLICY PRINTERS
Group Policy object did not apply because it failed with error code 0x80070005 Access is Denied. This error was suppresed.
Any suggestions or thoughts are appreciated. I have been dealing with this error and trying the figure it out for awhile now.

Hi,
This issue mostly can be caused due to the incorrect permission settings.
Please try to perform the troubleshooting steps the following Microsoft TechNet blog provides.
Group Policies and Access Denied
http://blogs.technet.com/b/matthewms/archive/2005/10/29/413275.aspx
Regards,
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Drive restriction group policy causes error message when accessing Open and Save As Dialog Boxes on Windows 8.1

We are running Windows 8.1 Pro x86
I am really curious as to why the drive restriction group policy causes the error message to pop up:
"This operation has been cancelled due to restrictions in effect on this computer. Please contact your system administrator."
It does not prevent from actual saving so functionality is not lost but it really annoys our end users and we're getting a lot of complaints. We cannot use the workaround of hiding drives instead of restricting as this still presents security issues. This
is happens when saving (or clicking on a button like "Browse" that opens the 'Open' dialogue box) in all Office 2013 applications, Internet Explorer, Paint, Notepad, and probably most others. I've looked at many forums and no suggestions for workarounds
have succeeded for us to get rid of this error message and in fact, I read a post that stated that someone contacted Microsoft and they said this was by design and there is no workaround. I find this very unfortunate that we either have the choice of compromising
security or annoying our end users. It seems to me like the new dialogue box in Windows 8.1 (and maybe 8?) attempts to access the local drive under the logged in user's account before it actually opens up the dialogue box which conflicts with the group policy
that restricts access to the drive.
Has anyone at all had any luck getting this to go away without removing the restrictions? It seems like the answer is either buried in the Windows code or somewhere in the registry.
Thank you in advance for your time!

Thank you for your time and response! Unfortunately, we have the machine locked down pretty tight (they are public use computers that require heavy restriction) and it is set to restrict all drives so access is limited to the local profile. We did try
testing your method, however, by adding the Desktop as an allowed location in the Office policy (which would not solve the issue for the other applications but was good for a test) using the path %userprofile%\desktop. When choosing that location, it does
not throw the error but unfortunately, it does not remember like it did for your with the E: drive so it still always throws the error when first loading the dialogue box no matter what I do. If you're able to confirm that this is simply by design and we're
just expected to inform our users to click through the errors, then I guess that's the accepted answer. Although, do you think that there might be a registry key value that is set after you save to the E: drive for the first time? Maybe we could set that value
to %userprofile%\desktop if it's doing the redirection after the first save through registry. Thanks again!

Windows XP slow login when plugged into external network

Hi,
A about 9 months ago XP SP3 was rolled out with an image upgrade, since then there has been rumblings of slow logins when connected to an external network (eg a ADSL modem at home) but no evidence etc.
About the environment
Windows XP SP3
Novell Client 4.91 SP5 IR1
ZENworks 7
Roaming profiles with folder redirection for Desktop, My Documents.
We have just rolled out another upgrade to a number of base apps and this has come up again but with some evidence and some time for me to investigate.
What I have discovered is this:
When a laptop is plugged into an external network (I have used an ADSL network here at work to test this) the login for a user takes about 2 minutes with SP2 and about 3.5 minutes with SP3. This is done checking the workstation only box.
This happens consistently on workstations.
What I have done to narrow this down is as follows:
Removed ZENworks 7 agent. Login times improved dramatically
Installed older versions of ZENworks agent, all results the same, extra slow logins experienced with all versions tried.
Installed ZEN agent and removed Novell Client, still the same slow login.
Created a local user, fast logins experienced even with the ZEN agent installed.
Disabled all ZEN services and logged in with an eDir account, slow logins all the same.
Removed all policies from user and workstations, this made a slight difference but nothing much
Disabled ZEN, no difference either
Disabled NMAS, no difference either
Removed some IDM installer we had rolled at the same time, no difference.
Here are the timed results.
XP with SP2 on corporate network = 30 secs
XP with SP3 on corporate network = 35 secs
XP with SP2 WS only ticked and ADSL modem plugged in = 2min
XP with SP3 WS only ticked and ADSL modem plugged in = 3min 26 secs
XP with SP3 WS only ticked and ADSL modem NOT plugged in = 45 secs
XP with SP3 local user with ADSL modem = 45 secs
So it's down to the ZEN agent really, but the update to SP3 hasn't helped either.
I enabled debug logging and got the following from the log, usernames and servers have been removed:
NWGINA log:
01/31/2011 08:57:02:062 This machine is *NOT* configured to store profiles using NetWare!
01/31/2011 08:57:02:062 Testing for a ZEN cached profile path for this Windows user
01/31/2011 08:57:02:062 GinaRetrieveUsersCachedRoamingProfilePath entered
01/31/2011 08:57:02:062 User's cached profile is: \\SERVER\VOL1\Users\"USERNAME"\Windows NT 5.1 Workstation Profile
01/31/2011 08:57:02:062 GinaRetrieveUsersCachedRoamingProfilePath returning: 1
01/31/2011 08:57:02:062 Testing for NT configured policy file
01/31/2011 08:57:02:062 Didn't find an NT Configured Policy
01/31/2011 08:57:02:062 User logged onto the local machine NT policies are *NOT* configured!
01/31/2011 08:57:02:062
01/31/2011 08:57:02:062 Calling MS API LoadUserProfile
01/31/2011 09:00:16:187 Returned from calling MS API LoadUserProfile
01/31/2011 09:00:16:187 CheckIfSpecialGroupPolicyRunIsRequired entered.
01/31/2011 09:00:16:187 CheckIfSpecialGroupPolicyRunIsRequired returning TRUE
01/31/2011 09:00:16:187 Calling WMGRPPOL in cleanup situation
01/31/2011 09:00:16:187 WMCallUserPolicyHelperDLL Entered.
01/31/2011 09:00:16:187 szHelperName returned: WMPM.DLL
01/31/2011 09:00:16:187 szHelperName returned: WMPOLHLP.DLL
01/31/2011 09:00:16:187 szHelperName returned: WMPRTNT.DLL
01/31/2011 09:00:16:187 szHelperName returned: WMUSPOL.DLL
01/31/2011 09:00:16:187 szHelperName returned: WMGRPPOL.DLL
userenv.log:
USERENV(400.940) 08:56:39:203 GPOThread: Next refresh will happen in 95 minutes
USERENV(400.404) 08:57:02:062 LoadUserProfile: Yes, we can impersonate the user. Running as self
USERENV(400.404) 08:57:02:062 ================================================== =======
USERENV(400.404) 08:57:02:062 LoadUserProfile: Entering, hToken = <0x998>, lpProfileInfo = 0x6ea18
USERENV(400.404) 08:57:02:062 LoadUserProfile: lpProfileInfo->dwFlags = <0x1>
USERENV(400.404) 08:57:02:062 LoadUserProfile: lpProfileInfo->lpUserName = <USERNAME>
USERENV(400.404) 08:57:02:062 LoadUserProfile: lpProfileInfo->lpProfilePath = <\\SERVER\VOL1\Users\USERNAME\Windows NT 5.1 Workstation Profile>
USERENV(400.404) 08:57:02:062 LoadUserProfile: NULL default profile path
USERENV(400.404) 08:57:02:062 LoadUserProfile: NULL server name
USERENV(400.404) 08:57:02:062 LoadUserProfile: In console winlogon process
USERENV(400.404) 08:57:02:062 In LoadUserProfileP
USERENV(400.404) 08:57:02:062 ================================================== =======
USERENV(400.404) 08:57:02:062 LoadUserProfile: Entering, hToken = <0x998>, lpProfileInfo = 0x6ea18
USERENV(400.404) 08:57:02:062 LoadUserProfile: lpProfileInfo->dwFlags = <0x1>
USERENV(400.404) 08:57:02:062 LoadUserProfile: lpProfileInfo->lpUserName = <USERNAME>
USERENV(400.404) 08:57:02:062 LoadUserProfile: lpProfileInfo->lpProfilePath = <\\SERVER\VOL1\Users\USERNAME\Windows NT 5.1 Workstation Profile>
USERENV(400.404) 08:57:02:062 LoadUserProfile: NULL default profile path
USERENV(400.404) 08:57:02:062 LoadUserProfile: NULL server name
USERENV(400.404) 08:57:02:062 LoadUserProfile: User sid: S-1-5-21-77328758-3310200150-3344791982-1022
USERENV(400.404) 08:57:02:062 CSyncManager::EnterLock <S-1-5-21-77328758-3310200150-3344791982-1022>
USERENV(400.404) 08:57:02:062 CSyncManager::EnterLock: No existing entry found
USERENV(400.404) 08:57:02:062 CSyncManager::EnterLock: New entry created
USERENV(400.404) 08:57:02:062 CHashTable::HashAdd: S-1-5-21-77328758-3310200150-3344791982-1022 added in bucket 21
USERENV(400.404) 08:57:02:062 LoadUserProfile: Wait succeeded. In critical section.
USERENV(400.404) 08:57:02:078 LoadUserProfile: Expanded profile path is \\SERVER\VOL1\Users\USERNAME\Windows NT 5.1 Workstation Profile
USERENV(400.404) 08:57:02:078 ParseProfilePath: Entering, lpProfilePath = <\\SERVER\VOL1\Users\USERNAME\Windows NT 5.1 Workstation Profile>
USERENV(400.404) 08:57:02:078 CheckXForestLogon: checking x-forest logon, user handle = 2456
USERENV(400.404) 08:57:02:078 CheckXForestLogon: Stand-alone or NT4 domain, not x-forest logon.
USERENV(400.404) 08:57:14:093 AbleToBypassCSC: Try to bypass CSC
USERENV(400.404) 08:57:14:250 AbleToBypassCSC: tried NPAddConnection3ForCSCAgent. Error 53
USERENV(b78.b7c) 08:57:21:500 LibMain: Process Name: C:\WINNT\system32\wuauclt.exe
USERENV(4ec.ca0) 08:57:42:812 LibMain: Process Name: C:\WINNT\System32\Novell\XTAgent.exe
USERENV(4ec.ca0) 08:57:42:828 GetUserDNSDomainName: Computer is running standalone. No DNS domain name available.
USERENV(400.404) 09:00:16:000 ParseProfilePath: CSC bypassed failed. Ignoring Roaming profile path
USERENV(400.404) 09:00:16:015 ReportError: Impersonating user.

OK, I'm out of Ideas.
I was hoping for something much bigger :>
You may want to post in the MS Forums in regards to the Timeout in that
part.
I would not mention ZCM or Client32 as that will just cause pushback.
In short, there appears to be a long timeout for the redirected profile
that extends beyond just client timeout settings.
You may want to post the the Client32 Forum to see if they have anymore
timeout tweaks.
You may be able to use the "Bad Name Cache" to pre-popate that server so
you can gain the 10 seconds w/o needing to disable the workstation service.
Perhaps the "Give Up on Requests to SAs", but I've never messed with
that before. Wait before giving up on DA may help too.
Just guessing now.
On 2/1/2011 4:06 PM, nathan cook wrote:
>
> craig_wilson;2070716 Wrote:
>> As a Test, Could you disable the "Workstation" Service on the Device?
>> There is a Change the MS Client is trying to pull the Profile from
>> there
>> as well.
>>
>> If this "Test" works, we can try and think of a real solution.
>
> Thanks Craig, just tried that and it took 10 secs off the time.
>
>
Craig Wilson - MCNE, MCSE, CCNA
Novell Knowledge Partner
Novell does not officially monitor these forums.
Suggestions/Opinions/Statements made by me are solely my own.
These thoughts may not be shared by either Novell or any rational human.

Slow logins to domain, several event ID errors (group policy, netlogon, NTP errors)

Similar Messages

Maybe you are looking for