Domain Controller cannot obtain domain controller name!

[Dave Harris]

Getting the following message on my Win2K SP4 DC :

Userenv 1000 : Windows cannot obtain the domain controller name for
your computer network. Return value (2146).

I am getting this error message on my one and only Domain controller
servicing approx. 45 users.

This only happens occasionally and not all the time. No regular
pattern to when it happens but always during working hours. How do I
tell if my server is overloaded with LDAP ping requests?

Please, please help me.

 

[Doug Gabbard]

I doubt your server is overloaded unless you are running it on a box
at the low end of the system requirements.

I would look first at DNS as a possible issue.
Run
Dcdiag /v >dcdiag.txt
This pipes results to the text file dcdiag.txt. Review the text file
for errors.

Finally, I would add a second DC soon (once this issue is cleared up).

regards
doug
mcse 4.0/2000/2003

 

[Dave Harris]

I doubt your server is overloaded unless you are running it on a box
at the low end of the system requirements.

I would look first at DNS as a possible issue.
Run
Dcdiag /v >dcdiag.txt
This pipes results to the text file dcdiag.txt. Review the text file
for errors.

Finally, I would add a second DC soon (once this issue is cleared up).

regards
doug
mcse 4.0/2000/2003

----------------------------------------------------------------------
Thanks for you reply. There are no errors other than this one which I
doubt is causing the problem?

Starting test: systemlog
* The System Event log test
An Error Event occured. EventID: 0x0000165B
Time Generated: 10/18/2004 08:02:34
Event String: The session setup from the computer

TRINIDADTOBAGO failed because there is no trust
account in the security database for this
computer. The name of the account referenced in
the security database is TRINIDADTOBAGO$.
......................... BHDC failed test systemlog

The Server is a PIII 800MHZ with 1 GB RAM. I am pretty convinced it
is not overloaded but I had to ask!

Any other ideas? I also get "Failed to query SPN registration on DC
xxx.xxx.xxx.xxx" when I run the "Do Negotiate authenticated LDAP call"
to the Domain Controller on netdiag.

Do you know why this error is occurring? I have seen that Microsoft
say that this error is nothing to worry about but it is the only error
message I am getting!

Any more help would be very much appreciated!

Thanks.

 

[Carl Parsons]

I would look first at DNS as a possible issue.
Run
Dcdiag /v >dcdiag.txt
This pipes results to the text file dcdiag.txt.  Review the text file
for errors.

Finally, I would add a second DC soon (once this issue is cleared up).

I am having the same problem but I only have a caching dns server rebooting
it would clear the cache am I correct. Only one of the users can not log on
and see the shared directory.

 

[ptwilliams]

Yes, that's more than likely what's causing your problem - the netlogon
secure channel is out-of-sync. Which means that this machine cannot
communicate with the domain.

There are several ways to resolve this - disjoining from the domain and
rejoining (drastic), or by resetting the password (easier):

C:\>nltest /sc_reset:domainName.com


The nltest.exe tool is part of the Windows Support Tools, which will require
installing. These can be found under the \support folder on the Windows
installation CDROM.

--

Paul Williams

http://www.msresource.net
http://forums.msresource.net
______________________________________

I doubt your server is overloaded unless you are running it on a box
at the low end of the system requirements.

I would look first at DNS as a possible issue.
Run
Dcdiag /v >dcdiag.txt
This pipes results to the text file dcdiag.txt. Review the text file
for errors.

Finally, I would add a second DC soon (once this issue is cleared up).

regards
doug
mcse 4.0/2000/2003

----------------------------------------------------------------------
Thanks for you reply. There are no errors other than this one which I
doubt is causing the problem?

Starting test: systemlog
* The System Event log test
An Error Event occured. EventID: 0x0000165B
Time Generated: 10/18/2004 08:02:34
Event String: The session setup from the computer

TRINIDADTOBAGO failed because there is no trust
account in the security database for this
computer. The name of the account referenced in
the security database is TRINIDADTOBAGO$.
......................... BHDC failed test systemlog

The Server is a PIII 800MHZ with 1 GB RAM. I am pretty convinced it
is not overloaded but I had to ask!

Any other ideas? I also get "Failed to query SPN registration on DC
xxx.xxx.xxx.xxx" when I run the "Do Negotiate authenticated LDAP call"
to the Domain Controller on netdiag.

Do you know why this error is occurring? I have seen that Microsoft
say that this error is nothing to worry about but it is the only error
message I am getting!

Any more help would be very much appreciated!

Thanks.

 

[ptwilliams]

Verify the integrity of the secure channel between workstation and DC with
one of the following commands:

C:\>nltest /sc_query:domainName.com
C:\>nltest /sc_verify:domainName.com


If the results don't look good, try resetting the secret password like so:

C:\>nltest /sc_change_pwd:domainName.com


If that fails, reset the secure channel like so:

C:\>nltest /[email protected]


Where domainName.com is the DNS namespace of your domain.

nltest.exe will need to be installed from the support tools - \support on
the Windows installation CDROM


--

Paul Williams

http://www.msresource.net
http://forums.msresource.net
______________________________________

I would look first at DNS as a possible issue.
Run
Dcdiag /v >dcdiag.txt
This pipes results to the text file dcdiag.txt. Review the text file
for errors.

Finally, I would add a second DC soon (once this issue is cleared up).

I am having the same problem but I only have a caching dns server rebooting
it would clear the cache am I correct. Only one of the users can not log on
and see the shared directory.

 

[Dave Harris]

Verify the integrity of the secure channel between workstation and DC with
one of the following commands:

C:\>nltest /sc_query:domainName.com
C:\>nltest /sc_verify:domainName.com


If the results don't look good, try resetting the secret password like so:

C:\>nltest /sc_change_pwd:domainName.com


If that fails, reset the secure channel like so:

C:\>nltest /[email protected]


Where domainName.com is the DNS namespace of your domain.

nltest.exe will need to be installed from the support tools - \support on
the Windows installation CDROM


--

Paul Williams

http://www.msresource.net
http://forums.msresource.net
______________________________________



I am having the same problem but I only have a caching dns server rebooting
it would clear the cache am I correct. Only one of the users can not log on
and see the shared directory.

-------------------------------------------------------------------------------
Thanks for all your help thus far :

See results below :

nltest /sc_query:big-hand.co.uk
I_NetLogonControl failed: Status 1355 0x54b ERROR_NO_SUCH_DOMAIN

I have a feeling there is a bit of a problem here!

Any ideas now?

Thanks,

Dave

 

[Chris Malone]

Is your DC sharing SYSVOL/Netlogon? ('net share' from command line)

Chris Malone

 

[Dave Harris]

Is your DC sharing SYSVOL/Netlogon? ('net share' from command line)

Chris Malone

-----------------------------------------------------------------

Yes - definitely. Presumably by this you mean that both the
NETLOGON Share and the SYSVOL share are definitely shared. The
problem only occurs occasionally too. i.e. sometimes users get their
login scripts from the GPO and sometimes they don't.

What is the secure netlogon channel anyway and why would it not know
my domain!

Thanks for all your help people.

Dave